SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Geek squad help needed ?browser hijack?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
IrwinFletcher
Master Baiter


Joined: 18 Nov 2007
Posts: 192


PostPosted: Thu Jul 23, 2009 12:01 am Reply with quoteBack to top

Ok so computers aren't my strong point. Sometimes when I do a google search and click on a result, I am redirected to a different site. It's not always the same site. Just random advertising sites, medical ads, etc. I've scanned with AVG and Malwarebytes anti-malware, and both come up clean. Does anyone have an idea what is going on here? Any help is appreciated. Thanks in advance Very Happy

_________________
-I have been beaten up suffered three broken ribs and i have been
raped by three farm workers.
-i say go and fu** ur mother asssssssssssssss or come and help ok? u think i am foooooooooooool
- let if sink into your nerves that, R3V J0HN 4BUL3 is not a cheat and God Almighty whom I serve will not let me be
View user's profileSend private message
Pastor Frank
Moderator


Joined: 31 Jan 2007
Posts: 11521
Location: EN34ix


PostPosted: Thu Jul 23, 2009 12:24 am Reply with quoteBack to top

What browser are you using? You have something, but we need to figure out what it is.

Download this and run a scan...

http://www.safer-networking.org/en/download/

_________________
"Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R
View user's profileSend private messageSend e-mail
IrwinFletcher
Master Baiter


Joined: 18 Nov 2007
Posts: 192


PostPosted: Thu Jul 23, 2009 12:26 am Reply with quoteBack to top

I use firefox. I'll download that now. Thanks!

_________________
-I have been beaten up suffered three broken ribs and i have been
raped by three farm workers.
-i say go and fu** ur mother asssssssssssssss or come and help ok? u think i am foooooooooooool
- let if sink into your nerves that, R3V J0HN 4BUL3 is not a cheat and God Almighty whom I serve will not let me be
View user's profileSend private message
Pastor Frank
Moderator


Joined: 31 Jan 2007
Posts: 11521
Location: EN34ix


PostPosted: Thu Jul 23, 2009 12:31 am Reply with quoteBack to top

Make sure you update it before you scan.

_________________
"Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R
View user's profileSend private messageSend e-mail
Dorothy
Baiting Guru


Joined: 09 Jul 2008
Posts: 3114
Location: somewhere over the rainbow


PostPosted: Thu Jul 23, 2009 1:22 am Reply with quoteBack to top

Win Antivirus (a rogue antivirus/malware) started popping up in google searches to real sites several months ago. I know, because my nonprofit site was hit. Basically, the .htaccess page is changed (in my case it happened on my web host's side, not on my end--my computer was not infected but because the site was configured for Frontpage it was vulnerable when another website on the same server was hacked) so that a direct request to the site leads where it is supposed to, but a click through any of the top 5 search engines leads to the sleazy scammer site.

It sounds like you may be seeing a variant of this attack. If so, your computer is not actually infected (though it could be if the site you are redirected to infects your computer)--it is the real sites that have been compromised.

_________________
Purple FlowerEaster Egg"I've a feeling we're not in Kansas any more..."
View user's profileSend private message
IrwinFletcher
Master Baiter


Joined: 18 Nov 2007
Posts: 192


PostPosted: Thu Jul 23, 2009 2:48 am Reply with quoteBack to top

The first scan with Spybot SD found a bunch of bots and spyware and removed it. There was a message that said Win32.zbot (5 entries, Trojans) couldn't be removed and I had to restart to remove it and scan again. Which I did...At the end of that second scan I got no results..computer just froze with only the Spybot window up, no scan results. I used task manager to restart. I'll scan again tomorrow and see what happens.

As far as it being the sites and not my computer I have no idea. I know that at least one of the google search results that I clicked on which led me to some other site was supposed to bring me here (419eater). I don't recall the others. I tried to look at my logs from SpybotSd but there is nothing there from the previous scans. Maybe I'm looking in the wrong place. Anyway, I have to be up with the birds so I'm off to sleep. Thanks for your help Wink

ETA-Thanks Pastor Frank, I updated it before I scanned.

