Redirect Virus for Opera and Firefox

thehay · 05 Mar 2011

I'm getting redirected for hits from google/bing/yahoo about half the time to spam sites when i use opera and firefox. Opera is my main browser and i first noticed it happening when i had a win 7 antispyware 2011 virus which i think i have removed using malwarebytes.

I have Mcafee Security Center but i find it pretty useless.
my HitMan Pro 3.5 tells me i have a "possible variant of the TDL3 (alias Alureon) rootkit detected" and also a "Master Boot Record (sector 0) Rootkit" but i cant remove it because my hitman pro has passed its trial period and refuses to.

i'll post my latest malwarebytes log, for the sake of it.
i also have an opened thread in crashes and debugging forum because before i had this issue i had a lot of bsod crashes. https://www.sevenforums.com/crashes-d...d-crashes.html

ive been following the Redirect Virus thread and the first few instructions on that. so ive flushed my DNS Cache, and ran a GooredFix scan.

help would be great! i really need to use my computer for uni work soon.

ionbasa · 05 Mar 2011

The first thing to do is to install Microsoft Security Essentials:
http://www.microsoft.com/security_essentials/
Run a full system scan and if it still does not pick anything up try Spybot Search and Destroy:
The home of Spybot-S&D!
I would suggest downloading both, also S&D can imunize you browsers from these redirects be modifiying the hosts file in Windows 7.

If you need any help just let me know.

mbam-log-2011-03-05 (21-12-15).txt

Code:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5962
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
5/03/2011 9:12:15 PM
mbam-log-2011-03-05 (21-12-15).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 414213
Time elapsed: 1 hour(s), 56 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\temp\0.5094980352235309.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\temp\0.259625413950334.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

GooredFix.txt

Code:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:58 on 06/03/2011 (Chungy)
Firefox version 3.5.11 (en-US)
========== GooredScan ==========

========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [12:34 26/08/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:02 26/08/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [11:15 26/08/2009]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [02:32 06/03/2011]
C:\Users\Chungy\Application Data\Mozilla\Firefox\Profiles\o5amkx0o.default\extensions\
firefox@tvunetworks.com [08:04 19/06/2010]
{ea0969b3-6e12-4ac0-b6c9-148e81247954} [08:28 12/05/2010]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext" [12:27 26/08/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [08:00 15/09/2010]
---------- Old Logs ----------
GooredFix[02.04.16_06-03-2011].txt
GooredFix[02.04.37_06-03-2011].txt
-=E.O.F=-

thehay · 05 Mar 2011

i ran MSE last night. it picked up a few files but the redirecting still occurs. i can't seem to find the log file for it else i would have posted it.
i'll try the S&D now

ionbasa · 05 Mar 2011

okay, let me know if you need help with S&D, it can be a little confusing at first.

ionbasa · 05 Mar 2011

First you will have to update:

Redirect Virus for Opera and Firefox-1.1.jpg

Redirect Virus for Opera and Firefox-2.png

Download the latest updates:

Redirect Virus for Opera and Firefox-3.png

Once done you can exit:

Redirect Virus for Opera and Firefox-4.png

Then click on Immunize:

Redirect Virus for Opera and Firefox-1.2.png

Close all browsers and again click on Immunize:

Redirect Virus for Opera and Firefox-5.png

Afterwards click on "search and Destroy":

Redirect Virus for Opera and Firefox-1.3.png

And click "Check for Problems"

Redirect Virus for Opera and Firefox-6.png

Afterward you will have a list of things that have been found, could you please post a snippet once done scanning.

thehay · 05 Mar 2011

thanks for the instructions. working on that now.

thehay · 06 Mar 2011

Is the immunize part meant to take very long? It's been stuck at about 97% for a while now. Though it says there are 0 unprotected files left. Should I just leave it and start the scan?

ionbasa · 06 Mar 2011

thehay said:

Is the immunize part meant to take very long? It's been stuck at about 97% for a while now. Though it says there are 0 unprotected files left. Should I just leave it and start the scan?

First of all did you have all your browsers closed when Immunizing?
If no then you need to close all your browsers, and re-immunize, if it hangs at 97% again go ahead and start the scan.

thehay · 06 Mar 2011

so i ran the scan and didnt realize i wasnt meant to click on "fix problems" which i did.
i did a screen shot of it beforehand though.
and damn. the redirecting is still occurring. thought it seems to be occurring less.

ionbasa · 06 Mar 2011

were you able to fully immunize? or did it still hang at 97%
Try starting Windows 7 in safe mode, then apply immunization again, and rescan and fix.