got a proxy link in browser, didn't ask for it, possible threat ?

[kem]

I recently noticed that when I surf to amazon my address url quickly flashes

http://proxy.metalink.net/details.h...250577A028650&b=1170&d=http://www.amazon.com/

then to the normal amazon.com address. I can surf elsewhere and it does not do that, only when I go to amazon. And only on win 7 x86 and x64.

I removed all my bookmarks from Firefox as I thought it was hijacking that bookmark, I do not remember history in FF and I started opening to a blank page all to no avail.

What is this ? Is it a threat ? and how do I get rid of it ?

I use Comodo Firewall, Superantispyware and Malwarebytes
did a scan and nothing.

Emailed amazon and they say it's not theirs but that may be a canned response from someone low down in the chain that are clueless.

What is this ? Is it a threat ? and how do I get rid of it ?

It's really bugging me as amazon stores info on their server's.

 

[VistaKing]

Kem

Download the two programs below

AdwCleaner

Click here AdwCleaner

:ar: Click on Download Now button

:ar: Save to the Desktop

:ar: Right-click on AdwCleaner.exe and choose

:ar: Click on Delete and confirm the prompt.

:ar: Your computer will be rebooted automatically. A text file will open after the restart.

Upload the log : The log file is at C:\AdwCleaner[Sn].txt

Junkware Removal Toolkit

Click here Junkware Removal Tool to download

Drag the JRT.exe from the Downloads folder to your Desktop

Right click JRT.exe and choose

Once done upload the JRT.txt file

 

[Jezuz]

I also got a few flashes,so i don't think is a problem from the proxy server(because it's meant to protect you).When the next update comes I'll check it out if it happens more.

 

[kem]

I did JRTas you said and received this error mssg immediately upon clicking it: Error During Execution C:\Users\amit\AppData\Local\Temp\jrt\get.bat Access is denied

oh no reboot

just R1, R2, R3 files

I gotta go to church, i'll be back. thank you.

 

[VistaKing]

Run Farbar Recovery Scan Tool

32-bit Version OS Farbar Recovery Scan Tool <==== Download Link

Drag the FRST.exe from the Downloads folder to your Desktop

Right click on FRST.exe and choose

When the tool opens click Yes on the disclaimer window .
Press Scan button.


Please upload both logs in your reply.(FRST.txt and Addition.txt)

:note: FRST.txt and Addition.txt will be on the Desktop :note:

Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .

 

[kem]

I gotta go to church, i'll be back in a bit and continue. Thank you.

 

[Jacee]

It looks like something to do with coupons/cash back rebates... "RewardFinds". It does have something to do with Amazon, but you may have been caught up in a javascript.

Lets clean out all Temporary files: download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

After you've done that, make sure proxy settings are disabled:
1) Under “Tools” in the browser tool bar select “Internet Options”.
2) In the “Internet Options” window that pops up, click the “Connections” tab at the top.
3) Click “LAN Settings” near the bottom of the “Connections” section.
4) If the “Proxy server” checkbox is marked with a check, click it to deselect/uncheck it.
5) Click “Ok” to close the “Local Area Network (LAN) Settings” window.
6) Click “Ok” to close the “Internet Options” window.
Reboot
Make sure "Proxy server" is still disabled under your LAN Settings.

 

[kem]

I'm back.

Did what you said Jacee and it requested the reboot, so i did then checked IE and proxy was not checked (BTW: i use firefox but still checked IE). Thanks Jacee.


Thanks Jezuz, keep me posted.

I looked at amazon url again and it still does that so I'll continue your process VistaKing.

 

[VistaKing]

Open

• Go to Tools
• Then Options
• Select the Network tab
• Click Settings
• Choose the option: No Proxy
• Click OK

 

[kem]

ran the FRST tool

also did the FF procedure tools>options>advanced tab>network>settings and ticked 'no proxy' restarted FF but it still does that.

The FRST logs r below.

well the logs wont upload, they're blank anyway.

 

[VistaKing]

I don't see the logs . The logs shouldn't be blank .

 

[kem]

I ran the tool once and they were blank ??? so I saw where I could type in something so I typed in the url although it would not take it all so I typed in the main part but even still the logs were blank.

This is a recent clean install of win 7 on a reformated drive. reformated with linux first so I would get nearly 'RAW" then with win 7 x86.

 

[VistaKing]

On the FRST app click on the Scan button once its done it will open two text files FRST.txt and Addition.txt upload both of the logs please .

 

[kem]

ok, since the files were blank, I rebooted and left Comodo on so I could see n allow the alerts.
Now only 1 log shows up but it is populated. Hope it uploads.

 

[kem]

the Addition.txt remains blank.


it will not upload an empty file.

 

[VistaKing]

On

Hold down Control and click on ESET Online Scanner to open ESET OnlineScan in a new window
Click the

button
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
° Scan potentially unwanted applications
° Scan for potentially unsafe applications
° Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.


On

or

Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Right click on

choose

on your desktop
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
° Scan potentially unwanted applications
° Scan for potentially unsafe applications
° Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

 

[kem]

when I installed comodo I did so while the ethernet was unplugged and it didn't behave right at first, so I'm wondering if I redo everything and reinstall comodo while connected if comodo's DNS servers would not accept that proxy; because I run XP Pro with that setup and the rouge url is nowhere to be seen.

 

[kem]

i'll do that VistaKing.

 

[VistaKing]

Why would you need a proxy in a home environment ? Proxies are mainly used in enterprise locations .

 

[Jacee]

This is a recent clean install of win 7 on a reformated drive. reformated with linux first so I would get nearly 'RAW" then with win 7 x86.

Connect to 184.73.178.87 on port 80 ... ok

GET / HTTP/1.1[CRLF]
Host: Cash Back at over 1,200 online stores & thousands of online coupons! RewardFinds[CRLF]
Connection: close[CRLF]
Accept-Encoding: gzip[CRLF]
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7[CRLF]
Cache-Control: no-cache[CRLF]
Accept-Language: de,en;q=0.7,en-us;q=0.3[CRLF]

X-Powered-By:
Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
Server:Apache/2.2.12 (Ubuntu)Set-Cookie:
JSESSIONID=6C999CE22586E522BF609C77E222D000; Path=/

Does this look somewhat familiar?