Problems with click.vnn.bz

[Jagos]

I've visited "click.vnn.bz" in order to download a game, and later whenever I tried to go somewhere with my browser it went to this particular place:

http://click.vnn.bz/?hide=1&url=

with the name of the searched site afterwards.

I've downloaded HJT and fixed these:

O13 - DefaultPrefix: http://click.vnn.bz/?hide=1&url=

O13 - WWW Prefix: http://click.vnn.bz/?hide=1&url=

It seemed OK because most of the things worked fine, but if I wanted to check my mail and typed "mail.yahoo.com" in my search toolbar, it went back to

http://click.vnn.bz/?hide=1&url=mail.yahoo.com

Then I ran HJT again, and again, and sometimes it finds problems above, sometimes not.

I have Active Virus Shield antivirus software, based on Kaspersky, and it found nothing.

Please help

Jagos

 

[Jesse_hz]

Read this before deciding whether to clean or reformat your system and decide what you want to do.

Depending on what you use your computer for, you may want to reformat instead of cleaning it.

If, after reading the above thread, you decide to clean your system, read this thread here: Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT and AVG Antispyware logs as attachments into this thread.

Kind Regards Jesse

This thread is for the use of Jagos only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.

 

[Jagos]

Still the same though I did everything you said, cleaned all.

This is not happening for all web sites, just for some as if the computer remembered that for some he should redirect to click.vnn.bz.

I really don't know what to do. Please help!

Here are reports, all of them.

Best regards

Jagos

 

[howard_hopkinso]

Hello and welcome to Techspot.

Delete all files in AVG Antispyware quarantine.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Click on the fix checked button.

Close HJT and reboot your system.

Locate and delete the following bold files and/or directories(if there).

ALCMTR.EXESearch your system for this file and delete all instances found.

Other than the above, your HJT log is clean.

Run the Ccleaner programme as per the instructions in this thread HERE.

Turn off system restore.(XP/ME only) See how HERE.

Turn system restore back on again. This will delete all your old restore points and anything nasty that`s in them. It will also create a brand new, clean restore point.

Let me know if you`re still having problems.

Regards Howard :wave: :wave:

This thread is for the use of Jagos only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jagos]

Unfortunately, everything is the same.

 

[howard_hopkinso]

You need to get rid of the O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE entry and delete the ALCMTR.EXE file.

I`d like to check for rootkits.

Download and run the Blacklight programme. follow all the instructions carefully.

I`d also like you to download and install Spyware Blaster and CWShredder.

Once you`ve installed Spyware Blaster, make sure it`s fully updated and enable all protection.

Run CWShredder and let is fix whatever it finds(if anything).

Let me know the results please.

Regards Howard

This thread is for the use of Jagos only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jagos]

My mistake, I posted a wrong log, before fixing ALCMTR.EXE.

I found ALCMTR.EXE and deleted it.

I have installed what you said and it found nothing. Everything is clean.

However, IE7 still does strange stuff. When I enter some "www" address everything is OK. Otherwise, when an address does not have "www" in it, like mail.yahoo.com, the annoying click.vnn.bz appears.

Please tell me how to get rid of it.

Thanx alot

Best regards

Jagos

 

[howard_hopkinso]

That`s very weird.

Try this.

Run IE and click Tools/internet options, click the delete cookies button/ok, then click the delete files button, make sure the delete all off line content box is checked and click ok. Click the delete history button/ok/ok.

Then do the following.

[*]Make your Internet Explorer more secure - This can be done by following these simple instructions:

1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
   • Change the Download signed ActiveX controls to Prompt
   • Change the Download unsigned ActiveX controls to Disable
   • Change the Initialise and script ActiveX controls not marked as safe to Disable
   • Change the Installation of desktop items to Prompt
   • Change the Launching programs and files in an IFRAME to Prompt
   • Change the Navigate sub-frames across different domains to Prompt
   • When all these settings have been made, click on the OK button.
   • If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.

See if that helps.

If not, download and install Firefox. During the installation, you will be asked if you want to import setting from IE, don`t import anything. Let me know if you have the same problem in Firefox.

Regards Howard

This thread is for the use of Jagos only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jagos]

I have deleted everything: temp internet files, cookies, history, form data and passwords. As for the security in the internet options, the only difference was in Navigate sub-frames across different domains from disable to prompt. But the problem remains.

I have installed Firefox and everything is fine. Still, I would hate to have to give up on IE, so if anything else comes to your mind, please help.

Thank you very, very much

Jagos

 

[howard_hopkinso]

I`m at a bit of a loss to explain what the cause of your problem is.

Try uninstalling IE7 and see if you still have the same problem with IE6.

Regards Howard

This thread is for the use of Jagos only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jesse_hz]

OK. Try this and tell us if it works:

1. Download the attached file (.txt file)
2. Save it on your desktop
3. rename it so the file-extension becomes '.reg'
4. Double-click the file
5. Agree when it asks you whether you want to add the registry keys.

The contents of that file should look like the following if you open it in notepad:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

This thread is for the use of Jagos only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.

 

[Jagos]

Thank you so much guys!

I haven't done exactly what you said, but went into registry myself (regedit), and found that in the:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefi xes]

folder, above those you have written, stands:

"default"="http://click.vnn.bz/?hide=1&url="

so I have simply deleted it. And all the problems were gone.

Thank you so, so much.

Best regards

Jagos

 

[Jesse_hz]

You shouldn't delete it. Just change it to "http://"