Browser Hijack, among other things

Status
Not open for further replies.
Both IE and Firefox are redirecting me to dummy search engine and shopping sites whenever I click a link directly off of google. I have to manually input any url in order to view the page. And that's if the browser LETS me view it. A majority of the sites I am trying to view to solve this problem seem to be "unable to connect". Downloads cut out after a few minutes and uploading is impossible.

Is an ip that is asking to "verify content" occasionally in the browser"
206.161.121.82



Following the instructions in this thread: topic58138

Step 1: Unable to view the webpage. Manually disabled as many things as I could/ knew what they were either by going into to program or disabling though MSCONFIG.

Step 2: I am unable to get past the "welcome" menu in XP if I have McAfee running at all anymore. Any other website you suggest I go to to get free software is "blocked". I get this:


Unable to connect


Firefox can't establish a connection to the server at ww.[insert name of website here] .com.



* The site could be temporarily unavailable or too busy. Try again in a few
moments.

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.


I am able to visit sites such as worldofwarcraft or anything not security related


Step 3: Same thing as above "Firefox can't establish a connection to the server at X

Step 4: Same problem. I was able to dig up ver 2.0.2. Currently installed

Step 5: Done

Step 6: Unable to connect to the site. However I was able to connect to another site
but the download instantly "completes" and clicking on the downloaded file gives me a invald Win32 App error

Downloads seem to get cut off at 1.95 MB

Step 7-12: Same issues. Can't get the download


So at this point I am going to go find a clean computer that I can get all these downloads from and throw them on a thumb drive.

I will post the results in this thread with new info.
 
This IP 206.161.121.82 is registered to OrgName: Beyond The Network America, Inc. They seem to be involved in advertisements, if you disable your ads list, they no longer show up!

I found a reference to PeerGuardian2 showing this on the PhoenixLabs site, home of PG. They seem to have a tracker going on that URL/IP, at http://www.pcttracker.com:2710/announce- however attempts to access the pctracker site result in 'connection timed out.'

Where are you in this? Does this sound familiar? At any rate, I encourage you to use the referenced URL for malware cleaning, run the programs, attach the logs.
 
Here is a bump.

Perhaps Cryus will post back a success story. A HJT log with the infection would be a handy reference.
 
A week later> Either he's dead in the water or found a fix elsewhere! I think users forget to close out questions when they do multi-forum posts!
 
hi i'm new here, and was totally frustrated by this earlier today... I came across this post actually as I searched for a solution as I had tried, nod32, spybot S&D, adaware, sdfix, cwshredder, and MS live onecare. If for nothing else helpfully this will provide some closure to this thread for some other frustrated "googlers" that happen upon it.

I had the same IP show up occasionally as the OP, and that's what led me to this thread.

the solution to the problem was resolved by malwarebytes anti-malware v1.28, I think that is suggested to the OP in a link to a set of steps he should follow. But I just wanted to clarify that of all the things I tried it was the only one that found the problem (seems to have to do with some tssd*.dll files in system32).

cheers and thanks for the thread.
 
Welcome m00t. I cannot ind *.tssd.dll file description, but using tssd.dll brings up two foreign sites- always suspect for malware. As you notes, the person asking the question has not come back, so we don't know if anything was resolved.

I am glad to head that the excellent Malwarebytes program handled your problem. Hopefully you had it remove the offended files. Thank you for letting us know that some of the suggested information was of help to you.
 
Status
Not open for further replies.
Back