TechSpot

namster10 · #1 01-07-2009

recently, when i click on a link after i search in google, it redirects me to random pages ive never heard of. I have to copy and paste the url for it to work. any solutions? i have attached my HJT log file

I use AVG antivirus free edition. My laptop had a virus recently and i got a proffesional to clean it. It worked for a few days, but then recently, i ve been geting fake alert stuff coming up asking for free virus scans and stuff. I also looked into a folder and saw a file called online casino. I never downloaded or went on a site like that. i have and HJT file attached. Please help me anyone.

rf6647 · #2 01-09-2009

Following the Guide: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions creates a common beginning for an initial assessment.
complaining of fake alerts -
- Without supporting logs, anything caught by HJT is used to suggest changes.
- However, the MBAM and/or SAS logs will improve handling of this thrreat.

Scan with HJT. Tick & Fix. Restart the computer

Code:

O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Naveed\LOCALS~1\Temp\a.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Naveed\LOCALS~1\Temp\~tmpa.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{11D858EB-A02E-4CE6-B9F4-6FA714D996F3}: NameServer = 85.255.113.146,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{B11297A5-628C-416C-8B2C-840BA0140092}: NameServer = 85.255.113.146,85.255.112.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.146,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.146,85.255.112.66

Delete folders / files - if present - from the list inside code box

Code:

C:\Program Files\tintinyproxyy\tinyproxy.exe
C:\DOCUME~1\Naveed\LOCALS~1\Temp\a.exe
C:\DOCUME~1\Naveed\LOCALS~1\Temp\~tmpa.exe
C:\WINDOWS\system32\1C21MQ6Q.exe

Post new logs if problems are still present.

This section applied to first HJT log -
HJT did not raise any flags. - O23 - tinyproxy was missed. - As a first step, power off all computers connected to your local network. Remove and restore power to router and/or the broadband modem. Re-establish computers' connection to the internet. And yes, this is based on folklore.

If that fails try to work around the malware, as follows.

Your are describing an exploit to frustrate reaching anti-malware sites. Here are methods that have been used recently. The alternative was offered by a new member.

Since you are discribing a case of difficulty. attempt this method (follow link for 'How To')
- Use this method to stop any 'non-plug and play' driver that is named in this guide.
- Please report its name for changes to the method
For infections that have more severe symptoms, Unable to run or update via TechSpot 8 Steps or manually run MBAM or SAS
Message #3 - link to 'fixit download' has demonstrated its effectiveness in many cases. Go to message # 3 'fixit download'. Part of the method renames the executable to get the application to run. Here is another member that used renaming.
Alternative - Web site has a link to download-dot-com - phonetic spelling used
- There appears to be a connection with 'sagipsul' popups.
- Read this post. from member.
- phonetic spelling for web site
  - w.dot-simplysup.dot-com/tremover/download.html

Similar Topics
Topic	Replies	Forum
Google being redirected, webpages being redirected	2	Virus and Malware Removal
Keep getting redirected	4	Virus and Malware Removal
Help! I keep getting redirected	10	Virus and Malware Removal
Redirected, please help	3	Windows OS
keep getting redirected	7	Virus and Malware Removal

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

TechSpot

I keep getting redirected