 sj |
||
|
||
Tech: ISP keeps redirecting
|
|
|
Subject: Tech: ISP keeps redirecting From: katlaughing Date: 17 Dec 10 - 07:40 PM I hope someone here may have a clue of what I can do with my PC. It's been doing weird stuff. I may click on a link for a thread, or type in a URL in the addy bar, or try to click on a new story on another website and it either hangs up, forever, OR I wind up at the search page of our ISP which is the local cable company. I called them and they had me reset the Internet Protocol thing. It did not stop. I have to hit refresh several times before I can get a post to go through or read a story, etc. AND, for example, just posted to a thread and after hitting SEND, I was taken to the ISP search page! So, somehow they are hijacking my directions. I do not have any viruses, use Adblocker, Avast, and Sunbelt Firewall. I've got over 80% unused capacity so memory isn't a problem. I've done System Restore a couple of times which seemed to help for a short while, then the ISP hijack showed up, again. I've also dumped everything..cookies, cache, recycle bin, etc. I don't think it is our router as I don't have the same problem on the laptop and Rog has no problems on his PC. I've tried using Opera, Chrome, and IE to no avail. Help? Thanks, kat |
|
Subject: RE: Tech: ISP keeps redirecting From: Amergin Date: 17 Dec 10 - 11:07 PM Kat, you still have malware on your computer. For some reason the anti virus doesn't catch it. I had the same problem a few months or so back and I was on the verge of becoming bald from pulling out my hair....and I can't have that.... I searched and searched and tried several things. System Restore did work but temporarily. In the end I booted up into safe mode with networking, downloaded and installed Malwarebytes antimalware program, and MS security essentials. Then I ran them, and once completed I rebooted, in order to ensure the bug was gone. I haven't had a problem since. |
|
Subject: RE: Tech: ISP keeps redirecting From: The Fooles Troupe Date: 17 Dec 10 - 11:51 PM This sounds like one of the Koobface variants. I found (since I have a thruput traffic meter installed) that the Broadband link was also really being belted at the same time. Probably running some kind of bot on the PC. The reason that some of these viruses can hide from the protection tools, is that they are written to hide themselves, and the way they hide is made to change as the new variants keep circulating. Only the very latest versions of some trouble shooters may find them, depending on the way the work - others that work in different ways, are able to find certain strains by knowing where and how they hide. Thus it can be useful to have more than one up to date tool to dif them out. |
|
Subject: RE: Tech: ISP keeps redirecting From: The Fooles Troupe Date: 17 Dec 10 - 11:54 PM Btw, System Restore can actually restore the nasty, as it may be hidden in some of the stuff that gets restored. Once you are sure that you have cleaned things out completely, it might be best to wipe all old restore points, unless you are SURE that you know which RPs are safe. |
|
Subject: RE: Tech: ISP keeps redirecting From: katlaughing Date: 18 Dec 10 - 12:48 AM My Rog says they usually show up in the processes when you do ctrl-alt-del, but I wouldn't know them from Adam and there are a slew of processes listed. He's going to take a look, tomorrow. I've never had malware before and don't know how to wipe out old restore points unless there are directions when I go in there. Thanks to both of you, though!:-) I know I know just enough to get in trouble. |
|
Subject: RE: Tech: ISP keeps redirecting From: JohnInKansas Date: 18 Dec 10 - 01:43 AM System Restore keeps a few of the most recent restore points, but as you make changes the newest replaces the oldest. If you go to Control Panel and turn OFF System Restore, all previous restore points are deleted, and no new ones are created until you turn it back on. At least that's the instruction given for WinXP, and Vista or Win7 should work the same since they haven't published anything new that I've been able to find on the subject. John |
|
Subject: RE: Tech: ISP keeps redirecting From: Richard Bridge Date: 18 Dec 10 - 04:47 AM I've always run both Spybot Search and Destroy and Lavasoft's Ad-aware, but the latter has now graduated to being an antivirus as well and I don't think I want that - I have a different antivirus. Are there reports of Malwarebytes failing to co-exist with other antimalware products? |
|
Subject: RE: Tech: ISP keeps redirecting From: The Fooles Troupe Date: 18 Dec 10 - 07:01 AM Some clever nasties are able to hide themselves from the list of processes. They are usually more difficult to root out. |
|
