Author Topic: api.mybrowserbar.com  (Read 39137 times)

Offline Sergio C. Ariza Montero

  • Jr. Member
  • **
  • Posts: 56
  • Gender: Male
  • Servers Administrator
    • Personal Message (Offline)
api.mybrowserbar.com
« on: March 06, 2009, 10:08:26 PM »
Forum; somebody know about this: when I try to open some (almost) websites IE opens this (in this case I tried www.symantec.com)
http://api.mybrowserbar.com/cgi/errors.cgi?q=http%3A%2F%2Fwww%2Esymantec%2Ecom%2F&type=dns&ISN=6C6C96ACD4624F8991EE8BAC94ECEE96&ccv=128&cnid=971163&cco=US&ct=11

Somebody knows something about api.mybrowserbar.com ??

Best Regards!
"Pobre de mi México... tan lejos de Dios y tan cerca de Estados Unidos"

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64867
  • Gender: Male
    • Personal Message (Online)
Re: api.mybrowserbar.com
« Reply #1 on: March 06, 2009, 10:25:56 PM »
Can you rephrase? I've tried that webpage and see no api.mybrowserbar.com... well, I'm on Firefox with NoScript...
The best things in life are free.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69200
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: api.mybrowserbar.com
« Reply #2 on: March 06, 2009, 11:19:11 PM »
Well hXXp://api.mybrowserbar.com/ redirects to hXXp://www.mybrowserbar.com/

Quote
Q. What is MyBrowserBar.com?
A. MyBrowserBar gives you Yahoo! search results when searching the Web from your Toolbar. To learn more about your Toolbar including Help topics, click the Options menu to the right of the search box.

To me it could be a search bar and if it doesn't find something perhaps it gives alternatives ?

Not long ago we had Google basically flag all web sites as dangerous (for about 45 minutes) after a system update entered a / into the urls in the database causing an issue. I don't know if there might be a similar issue with Yahoo.

That link you gave first reports a problem and then redirects to another site and WOT alerts on it as dangerous, see image. http://www.mywot.com/en/scorecard/urlseek20.vmn.net.

Certainly something strange going on, unfortunately what is beyond me, but these might throw some light on to it.
http://answers.yahoo.com/question/index?qid=20080722185702AA479lD
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t197651.html
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline nachoju

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: api.mybrowserbar.com
« Reply #3 on: June 18, 2009, 11:48:45 AM »
Hi Sergio,

I think I have similar problem...
last week I update windows vista (home premium) and since then i couldnt browse any web. I am connected to internet but I cannot browse. On the address of IE it appears api.mybrowserbar.com ....
It's very strange because i can ping to any web from the console but it cannot browse in the internet explorer...

any idea?
I try to restore the system and I run ok until I update again Windows...

Hola a todos.
desde que el otro día actualicé Windows Vista no puedo navegar por internet. Estoy conectado pero no abre ninguna web. Cada vez que escribo una direccion, esta se sustituye por api.mybrowserbar.com y no me funciona. Tampoco me actualiza ni el antivirus ni windowsupdate...
Es muy extraño porque desde MS-DOS puedo hacer ping a cualquier dirección web.

Alguna idea?

Muchas gracias.
UN saludo,
NACHO

Offline .: L' arc :.

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1782
  • Gender: Male
  • Thinking with Portals
    • Personal Message (Offline)
Re: api.mybrowserbar.com
« Reply #4 on: June 18, 2009, 12:54:27 PM »
-= A URL hook..?

-= You may try Malwarebytes Antimalware.. Download, Install, Update, Scan & see if it gets fixed.. Else, try attaching a Hijack This Logfile on your next post..
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64867
  • Gender: Male
    • Personal Message (Online)
Re: api.mybrowserbar.com
« Reply #5 on: June 19, 2009, 01:23:52 AM »
I suggest you check your hosts file or use HostsMan to remove your old hosts and add a new, clean and protected one.
http://www.abelhadigital.com/
The best things in life are free.

Offline nachoju

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: api.mybrowserbar.com
« Reply #6 on: June 19, 2009, 06:57:29 AM »
hi again,
here are the results for hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:29, on 18/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [RegistrarUsrDNIeCertStoreDLL] D:\DNIe\udcs.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Voicepad] C:\Program Files\Centile\Voicepad\start
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www4.aeat.es/es13/h/cactivex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Programador de LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

Offline nachoju

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: api.mybrowserbar.com
« Reply #7 on: June 19, 2009, 06:58:04 AM »
--
And here from the malwarebytes: No infections

I am going to try the hostman...
More info about my system: My internet comes by a USB MObile Vodafone connection (HUAWEI). It connects to internet. I can ping any web but either windows nor any other program (webbrowser, antivirus..) can connect to internet.

Thanks everybody!
Rgds,
NACHO

Offline .: L' arc :.

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1782
  • Gender: Male
  • Thinking with Portals
    • Personal Message (Offline)
Re: api.mybrowserbar.com
« Reply #8 on: June 19, 2009, 11:19:40 AM »
-= The log doesn't seem to be complete but so far, I found these:

(1) Firewall
       You are using Windows Vista Firewall though Outbound Protection is not enabled yet.. You may consider enabling it to get better protection..

(2) Some weird entries

-= I believe PDFForge can be a form of spyware since it monitors your programs but you may consider letting it run if you are really prompted to install it & agreed to let it be part of your system..

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe

-= I don't know this one:

O4 - HKLM\..\Run: [RegistrarUsrDNIeCertStoreDLL] D:\DNIe\udcs.exe

External References: File.net
                              PrevX

Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69200
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: api.mybrowserbar.com
« Reply #9 on: June 19, 2009, 01:27:34 PM »
Not only what has been reported, you should really run HJT from 'Normal' mode as that should produce more entries as a) some won't be running in safe mode and b) Normal mode is where you are experiencing problems.

Apart from that you aren't even running avast but Symantec ???
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O23 - Service: Programador de LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

You are also running BitDefender and I don't know if that is running as resident, I suspect so from the number of entries in the HJT log. Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20117
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: api.mybrowserbar.com
« Reply #10 on: January 03, 2010, 03:41:01 PM »
Hi nachoju,

Re: http://www.processlibrary.com/directory/files/udc/
If this is flagged it could be a find by a rogue av program....
" Infeciones varias: ntos.exe, udcs.exe, bqpmexvs.dll"
http://www.configurarequipos.com/foro-ayuda/2592194/17/0/udcsexe.html
http://www.forospyware.com/t96114.html

polonus
« Last Edit: January 03, 2010, 03:42:54 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now