_________________
-I have been beaten up suffered three broken ribs and i have been
raped by three farm workers.
-i say go and fu** ur mother asssssssssssssss or come and help ok? u think i am foooooooooooool
- let if sink into your nerves that, R3V J0HN 4BUL3 is not a cheat and God Almighty whom I serve will not let me be
View user's profileSend private message
jose_cuervo
Moderator


Joined: 01 Mar 2006
Posts: 7859
Location: Blackacre


PostPosted: Thu Jul 23, 2009 3:05 am Reply with quoteBack to top

Download this and see if it will detect/remove anything.

http://www.avast.com/eng/down_cleaner.html

Avast also has a good (free) antivirus. I have used it for several years and never had any nasties. Very Happy

_________________
Black Ribbon ~ star Safari Tattoo

“I guess a man is the only kind of varmint sets his own trap, baits it, and then steps in it.” ~ John Steinbeck
View user's profileSend private messageSkype Name
Pastor Frank
Moderator


Joined: 31 Jan 2007
Posts: 11521
Location: EN34ix


PostPosted: Thu Jul 23, 2009 4:04 am Reply with quoteBack to top

Let's continue with the shotgun approach, then we can narrow it down.

Download this and scan.

http://www.lavasoft.com/products/ad_aware_free.php

_________________
"Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R
View user's profileSend private messageSend e-mail
A Skinner
Texas Lad-Saw Massacre


Joined: 16 Nov 2003
Posts: 3680
Location: Texas, USA


PostPosted: Thu Jul 23, 2009 1:51 pm Reply with quoteBack to top

Best not to have 2 anti virus programs running at the same time though! AVG and Avast will conflict with each other. Be careful. Uninstall one before installing the other.

_________________
Safari Safari Safari Mortar x 25
Closed lad accounts X ? Nurse Nastys Audi TT x3 Purple Flower
Sand Timer x2 Easter Egg 2012 Nigeria Benin United Kingdom Ghana
SINCE YOU MADE ME TO GIVE MY CAR AWAY AND ALL THE DISAPOINTMENTS YOU GAVE TO ME,WHICH MADE ME TO STOP CONTACTING YOU. PLEASE DO NOT INVOLVE ME WITH ANYTHING YOU ARE DOING WITH ANYBODY, PLEASE DONT INVOLVE ME.I DONT WANT ANYTHING THAT WILL JEOPARDIZE MY IMAGE IN THIS COUNTRY.I AM A HUMANITARIAN LAWYER.

infact am getting tired with all this speculation in this transaction, honestly if i had known that this is the kind of person you are i would not have contacted for an assistance

Urgent??? Impotent massage

* Help Keep Eater Running - Click here to donate
View user's profileSend private messageSkype Name
GordonBennett
Baiting Guru


Joined: 29 Mar 2007
Posts: 2829
Location: Pedicabo ego vos et irrumabo


PostPosted: Thu Jul 23, 2009 2:28 pm Reply with quoteBack to top

..and scan in safe mode

_________________
Ninja
DIE MUDER FUCKER

Purple Flower
View user's profileSend private message
IrwinFletcher
Master Baiter


Joined: 18 Nov 2007
Posts: 192


PostPosted: Thu Jul 23, 2009 3:05 pm Reply with quoteBack to top

I've dowloaded AdAware. When I restarted after install I got the following message : Trojan: WinNT/AlureonNT/Alureon.C removed. I am running a full scan with it now, but not in safe mode....so I'll stop the scan and restart and run in safe mode. I'm headed back to work so I won't be back until much later today. Thanks again for all your help everyone.