Subject: RE: Tech: ISP keeps redirecting From: katlaughing Date: 18 Dec 10 - 11:27 AM Well I ran Malwarebytes and it came up with the following which I then had it take care of: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5347 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 12/18/2010 2:28:09 AM mbam-log-2010-12-18 (02-28-09).txt Scan type: Full scan (C:\|N:\|) Objects scanned: 315456 Time elapsed: 1 hour(s), 3 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{16CDE0AA-8522-4353-BB65-A0D738912AFA} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07EF953F-09CD-4E08-88FD-F63C6D65E2B9} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Value: wxfw.dll -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\program files\internet explorer\vvz.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\kat\Desktop\stressreducers2005.exe (Joke.Stressreducer) -> Quarantined and deleted successfully. c:\documents and settings\Morgan\my documents\downloads\stressreducers2005.exe (Joke.Stressreducer) -> Quarantined and deleted successfully. c:\program files\emusic download manager\winamp_plugin.exe (Adware.BHO) -> Quarantined and deleted successfully. c:\program files\constant32.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. c:\program files\PORT.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully. c:\program files\sdr1_32.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. c:\program files\zlib.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Stressreducer is a thing I've had on here for years and never had a problem with. The other online games came with the PC from msn - zone.com" (which we cannot get to come up online) and include Internet Reversi, which, oddly enough, when we put in a new video driver, yesterday, which Rog says could NOT cause this, I cannot connect to any of them at all. When I try it says I am either "behind a corporate firewall" or my modem might not be "dialed up to my ISP." Until yesterday, my firewall was never a problem and, even if I turn it off, I still get the same message. I need my Reversi fix!!:-) So, should I now go in and turn off my System Restore? It seems a scary thing to do, but of course I don't want any more malware. Thanks, fellahs! kat (BTW, I know my Rog doesn't know as much as you guys, that's why I ask you. He's brill when it comes to broadcast tech, though.:-) OH, AND ALSO, I still am getting a slow drag when I hit SEND. And, in fact, I just tried to send this and it rerouted me to the g.d. ISP server page!! Trying again. |
|
Subject: RE: Tech: ISP keeps redirecting From: katlaughing Date: 18 Dec 10 - 11:32 AM Meant to say, I've had no problem getting the games up and playing them for years UNTIL we put in the new video card yesterday. Which also makes me wonder about the above report of them having spyware...couldn't that just be the info they collect which they tell you they collect, i.e. location, game level skill, language, etc.? |
|
Subject: RE: Tech: ISP keeps redirecting From: The Fooles Troupe Date: 18 Dec 10 - 03:15 PM The nasty must either add a totally new program, or infect (put a link to the nasty stuff, which it must also put somewhere. either at the end of the victim program, or as a separate lump) some regularly run bit. "c:\program files\internet explorer\vvz.dll (Trojan.Agent) -> Quarantined and deleted successfully." Looks like not part of a normal system (the name is often a clue) so was deleted. May also gave detected a 'signature' - a distinctive section of code. There are 2 reasons why something may register as a problem in one of those sweeps 1) It may falsely register as a problem due to similarities in the code signature - called a False Positive - but very rare. 2) The nasty needs to hide a link inside some program that gets run regularly, often one that is running at the time of the infection - called being 'infected', so that each time the victim program is run, the nasty 'comes alive' again. Consequently it will have added to the file the stuff that gets recognised as the 'nasty bit'. But it looks like you still have something nasty in the wood pile. Just because Malwarebyte found some stuff, doesn't mean it found it all. |
|
Subject: RE: Tech: ISP keeps redirecting From: katlaughing Date: 18 Dec 10 - 06:51 PM So now what do I do? I hardly ever use IE, in fact, I only used it recently to see if it was something to so with Firefox which I use all of the time. Should I go ahead and dump all System Restore points? |
|
Subject: RE: Tech: ISP keeps redirecting From: The Fooles Troupe Date: 18 Dec 10 - 07:16 PM That nasty file I mentioned is not part of normal I_Explorer, and has now been quarantined - put in a safe place where it cannot run. The files are not dangerous there. Keeping the restore points for the moment might be a good idea, if you keep those before the date you added the hardware change. removing those ater you had th enoticed problem may be a good idea. Ah - if you had the trojan already hiding, then when you ran IE, that activated it. I'm no longer an expert in these matters, as I have not been working at it for a while, just stamping out my own bushfires, so as things keep changing rapidly, I cano nly give a little general advice. Bit the thread is now bumped, where it may catch someone else's eye. |
|
