8 steps

Status
Not open for further replies.
These are the logs generated by going throughthe 8 steps. IE gets redirected.
Thanks
John
 

Attachments

  • SUPERAntiSpyware Scan Log - 08-30-2009 - 15-42-21.log
    25.3 KB · Views: 5
Run the scans once more. If IE still gets redirected turn off System Restore and rerun the scans once again
 
You should also check your HOSTS file in:
c:\windows\system32\drivers\etc

For most people, it should only have 1 entry:
127.0.0.1 localhost

Also, check your DNS settings in the tcp/ip properties of your network adapter.
IP and DNS are usually set to dhcp or Obtain Automatically.

Also, you might want to download VUNDO cleaners. I'm not sure if Malwarebytes removes Vundo. A cleaner can be downloaded for free from symantec.
symantec.com/security_response/writeup.jsp?docid=2005-042913-5937-99
(click on 'Download Removal Tool' near the top. Save it. close your browser. Run it.

Hope that helps.
Zyldar
 
Redirection has nothing to do with System Restore-UNLESS- a system has been cleaned, but old restore points remain. THEN, if the user chooses a restore point which contains the malware, to could re-infect the system.

jtm, Have you intentionally made these settings in Firefox about:config?

N4 - Mozilla: # Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("aim.internal.buddy.MaxBuddies", 220);
user_pref("aim.internal.intproxyprotocol", 1);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.latestaimscreenname", "mhsma");
user_pref("aim.session.migrateBuddyList", "nobody");
user_pref("aim.session.screenname", "mhsma");
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.history_expire_days", 0);
user_pref("browser.search.defaultengine", "");
user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html");
user_pref("browser.startup.home
N4 - Mozilla: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

Were you using Netscape? Do you know it is not longer supported? I use Firefox and have never seen my customized preferences listed like this.

You need to get control of the Cookies. It's looks like you might not be doing maintenance such as disc cleanups:

Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others.

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
 
Thanks for the replies

Tmagic650
I've spoken so I guess all doubt is removed:)
After going through the eight steps the first time the redirecting problem is no longer occurring. I included this problem in the initial posting at the last minute as I realized the directions said to report the problem I was experiencing.

Zyldar
I checked the HOSTS file and the DNS settings and they are as they should be. I will not be trying to download or run any other cleaner for now as the redirecting issue seems to be resolved.

Bobbye
I've reset the cookie settings in IE as you suggested.
I thought that a disc clean up utility was running automatically periodically but I'll check that.
I used a Netscape browser that has been on this computer for years but hasn't been used because if the IE problems.
I don't have Firefox on this computer. There is a Mozilla folder on the hard drive. The preferences you are asking about include my wife's AOL screen name. She hasn't used this computer for several years. Could these be preferences that relate to AOL AIM from several years ago?

Anyway the initial problems seems to have been addresseed by the steps that were taken and thanks agoin for the replies.

John
 
John, regarding this:
I used a Netscape browser that has been on this computer for years but hasn't been used because if the IE problems.
I don't have Firefox on this computer. There is a Mozilla folder on the hard drive. The preferences you are asking about include my wife's AOL screen name. She hasn't used this computer for several years. Could these be preferences that relate to AOL AIM from several years ago?

Al; of this needs to be uninstalled and files deleted. Keeping programs that are not used can present security vulnerabilities.

The preferences shouldn't have shown up in a HJT log.

Yes, they are both AIM and homepage related, but they were set incorrectly originally. Advise uninstall all AOL products that are no longer being used:

There are also two antivirus programs loading. You need help following up on the malware and removal. The security center has been disabled.

There is no on who is trained in malware help on TechSpot at this time. I will refer you to Tech-101 to get the assistance you need.

Follow the steps on the thread (link). explain what system problem you are experiencing. While the initial problem of being redirected may seem resolved, the system still shows signs of malware infection.

Your choices not to do anything that was suggested so far were wise.
 
Status
Not open for further replies.
Back