_________________
-I have been beaten up suffered three broken ribs and i have been
raped by three farm workers.
-i say go and fu** ur mother asssssssssssssss or come and help ok? u think i am foooooooooooool
- let if sink into your nerves that, R3V J0HN 4BUL3 is not a cheat and God Almighty whom I serve will not let me be
View user's profileSend private message
remu
Master of Master Baiters


Joined: 08 Apr 2006
Posts: 571


PostPosted: Thu Jul 23, 2009 4:35 pm Reply with quoteBack to top

OK, this sounds exactly like a particularly nasty one that I have fixed on a few people's computers. Try running cmd.exe and regedit.exe (from Start->Run), does it let you? If not I'll give you the list of steps to perform to get rid of the problem, it's surprisingly simple.

EDIT: actually I'll just give the steps here. ONLY DO THIS IF IT WON'T LET YOU RUN CMD.EXE OR REGEDIT.EXE, I DON'T KNOW IF IT WORKS WITH OTHER SIMILAR STRAINS OF THIS MALWARE.

1) Get OllyDebugger, extract the zip file to a folder on your desktop.

2) Run OllyDbg.exe. Press "YES" on any dialog boxes that come up.

3) Choose File->Open. Open "C:\Windows\System32\Cmd.exe". An empty command prompt window should open.

4) In OllyDebugger, choose View->Log. It will open a list of modules that were loaded by cmd.exe as it opened. If you have the infection I've fixed a few times recently, it will show a file with a random name, like 'ajgwrtqe.gfs', usually in the C:\Windows directory but it could be anywhere. Note: Any file that ends with .dll or .sys probably isn't a randomly named file.

5) Open notepad.exe. Choose File->Open. Type the location and file name of the randomly named file.

6) Choose Edit->Select All. Press "DELETE" to remove the old crap, and replace it with a few sentences of any text you want (i.e. MUGU VIRUS DIE oooooooooo)

7) Save the file, and reboot your computer. You may delete the randomly named file after rebooting.


I know it sounds unlikely that this would ever work, but if you delete the file it will immediately reappear... saving over it with random text it doesn't! Lemme know if that's what you have Wink

_________________
ムーグー!
View user's profileSend private messageSend e-mailSkype Name
IrwinFletcher
Master Baiter


Joined: 18 Nov 2007
Posts: 192


PostPosted: Thu Jul 23, 2009 7:28 pm Reply with quoteBack to top

Quote:
ONLY DO THIS IF IT WON'T LET YOU RUN CMD.EXE OR REGEDIT.EXE, I DON'T KNOW IF IT WORKS WITH OTHER SIMILAR STRAINS OF THIS MALWARE.


I was able to run both of those. Thanks

I did run a full scan in Adaware and it found nothing else. Maybe things are good now. I haven't used the computer enough today to know if it's still happening or not.

Thanks for the help. Is there something else I need to do now? Or just wait and see?

_________________
-I have been beaten up suffered three broken ribs and i have been
raped by three farm workers.
-i say go and fu** ur mother asssssssssssssss or come and help ok? u think i am foooooooooooool
- let if sink into your nerves that, R3V J0HN 4BUL3 is not a cheat and God Almighty whom I serve will not let me be
View user's profileSend private message
Pastor Frank
Moderator


Joined: 31 Jan 2007
Posts: 11521
Location: EN34ix


PostPosted: Thu Jul 23, 2009 7:50 pm Reply with quoteBack to top

I would suggest getting the NoScript extension for Firefox.

http://noscript.net/

It will take a few days to white list the sites you frequently use, but after that, it runs silent in the background. It's just another layer of protection.

_________________
"Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R
View user's profileSend private messageSend e-mail
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3193


PostPosted: Thu Jul 23, 2009 7:51 pm Reply with quoteBack to top

Run a good virus scanner and have it running real-time checks. Have it update its signatures often, like once a day. Use a free one, there are several and they are top-of-class; a virus scanner that you've run out of subscription for is almost useless.

Run spyware detectors often - say once a week.

It helps to run more than one detector, but you must only have one application doing real-time scanning at once. Otherwise your PC speed goes through the floor.

Get the Adblock+ extension to Firefox. You'll see no more pop-up adverts, so nobody will click one.

