Firefox random redirects and 404s

Status
Not open for further replies.

seanfury

Posts: 10   +0
I've been randomly getting redirects to "quanthost", 404 ERRORs, and "web page could not be loaded" messages ALL day. This is the first time it's happened, and I haven't done anything weird/gone to any strange sites lately, so I have NO idea what it could be. I ran SDFix, Spybot, Anti-Malware, AVG, and CCCleaner, but they found nothing!

Here's a Hijackthis log, so maybe that will expose the problem...

edit: I want to also add that I ran Spyware Doctor and that found nothing, and I've been experiencing random internet outages. IE: internet works, says it's connected, but laptop doesn't recognize it. D:
 

Attachments

  • hijackthis.log
    6 KB · Views: 5
The 404 or Not Found error message is a HTTP standard response code indicating that the client was able to communicate with the server but either the server could not find what was requested, or it was configured not to fulfill the request and did not reveal the reason why.

Update Java:
Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 12 ): http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.

Remove the older versions of Java:
1. Click Start, Control Panel, Add/Remove Programs.
2. Delete all Java updates except J2SE Runtime Environment 6.0 Update 12
REGISTRY WHOIS FOR QUANTHOST.COM
Name.com Rapid Blog Mask
Domain Name: quanthost.com
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com

Suggest you run the Virus and Malware Removal HERE
When through, attach both Malwarebytes and Supersntispyware, run new HijackThis and include new log.
BEFORE you run the scans:
Reopen HijackThis> check System Scan Only> put checked on each of these processes if found:
C:\SDFix\catchme.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: aqisif.dll,avgrsstx.dll
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Closea ll program except HijckThis> click on Fix Checked and boot into Safe Mode.

Start> Run> msconfig> enter> Selective Startup> Startup menu< UNCHECK the following processes:
SDFix entries
Mbam entries
Viewpoint sntries
PC Tools/Spyware Doctor
When through> Apply> OK

Stasrt> Run> services msc> right click on each of the following Services> then Properties> Change the
Startup type as shown:
MBAMService: Manual
SDFix\catchme.exe: Manual
PC Tools Spyware Doctor> pctsAuxs.exe and> Disabled
PC Tools Spyware Doctor> pctsSvc.exe-> Disabled
Viewpoint Manasger> Disabled

Reboot into Normal Mode: NOTE: you will get a nag message that you can ignore and close after checking 'don't how this message again.' Stay in Selective Startup.

When done, UPDATE and run Malwarebyttes again, followed by updating an scanning with Superntispyware. End wit new HijackThis log.

SDFix doesn't work on Vista, so you can uninstall it in Add/Remove Programs in the Control Panel.

When you change the Services above and take off of Startup it will prevent them from automatically starting on boot.
 
Okay, but you only did part of it:

The Virus and Malware Removal link tells you to run Malwarebytes, Superantispyware, then follow with HijackThis. You have only given the HijackThis log. You need to attach the logs from all three of the programs.

Please revisit: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

You were also asked to stop these from Starting up:
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Do the scans then take off of Startup. I don't want them running in the background. Be sure you UPDATE both programs before scanning.

You also have two new entries:
NetName: OPENDNS-NET-1

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E6EE740-F6D2-455E-BC34-5EF434EB4ECC}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E6EE740-F6D2-455E-BC34-5EF434EB4ECC}: NameServer = 208.67.222.222,208.67.220.220

Where did this come from?
 
NameServer = 208.67.222.222,208.67.220.220​
Those are the DNS addresses of the OpenDNS project and very safe.
In fact, I've replaced the use of my ISP DNS addresses in my router to use these
which then get inherited by all LAN systems :)
 
You also have two new entries:
NetName: OPENDNS-NET-1
jobeard, I did not mean to infer they were not safe- but they were not on the original HijackThis log, so I asked where they came from!

Thanks seanfury-
I've been experiencing random internet outages.
This would explain the 404 message. But you're going to have to be a bit more specific on these outages.

You mentioned that these problem basically came out of nowhere on one day. Are they still occurring today? Are you being redirected to the Godaddy site?

Regarding the Quancom/Go Daddy site, it also contains a Rapid Blog. Posting may be anonymous, that is, using a 'mask'. Do you participate in this at all?
http://www.who.is/whois/rapidwire.net/

Please tell me if you are still experiencing the problems you had yesterday? Describe them. There is very little malware and SAS removed it.

There is one entry in the HijackThis log which should be checked for removal:
• Run HijackThis
• Click on the System Scan Only button
• Put a check beside the entry listed below:
O1 - Hosts: ::1 localhost
Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

If the problem persisted today, I'll have you run ComboFix.
 
Hm. I don't know how to explain the outages better. I browse the internet, and a page stops loading. I refresh, but nothing happens. I try other sites, all of them refuse to load. Oddly enough, today? Firefox/Internet Explorer stopped working, but AIM 6.0 was still up and allowing me to send messages! How bizarre?

No, I do not participate in that site and aside from the errors, it was the first time I've ever been there (though to be fair, there's always a chance I used StumbleUpon and ended up on a site related to them). Those redirects seem to have stopped today, after I followed all the instructions you've given me.

