Avast WEBforum

Other => Viruses and worms => Topic started by: stevehawk90 on November 01, 2010, 02:21:37 PM

Title: Click2mix.info malware site creating problems !!!
Post by: stevehawk90 on November 01, 2010, 02:21:37 PM: Hello,

Whenever I make a search on Google and clicks any url in the results page and it redirects to this site click2mix.info (with some affiliate link on it) and avast popsup as malware and stops the page loading.

I can't make any searches now, tried with firefox, chrome, IE and everything happening in this same way.

Any solution for this?

P.S. I am attaching a screenshot of avast popup.
Title: Re: Click2mix.info malware site creating problems !!!
Post by: alenka on November 01, 2010, 02:53:19 PM: Hello,

this site was removed from our URL blocker - it will be fixed in the next VPS

Alena Varkockova
Title: Re: Click2mix.info malware site creating problems !!!
Post by: stevehawk90 on November 01, 2010, 03:07:54 PM: Thank you,

should I update now or it will automatically update.
Title: Re: Click2mix.info malware site creating problems !!!
Post by: Asyn on November 01, 2010, 03:20:01 PM: Quote from: stevehawk90 on November 01, 2010, 03:07:54 PM
should I update now or it will automatically update.

Both is possible...! ;)
asyn
Title: Re: Click2mix.info malware site creating problems !!!
Post by: stevehawk90 on November 02, 2010, 08:33:58 AM: I updated the program and virus definitions, but still its popsup and now a new one.. through-n.com is creating problem, now what should I do? ???
Title: Re: Click2mix.info malware site creating problems !!!
Post by: CharleyO on November 02, 2010, 08:59:21 AM: ***

Welcome to the forums, stevehawk90 :)

Try using the free version of malwarebytes antimalware from the link below.

Download it, install it, update it, and then run the Quick Scan.

http://www.malwarebytes.org/mbam.php

Post the log results in this thread.

***
Title: Re: Click2mix.info malware site creating problems !!!
Post by: stevehawk90 on November 02, 2010, 01:20:17 PM: Hi,

While installing malwarebytes it asks to choose the language and I choose English, but still the program runs on some other language, somehow I manage to run the scan and found 3 infections. I posted the log details below.

I think, this time I got success, now no redirects on the google search page and looks everything fine now.

Probably because of a program called Gygan (http://www.gygan.com/) that I installed couple of months back and that is the one creates the problem. (ref. malwarebytes log)

Thanks for the kind support, great forum.

Do you what language is it?

Below is the log details after the scan.

Code: [Select]
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versión de la Base de Datos: 5020 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 11/2/2010 5:45:13 PM mbam-log-2010-11-02 (17-45-13).txt Tipos de Análisis: Análisis Completo (C:\|D:\|E:\|) Objetos examinados: 216618 Tiempo transcurrido: 2 hora(s), 51 minuto(s), 30 segundo(s) Procesos en Memoria Infectados: 0 Módulos de Memoria Infectados: 0 Claves del Registro Infectadas: 0 Valores del Registro Infectados: 0 Elementos de Datos del Registro Infectados: 0 Carpetas Infectadas: 0 Archivos Infectados: 3 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos de Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: (No se han detectado elementos maliciosos) Valores del Registro Infectados: (No se han detectado elementos maliciosos) Elementos de Datos del Registro Infectados: (No se han detectado elementos maliciosos) Carpetas Infectadas: (No se han detectado elementos maliciosos) Archivos Infectados: C:\Documents and Settings\HP\Local Settings\Application Data\Xenocode\Sandbox\Gygan\0.6.1.7\2010.07.20T01.46\Native\STUBEXE\8.0.1112\@PROGRAMFILES@\Gygan BETA\unrar.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully. C:\Documents and Settings\HP\Local Settings\Application Data\Xenocode\Sandbox\Gygan\0.6.1.7\2010.07.20T01.46\Native\STUBEXE\8.0.1112\@WINDIR@\explorer.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully. C:\Documents and Settings\HP\Local Settings\Application Data\Xenocode\Sandbox\Gygan\0.6.1.7\2010.07.20T01.46\Virtual\STUBEXE\8.0.1112\@PROGRAMFILES@\Gygan BETA\Gygan.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.

Quote from: CharleyO on November 02, 2010, 08:59:21 AM
***

Welcome to the forums, stevehawk90 :)

Try using the free version of malwarebytes antimalware from the link below.

Download it, install it, update it, and then run the Quick Scan.

http://www.malwarebytes.org/mbam.php

Post the log results in this thread
.

***
Title: Re: Click2mix.info malware site creating problems !!!
Post by: stevehawk90 on November 02, 2010, 01:38:58 PM: OMG!!

Just after restarting the system, this time a new URL problem from http://fisifyc.co.cc

???
Title: Re: Click2mix.info malware site creating problems !!!
Post by: YoKenny on November 02, 2010, 02:16:37 PM: I see
Quote
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

Please see:
Support for Windows XP Service Pack 2 ends on July 13, 2010
http://support.microsoft.com/gp/lifean31

You need to update to XP SP3 as it has many Crirtical Updates and performance enhancments and Internet Explorer 8.0 is much more secure.