Consider getting the Noscript extension to Firefox. Unlike AddBlock+ it does need fiddling with, but it means you wont be executing scripts from places you don't want to. It can get in the way when you're trying to pay for stuff over the net, log in to your bank or watch funny videos etc. I use it, but I haven't installed it for my computer illiterate friends.

Get yourself an external hard-drive and back up all your documents, pictures and the rest of the stuff you'd cry if you lost. Get into the habit of refreshing the backup once a week, maybe onto alternate folders or even alternate drives. Regularly check that the stuff you back-up is readable. It's no use finding out the back-up failed after your PC has blown up.

Make sure you have a Windows installation disk and a product key (these days it's a Microsoft label somewhere on the PC.) Complain to your suppliers, or source a replacement now, not when you need it.

And of course, never click on a pop-up or banner advert. Never follow links in emails.

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
Pastor Frank
Moderator


Joined: 31 Jan 2007
Posts: 11521
Location: EN34ix


PostPosted: Thu Jul 23, 2009 8:18 pm Reply with quoteBack to top

thud419 wrote:
Get the Adblock+ extension to Firefox.


+1 on AdBlock. I use friends computers and am amazed at all of the advertisements and other crap that I see.

You will also need to add a filter subscription.

Tools>Addons>Options (In the Adblock Plus add-on)>Filters>Add filter subscription>EasyList (USA)(Radio button)>subscribe>ok

There are several filters to choose from, try a few out and see what works best for you. I have had great luck with the Easy List (USA)

_________________
"Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R
View user's profileSend private messageSend e-mail
IrwinFletcher
Master Baiter


Joined: 18 Nov 2007
Posts: 192


PostPosted: Thu Jul 23, 2009 8:29 pm Reply with quoteBack to top

Thanks Pastor Frank and Thud. I'll work on things more over the weekend, including the firefox extensions and backing things up. I do have an installation disc. I don't follow links or click on pop-ups,(I take it free porn sites are out of the question from now on?)
My husband just admitted that he tried to watch a movie from watch-movies-links.net when the computer started acting "strange" yesterday. I guess he was afraid to tell me that at the time. Evil or Very Mad I'm sure I'm to blame for some of it though, since there seemed to be so much garbage on this computer according to the scans. Thanks again for all the help.

_________________
-I have been beaten up suffered three broken ribs and i have been
raped by three farm workers.
-i say go and fu** ur mother asssssssssssssss or come and help ok? u think i am foooooooooooool
- let if sink into your nerves that, R3V J0HN 4BUL3 is not a cheat and God Almighty whom I serve will not let me be
View user's profileSend private message
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3193


PostPosted: Thu Jul 23, 2009 8:40 pm Reply with quoteBack to top

A lot of the garbage you saw was just tracking cookies. You don't want them, but they don't do any damage, just let people watch your browsing habits.

For free porn, research "usenet". More than enough there, and much safer than websites Smile

One important thing I missed: make sure the PC is set to download Microsoft updates, and apply them promptly when it does.

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
Pastor Frank
Moderator


Joined: 31 Jan 2007
Posts: 11521
Location: EN34ix


PostPosted: Thu Jul 23, 2009 8:45 pm Reply with quoteBack to top

If you are visiting dodgy sites, I recommend that you use something like this...

http://www.pendrivelinux.com/

Or a Linux live CD. The OS runs entirely in RAM and it will not touch your hard drive at all.

_________________
"Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R
View user's profileSend private messageSend e-mail
remu
Master of Master Baiters


Joined: 08 Apr 2006
Posts: 571


PostPosted: Thu Jul 23, 2009 10:19 pm Reply with quoteBack to top

Sorry to hear I wasn't any help... I would be interested to know if there still was a random-named file loading but all the ones I've dealt with have disabled cmd.exe. Good luck...

_________________
ムーグー!
View user's profileSend private messageSend e-mailSkype Name
Dorothy
Baiting Guru


Joined: 09 Jul 2008
Posts: 3114
Location: somewhere over the rainbow


PostPosted: Fri Jul 24, 2009 2:38 am Reply with quoteBack to top

In addition to NoScript and AdBlock plus, I would recommend loading Web of Trust, which will give you advance notice if a website you are visiting has already been reported for distributing nasties.

