Browser redirect bug

Author
Starise
Max Output Level: -0.3 dBFS
  • Total Posts : 7563
  • Joined: 2007/04/07 17:23:02
  • Status: offline
2012/09/12 12:11:45 (permalink)

Browser redirect bug

 
 I'm not sure where or how I picked this little bug up, maybe attached to an email I opened. not sure. In windows explorer if I type in a web address I can go to the site I type, however, if I use the built in Google search I get redirected to some honky useless site.
 
  I have malwarebytes installed and it detects it and quarantines it. I have deleted it from the quarantine area but it still comes back. I have tried scanning for it in safe mode and that doesn't seem to help. This isn't the same LAME TROJAN that I recently completely removed with MB, this is something else.
 
 I emptied my browser cache and cookie files. The virus doesn't seem to be taking my computer down or interrupting anything but my Google searches. When it attacks, my browser will hang up and then I'll see another address in my browser window and I'll be resent somewhere else.If I type directly into the search window I can get to my destination. Any Ideas on what this thing is or how to emiminate it? Thanks.

Intel 5820K O.C. 4.4ghz, ASRock Extreme 4 LGA 2011-v3, 16 gig DDR4, ,
3 x Samsung SATA III 500gb SSD, 2X 1 Samsung 1tb 7200rpm outboard, Win 10 64bit, 
Laptop HP Omen i7 16gb 2/sdd with Focusrite interface.
 CbB, Studio One 4 Pro, Mixcraft 8, Ableton Live 10 
 
 www.soundcloud.com/starise
 
 
 
Twitter @Rodein
 
#1

12 Replies Related Threads

    fireberd
    Max Output Level: -38 dBFS
    • Total Posts : 3704
    • Joined: 2008/02/25 14:14:28
    • Location: Inverness, FL
    • Status: offline
    Re:Browser redirect bug 2012/09/12 12:56:08 (permalink)

    "GCSG Productions"
    Franklin D-10 Pedal Steel Guitar (primary instrument). Nashville Telecaster, Bass, etc. 
    ASUS ROG Maximus VIII Hero M/B, i7 6700K CPU, 16GB Ram, SSD and conventional hard drives, Win 10 Pro and Win 10 Pro Insider Pre-Release
    Sonar Platinum/CbB. MOTU 896MK3 Hybrid, Tranzport, X-Touch, JBL LSR308 Monitors,  
    Ozone 5,  Studio One 4.1
    ISRC Registered
    Member of Nashville based R.O.P.E. Assn.
    #2
    spacealf
    Max Output Level: -54 dBFS
    • Total Posts : 2133
    • Joined: 2010/11/18 17:44:34
    • Status: offline
    Re:Browser redirect bug 2012/09/12 13:03:55 (permalink)
    You can also use "Start Page" and forget Google since google keeps track of what you are looking up. All startpage does is not give your identiy out when searching for something to look up and it is easy to download and install. https://startpage.com/ https://startpage.com/eng...-startpage-plugin.html

     
     
    #3
    Jonbouy
    Max Output Level: 0 dBFS
    • Total Posts : 22562
    • Joined: 2008/04/14 13:47:39
    • Location: England's Sunshine South Coast
    • Status: offline
    Re:Browser redirect bug 2012/09/12 23:00:58 (permalink)
    Oh my, this could be a PITA for you these things tend to replicate all over your system and some of those redirects for sure will be adding to your nightmares.
     
    The only surefire way of clearing this out is a complete reformat and re-install.  There are no shortcuts to peace of mind IMO and really there is no need to mess about with this kind of thing these days.
     
    Then get yourself equipped with some imaging software and make regular images of your OS in future so you can get back to a totally clean and fully working environment within a few minutes of such an occurance.  It's much quicker than trying to find and eliminate these kinds of things only to find it's come back in a couple of weeks and Windows System restore just doesn't cut it.  In fact many of them things thrive among your System Restore files.
     
    Active Disk Image, Acronis or any of those type of things will cover you.  Just get one that will Boot from a DVD/CD image so it doesn't even need to be installed on your system and you can re-prep your drives with it without having to use the infected system.
     
    It happens.  Be prepared, and you can be fully back up and running within 10 minutes of something like this happening in future.
    post edited by Jonbouy - 2012/09/12 23:12:30

    "We can't do anything to change the world until capitalism crumbles.
    In the meantime we should all go shopping to console ourselves" - Banksy
    #4
    jbow
    Max Output Level: -0.2 dBFS
    • Total Posts : 7601
    • Joined: 2003/11/26 19:14:18
    • Status: offline
    Re:Browser redirect bug 2012/09/13 09:42:21 (permalink)
    It is called malware.  Hikackthis will fix it. You DL hijackthis, run it, save a logfile and copy paste any and all su****ious .exe files into the searchbox on the website  http://www.processlibrary.com/ to be sure it isn't something you want or need. Then select it in the regular hijackthis window and HJT will completely remove it. It will likely jump out at you when you see it in the logfile.. save the LF to your desktop. If isn't an .exe file you can still copy/paste anything into a Google search and quickly see what it is... but it is most likely an .exe file.

    I've done it many times, it isn't as hard as it looks.

    J
    post edited by jbow - 2012/09/13 09:53:48

    Sonar Platinum
    Studiocat Pro 16G RAM (some bells and whistles)
    HP Pavilion dm4 1165-dx (i5)-8G RAM
    Octa-Capture
    KRK Rokit-8s
    MIDI keyboards...
    Control Pad
    mics. 
    I HATE THIS CMPUTER KEYBARD!
    #5
    jbow
    Max Output Level: -0.2 dBFS
    • Total Posts : 7601
    • Joined: 2003/11/26 19:14:18
    • Status: offline
    Re:Browser redirect bug 2012/09/13 09:53:01 (permalink)

    I missed that malwarebytes isn't doing it. You will have to manually remove it from the registry, HJT should do it. If not use one of the forums. They are good people.

    http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html 
     
    if you need help:  http://forums.malwarebytes.org/index.php?showforum=41 

    http://forums.majorgeeks.com/forumdisplay.php?f=35 

    http://www.bleepingcomputer.com/forums/forum55.html 

    I've used this one several times:  http://www.spywareinfoforum.com/index.php?/forum/18-malware-removal/ 

    Don't despair, it isn't hard once you get a little bit of a handle on it.






    post edited by jbow - 2012/09/13 09:55:11

    Sonar Platinum
    Studiocat Pro 16G RAM (some bells and whistles)
    HP Pavilion dm4 1165-dx (i5)-8G RAM
    Octa-Capture
    KRK Rokit-8s
    MIDI keyboards...
    Control Pad
    mics. 
    I HATE THIS CMPUTER KEYBARD!
    #6
    jbow
    Max Output Level: -0.2 dBFS
    • Total Posts : 7601
    • Joined: 2003/11/26 19:14:18
    • Status: offline
    Re:Browser redirect bug 2012/09/13 10:04:47 (permalink)
    Active Disk Image, Acronis or any of those type of things will cover you.



    I have been meaning to do this Jon. Do you know if Active DI can be used on several computers? I see that Acronis is cloud based and 49 bucks only covers one computer,  they have a higher price for three computers but if Active is cheaper I'll buy another external drive for this. I am not sure how I feel about the cloud yet... not that I really have a choice in the matter overall.


    Which one do you use? You are right... 10 minutes beats the heck out of 10 hours.


    Thanks,


    Julien

    Sonar Platinum
    Studiocat Pro 16G RAM (some bells and whistles)
    HP Pavilion dm4 1165-dx (i5)-8G RAM
    Octa-Capture
    KRK Rokit-8s
    MIDI keyboards...
    Control Pad
    mics. 
    I HATE THIS CMPUTER KEYBARD!
    #7
    fireberd
    Max Output Level: -38 dBFS
    • Total Posts : 3704
    • Joined: 2008/02/25 14:14:28
    • Location: Inverness, FL
    • Status: offline
    Re:Browser redirect bug 2012/09/13 11:14:35 (permalink)
    The Acronis Cloud is only if you want to back up to their "cloud" server.  Otherwise you can you can backup to any local media, such as a hard drive.  I have Acronis and only backup to a separate hard drive.  I make full hard drive backups, I don't do the incremental types.  My DAW systems has three drives, an SSD for the OS and Sonar, a hard drive for everything else and another hard drive only for Acronis backups.

    "GCSG Productions"
    Franklin D-10 Pedal Steel Guitar (primary instrument). Nashville Telecaster, Bass, etc. 
    ASUS ROG Maximus VIII Hero M/B, i7 6700K CPU, 16GB Ram, SSD and conventional hard drives, Win 10 Pro and Win 10 Pro Insider Pre-Release
    Sonar Platinum/CbB. MOTU 896MK3 Hybrid, Tranzport, X-Touch, JBL LSR308 Monitors,  
    Ozone 5,  Studio One 4.1
    ISRC Registered
    Member of Nashville based R.O.P.E. Assn.
    #8
    Starise
    Max Output Level: -0.3 dBFS
    • Total Posts : 7563
    • Joined: 2007/04/07 17:23:02
    • Status: offline
    Re:Browser redirect bug 2012/09/13 12:58:38 (permalink)
     Thank you for the advice. I have been running and backing up to Acronis. Even though Acronis is a good program I am leery of trusting it totally. Gotta take the leap sometime I guess, reminds me of those replacement spare tires they give you with some cars, you really hate to ever be in the position to need one, or the backup chute in case the main chute fails. I recently loaded some software since my last backup so hopefully I can  try to find another solution. FWIW I have no problems with Sonar X1 running ok.

     I had thought of possibly deleting explorer completely or using another browser. Jbow I'll check out those links, I am up for going into the registry or deeper into the files if necessary.

     Though Malwarebytes gets a high rating Kaspersky ranked higher recently.To their credit Malwarebytes is finding and quarantining it but the virus seems to be self replicating and self recycling.

    Intel 5820K O.C. 4.4ghz, ASRock Extreme 4 LGA 2011-v3, 16 gig DDR4, ,
    3 x Samsung SATA III 500gb SSD, 2X 1 Samsung 1tb 7200rpm outboard, Win 10 64bit, 
    Laptop HP Omen i7 16gb 2/sdd with Focusrite interface.
     CbB, Studio One 4 Pro, Mixcraft 8, Ableton Live 10 
     
     www.soundcloud.com/starise
     
     
     
    Twitter @Rodein
     
    #9
    fireberd
    Max Output Level: -38 dBFS
    • Total Posts : 3704
    • Joined: 2008/02/25 14:14:28
    • Location: Inverness, FL
    • Status: offline
    Re:Browser redirect bug 2012/09/13 14:53:46 (permalink)
    One of the problems wih a virus is that it can attach itself to all media, such as a USB flash drive or CD and then when you clean it out and then reconnect the flash drive or load the CD, for exampe, the virus/malware will reinstall itself.   Same way, if you clean it out and then use system restore to go back to an old point, it can reappear (thus the reason system restore should be disabled before cleaning out the crap and then re-enabling it after its cleaned out).

    "GCSG Productions"
    Franklin D-10 Pedal Steel Guitar (primary instrument). Nashville Telecaster, Bass, etc. 
    ASUS ROG Maximus VIII Hero M/B, i7 6700K CPU, 16GB Ram, SSD and conventional hard drives, Win 10 Pro and Win 10 Pro Insider Pre-Release
    Sonar Platinum/CbB. MOTU 896MK3 Hybrid, Tranzport, X-Touch, JBL LSR308 Monitors,  
    Ozone 5,  Studio One 4.1
    ISRC Registered
    Member of Nashville based R.O.P.E. Assn.
    #10
    Jonbouy
    Max Output Level: 0 dBFS
    • Total Posts : 22562
    • Joined: 2008/04/14 13:47:39
    • Location: England's Sunshine South Coast
    • Status: offline
    Re:Browser redirect bug 2012/09/13 15:37:12 (permalink)
    jbow



    Active Disk Image, Acronis or any of those type of things will cover you.



    I have been meaning to do this Jon. Do you know if Active DI can be used on several computers? I see that Acronis is cloud based and 49 bucks only covers one computer,  they have a higher price for three computers but if Active is cheaper I'll buy another external drive for this. I am not sure how I feel about the cloud yet... not that I really have a choice in the matter overall.


    Which one do you use? You are right... 10 minutes beats the heck out of 10 hours.


    Thanks,


    Julien

    I've been using Active Disk Image for many years, mainly because it is so simple and contains most of the tools you need on the one default disk, you only need to install it to create your registered boot CD then you can remove it from your system.  You can then image any computer you boot with the CD/DVD.
     
    The thing with using optical media rather than a thumb drive etc, is that nothing can write to it so it is always going to be clean.  Write the images to a removable drive that isn't connected when the computer is being used normally so the images stay clean too.
     
    My days of hunting down the effects of a malware infestation are long gone.  Life's too short.  My W7 and XP partitions take 8 minutes a week to make and around 8 minutes to restore either one.
     
    Make an image of when you've just installed your OS, one when you've got all your stuff setup and authorized then just make on going ones so you've always got a good reference to return to.  I just keep the fresh installs and up to two months back which works out at around 160 Gigs for my setup.  The 'Starter' version works fine for me for this purpose but if you wanted to transfer a raw image to another partition for instance you need the 'Standard' version or above.
     
    I do use the images as well, often when I've gone "a tweak too far" or I don't like the look of something that's just recently happened...
    post edited by Jonbouy - 2012/09/13 15:42:51

    "We can't do anything to change the world until capitalism crumbles.
    In the meantime we should all go shopping to console ourselves" - Banksy
    #11
    jbow
    Max Output Level: -0.2 dBFS
    • Total Posts : 7601
    • Joined: 2003/11/26 19:14:18
    • Status: offline
    Re:Browser redirect bug 2012/09/13 17:09:46 (permalink)
    Thanks Jon. 

    Sonar Platinum
    Studiocat Pro 16G RAM (some bells and whistles)
    HP Pavilion dm4 1165-dx (i5)-8G RAM
    Octa-Capture
    KRK Rokit-8s
    MIDI keyboards...
    Control Pad
    mics. 
    I HATE THIS CMPUTER KEYBARD!
    #12
    SongCraft
    Max Output Level: -36 dBFS
    • Total Posts : 3902
    • Joined: 2007/09/19 17:54:46
    • Status: offline
    Re:Browser redirect bug 2012/09/13 17:10:37 (permalink)
    I had something similar to this a while back, Malwarebytes and MS Essential Security didn't seem to do a thorough job of removing it so I then opened Spybot Search & Destroy > Updated it first and then ran a scan, it found it and others (that the above other programs didn't find) and now my Internet PC is clean as a whistle. 

    Initially; what this hijacking redistributor also did was to redirect search listing results to list sites that provided software downloads  > a way to remove it?... but those downloads were all trojans. 
    post edited by SongCraft - 2012/09/13 17:11:56

     
     
    #13
    Jump to:
    © 2024 APG vNext Commercial Version 5.1