Subject: RE: Tech: ISP keeps redirecting From: katlaughing Date: 18 Dec 10 - 08:01 PM Thanks, Fooles. I am not going to do anything to the Restore Points at the moment because I just don't know enough to not screw things up. I just tried to post to another thread and was LOGGED OUT when I hit Send, then when I tried to LogIn, it took me to my ISP's search site, again! I hit the back button which took me to LogIn and was able to enter my pw and get signed back in. I think my ISP has taken over. I even blocked their search page cookies and it still took me there! |
|
Subject: RE: Tech: ISP keeps redirecting From: bobad Date: 19 Dec 10 - 08:06 AM Kat, have you tried running Windows Live OneCare safety scanner? A recent scan on my system with it found a "severe threat" but said it was unable to remove it. I then ran a scan with House Call which identified a Trojan in my system restore files and removed it. A subsequent scan with OneCare came up clean. It's worth a try. PS You have to run the Window's scan with IE as your browser unless you have an IE emulator add on in Firefox. |
|
Subject: RE: Tech: ISP keeps redirecting From: katlaughing Date: 19 Dec 10 - 01:39 PM Thanks, bobad. I will look into that. I did finally get my Rog to sit down and take a look at things. He found I didn't have java! Not sure why or when that happened. Anyway, he fixed that and also looked into whether the new driver was at 32 or 64 bit. So far, it seems the slow-load/no-load has been fixed. Otherwise, I don't know because I haven;t tried it enough. He just finished a few minutes ago. I will keep you all posted and thanks a bunch!! kat |
|
Subject: RE: Tech: ISP keeps redirecting From: JohnInKansas Date: 20 Dec 10 - 11:11 AM About the only common reason why your AV (including Windows Malware Remover or One-Care) can't remove something it finds is because the file is open when you run the scan. An open file can't be deleted or moved. You can download the current Microsoft Malware Remover to your desktop (or anywhere else on your machine) so that you can boot to Safe Mode without running the "Startup" folder, so that nothing extraneous is running, and run the cleanup program from the download, usually with a successful removal. You probalbly can do the same with the One-Care scanner, but I haven't checked that out. Or you can reboot to "Safe Mode with Networking" and run Malware Remover (or One Care) from the site, but just be sure you don't go anywhere else before you reboot and turn all your normal protections back on. Instructions for the necessary download aren't particularly complicated, but my (lack of) memory suggests you should get the current poop at the Microsoft Update site. John |
|
Subject: RE: Tech: ISP keeps redirecting From: GUEST,.gargoyle Date: 20 Dec 10 - 11:26 PM Laf Kat, mistress
I attempted to tell you the source of your distress within this very chat.
Why I should be repeated, is because my posting was deleated.
Like a barley corn, whiskey born...you have a child born, living in your home that is directing your browser to porn, porn, porn.
Sincerely, The solution is clean, give the teen a "new boot" through monitored screen .... and next day remove URL's to connections obscene. |
|
Subject: RE: Tech: ISP keeps redirecting From: JohnInKansas Date: 21 Dec 10 - 07:02 AM While it's not really worth much debate, Gargoyle may be a little behind the times. Possibly because of the reputation , especially among self-appointed "enforcers," and partly because "problems affect income," recent surveys of where malware is found have reported that surfing for porn, while not a whole lot more respecatable than Googling for the latest "entertainment gossip," is one of the safer things you can do on the web, as long as you don't give up personal information to get a long term "subscription." Pornographers don't want the attention that breaking someone's computer brings to their doorstep. Browsing FaceBook is much more likely to give you a high exposure to malware. In that case it's usually "phishing" types, that invite you to "click here to see this marvelous ... ," so you have to be a bit stupid (not intended as an unfriendly term) to be infected; but if you're browsing randomly at Facebook, or letting unknown people post questionable links on your page, it's pretty likely that ... ... ... you are a little bit stupid (in the opinion of some). Trading games is arguably the most dangerous of activities common today, since large numbers of "free games" in circulation have the malware embedded in the program in the old fashioned way. Trading games via IRC probably adds to the risk. Downloading lots of "free music" or videos probably follows closely behind gaming as an infection risk. When large numbers of subscribers get infected with a "redirect" malware scrap, it's common for an internet provider - or for a relay server along your communication path - to block requests to connect to the site. The Yahoo search page may just be their "default" for a blocked or dropped attempt to connect to some site(s); and if they use the same default for multiple blocks they probably can't tell from the symptons that they gave you which problem is causing you to try to go there. John |
| Share Thread: |