_________________
Purple FlowerEaster Egg"I've a feeling we're not in Kansas any more..."
View user's profileSend private message
IrwinFletcher
Master Baiter


Joined: 18 Nov 2007
Posts: 192


PostPosted: Fri Jul 24, 2009 8:46 pm Reply with quoteBack to top

Thanks for the tips. I'll be working on it this weekend.
@remu I appreciate the effort. I don't know how to tell if there is a random named file loading...not sure what you mean by that or how I would find it.

I'm having a few issues since loading adaware and spybot but I'll do my research and fix them soon. When i restart the pc , my firewall is off and I have to manually turn it on each time. Also, YIM is not working. I can't sign on at all with spybot running and sometimes it just shuts down. I'm sure there's a way to work these things out. I'll do my reading and googling and fix them.

I haven't had any more issues with being redirected from google searches to strange websites. Very Happy

_________________
-I have been beaten up suffered three broken ribs and i have been
raped by three farm workers.
-i say go and fu** ur mother asssssssssssssss or come and help ok? u think i am foooooooooooool
- let if sink into your nerves that, R3V J0HN 4BUL3 is not a cheat and God Almighty whom I serve will not let me be
View user's profileSend private message
McBait
Not quite a Newb


Joined: 22 Jul 2009
Posts: 42


PostPosted: Sat Jul 25, 2009 4:41 am Reply with quoteBack to top

USENET RULES Smile But my hard drives are full as it is...

I only use spybot S+D, at least it's it's FREE. It does a good job (not trying to start a fight!) but it helps if you know a few things not to click on.

One very important thing to know, especially when treading into lad land is web root names:

httP;//scam.paypal.com would be a real site, HAS to be owned by paypal

http;//paypal.scam.com is FAKE, CAN NOT be produced by paypal

anything in front of the root name is a subdomain of paypal.com, owned by them only. I've highlighted the root names in red above, this is the part that gets registered. Many, many scams/spams involve exactly this trick to fool people into thinking it's paypal (or whatever) instead they end up in a identical looking site owned by a scammer.

Just my 2 cents...helps sometimes in web searches, to rule out clicking on something.something.something.something.ru/?blah=blahblah

FYI...?blah=blahblah, these are variables passed on to an active SCRIPT (a computer program, not lad script) at the web site. If a site doesn't have a basic "index.html" or whatever it's also something to question...what exactly is that script meant to do? Index.html is falling out of favor, but .ru domain with a line of script variables a mile long? Questionable at best...

Maybe not helpful with your search results problem, but maybe help sort out the sites that do turn up.

_________________
Thanks for your condemnation
View user's profileSend private message
remu
Master of Master Baiters


Joined: 08 Apr 2006
Posts: 571


PostPosted: Sat Jul 25, 2009 5:53 am Reply with quoteBack to top

To find if a random file is loading, follow the steps 1-4 in my thing above... this will not modify any files, just show a list of opening files when you open cmd.exe. If cmd.exe is not affected though you might try opening your web browser from inside the debugger (firefox.exe or iexplore.exe). If you see anything funny it might be your problem.

I don't know why no antivirus/antispyware seems to catch these search result redirects, I've seen so many computers infected with them Sad

_________________
ムーグー!
View user's profileSend private messageSend e-mailSkype Name
McBait
Not quite a Newb


Joined: 22 Jul 2009
Posts: 42


PostPosted: Sat Jul 25, 2009 6:39 am Reply with quoteBack to top

remu wrote:
search result redirects(


It's a maleware program and I total agree, why so hard to get rid of it? What do they know that we don't? Is it just endemic to windows as a whole? Or a roving pandemic created by the nature of the net?

And don't get me started on the pathetic JOKE of "bing." They are just kidding right? Coupla weeks down the road, we'll get a message "Haha, just pulling your leg..." Right?

Some days I truly miss the BBS....

_________________
Thanks for your condemnation
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT