New
#1
browser hijack showing all my host domains as expired
Hi,
Well day before yesterday it was reported by a user of one of the domains on my server that the domain showed expired, but it was not a big deal, they kept trying and finally got it to work... then yesterday it was worse, 2 sites reported it.. now all my sites if i do direct url input or use the icon i get the ww2 page, but if i look anon, i get the right page..
otherwise what im getting is this image attached.
so I finally figure out that checking into dns and also checking the site using a proxy anon the site is fine. so then I suspected it was some kind of global malware.
I ran malware bytes and it found some files, I deleted them and all seemed well again, tried all browsers and all sites came up. But then in 5min the browser was hijacked again. So i removed FF and Chrome and IE 11, then ran malware bytes again and found nothing, just finished a scan and nothing found.
so now im stuck. im not sure what to do now..
whatever this is, it only seems to affect my domains because all other sites seem to work, i think it someone trying to sell domain names and hijacking browsers and reseller hosts. but how do i get this off here.
i have lots of sites but one you can look at is www.icodemods.com
any ideas. here is my scan from malware bytes when it fixed it before. (the first time)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/29/2014
Scan Time: 4:36:18 PM
Logfile: scanlog.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.29.09
Rootkit Database: v2014.06.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: xxxxxxxx
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316457
Time Elapsed: 4 min, 26 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [003d4e3094e73ff701c7d5d806fcb64a],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-2476543464-4118117661-2746257878-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [e855acd2750612243b9534a0b54dd729],
Registry Values: 2
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, Quarantined, [6cd185f9f18ae3535c44c344ab595da3]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [003d4e3094e73ff701c7d5d806fcb64a]
Registry Data: 0
(No malicious items detected)
Folders: 7
PUP.Optional.SearchProtect.A, C:\Users\xxxxxxxx\AppData\Local\SearchProtect, Quarantined, [1c21c5b9037845f1d29df2b8d52d926e],
PUP.Optional.SearchProtect.A, C:\Users\xxxxxxxx\AppData\Local\SearchProtect\Logs, Quarantined, [1c21c5b9037845f1d29df2b8d52d926e],
PUP.Optional.SearchProtect.A, C:\Users\xxxxxxxx\AppData\Local\SearchProtect\SearchProtect, Quarantined, [1c21c5b9037845f1d29df2b8d52d926e],
PUP.Optional.SearchProtect.A, C:\Users\xxxxxxxx\AppData\Local\SearchProtect\SearchProtect\Logs, Quarantined, [1c21c5b9037845f1d29df2b8d52d926e],
PUP.Optional.SearchProtect.A, C:\Users\xxxxxxxx\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [1c21c5b9037845f1d29df2b8d52d926e],
PUP.Optional.SearchProtect.A, C:\Users\xxxxxxxx\AppData\Local\SearchProtect\UI, Quarantined, [1c21c5b9037845f1d29df2b8d52d926e],
PUP.Optional.SearchProtect.A, C:\Users\xxxxxxxx\AppData\Local\SearchProtect\UI\rep, Quarantined, [1c21c5b9037845f1d29df2b8d52d926e],
Files: 4
PUP.Optional.SearchProtect.A, C:\Users\xxxxxxxx\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, Quarantined, [1c21c5b9037845f1d29df2b8d52d926e],
PUP.Optional.SearchProtect.A, C:\Users\xxxxxxxx\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [1c21c5b9037845f1d29df2b8d52d926e],
PUP.Optional.SearchProtect.A, C:\Users\xxxxxxxx\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [1c21c5b9037845f1d29df2b8d52d926e],
PUP.Optional.SearchProtect.A, C:\Users\xxxxxxxx\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [1c21c5b9037845f1d29df2b8d52d926e],
Physical Sectors: 0
(No malicious items detected)
(end)