And I removed the HijackThis entry you said to as well.
 
Hm. I don't know how to explain the outages better. I browse the internet, and a page stops loading. I refresh, but nothing happens. I try other sites, all of them refuse to load. Oddly enough, today? Firefox/Internet Explorer stopped working, but AIM 6.0 was still up and allowing me to send messages!
Question: do you have just AIM or do you have AOL piggy backed on a broadband ISP? Could there have been a problem with the ISP when you were having dropped connections? Are you able to connect and stay connected with Firefox and IE today? Since it involved both browsers and we have handled the malware, it sounds more like a problem with the ISP.

Please run one more HijackThis scan for me and attach the log. And go through a day to see if you remain connected. IF you lose intermittently, please call your ISP and ask if they have been having problems and give them the time line. Once these things have been determined and IF the system is running without the original problems, we'll remove the cleaning tools and old restore points.

If there is any doubt at all, I'll have you run ComboFix.
 
Okay. No, I just use AIM, no AOL. And I'm pretty sure it's not Comcast, because when the internet acts up, it makes the TV act up too and I've had no problems with it.

EDIT: I just got this error when I tried to go to Google.

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.google.com/ig

The following error was encountered:

* Invalid Hostname

Some aspect of the requested URL is incorrect. Possible problems:

* Name is unknown

Footprint 4.3/FPMCP
Generated Fri, 13 Mar 2009 14:03:31 GMT by 199.93.41.124 (Footprint 4.3/FPMCP)

And it's remained like that.
 
And I'm pretty sure it's not Comcast, because when the internet acts up, it makes the TV act up too and I've had no problems with it.
Can you explain 'act up', please? And is the TV provided by Comcast also?

Regarding the Google URL: http://www.google.com/ig
Create your own homepage in under 30 seconds

I clicked on the link you left and got the page on Firefox v3.0.7 without problem.

Did you try to access the site from a shortcut or Bookmark? If so, it may have been corrupt. Try clicking on the link here and see what happens. Also, type the link into the address bar. If the page comes up, then you will know either the shortcut or bookmark is corrupt. Just delete it and create a new shortcut.

Will be back in a bit to check the log. NOTE: I will Edit this post after checking the log. That won't sent a new feed back so check the thread a little later.
 
When I say "act up", I mean stop working. Like, if the internet is out, the TV usually has glitches (like On-Demand won't work) and yes, Comcast provides the cable television as well.

And Google came back up after I reset my router/restarted my computer, so I don't know what that was. And no, iGoogle is my homepage, I was using the home button to go to it.
 
You need to contact Comcast about why there is interference on the TV when you use the internet. I'm guessing their installer used a splitter on the cable so the signal is weakened.

I don't understand this:
And no, iGoogle is my homepage, I was using the home button to go to it.

When you click on the Home icon, it's suppose to take you to your homepage, so I guess you'll have to clarify this for me.
 
When you click on the Home icon, it's suppose to take you to your homepage, so I guess you'll have to clarify this for me.

Yeah, my homepage is iGoogle. And when I posted that up there, Google was 404ing when I tried to go to it, and the quote I posted was the error it gave me.

Everything was working correctly yesterday, save for a few "page loading" errors, but now today I just (literally three minutes ago) tried to go to YouTube (through a bookmark) and it redirected me to "Quantcast" and to make sure it wasn't the bookmark, I went to Google and searched for "Youtube" and tried to go to the site through there, but it ALSO redirected me to "Quantcast".
 
I already had ABP, so I did what you said (a little after you posted that yesterday) and have yet to get redirected by those sites. However, I have still gotten the webpage not loading error now and then, and my internet did randomly stop working like I mentioned earlier last night as well.

Spoke too soon, I'm getting redirected to Quantcast again =/
 
Did you get the Add-on Easy List or ABP? You should.

It is not unusual to get the 404 is the server is too busy or if a site is having a problem- even down for maintenance. That does not mean the problem is with your computer.

Let's restrict quantcast further:

Control Panel> Internet Options> Security tab> Restricted Zone> Sites> type in:
quantcast.com> Add
StatCounter.com> Add
Apply> OK
Reboot> Empty your temporary internet files and Cookies.

See if that works.
 
Please download ComboFix HERE
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.


• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Sorry for the delay.

EDIT: Here's a new one, when I clicked my Twitter bookmark, I got Google's University Search :|
 
Sean, it's not acceptable to have the long intervals between running the programs and posting your logs. Due to the fact that your original logs were ported over a week ago, it is best for you to begin-again- with the cleaning programs as set up HERE.

This is what you did over a week ago. I still see Bit Torrent.
 
Try in Firefox: Go to:
Tools> Options >Privacy > Cookies > Remove All cookies
Tools> Options > Network >[Offline Storage] > Clear Now
Ctrl+Shift+Del: select all and clear.
(simple bugs w/cookies can sometimes be mistaken as viruses)

Good luck.
 
Status
Not open for further replies.
Back