Author Topic: MY safe zone browser hijacked! goes to fake google  (Read 75513 times)

0 Members and 1 Guest are viewing this topic.

Offline DraKuL

  • Sr. Member
  • ****
  • Posts: 392
Re: MY safe zone browser hijacked! goes to fake google
« Reply #60 on: April 13, 2011, 03:29:45 PM »
Ok good. Also I would like to report a couple of more things, when this happened for the second time, as I mentioned earlier the browser didnt open automatically, but there was a browser icon on the taskbar, I have uploaded a picture  http://www.sendspace.com/file/sj1e5g << this is the link, check the bottom left, notice the taskbar.

Also I tried to switch back from SZ and got a BSOD!!! (don't know if they are related though)

The other thing, I cant access internet on my Chrome browser AND on IE! Using FF4 after the bsod.. both chrome and IE9 gives an error  about proxy..

IE9 error: I diagnosed the problems and it says,
 Problems found: The configured proxy server is not responding

Chrome also give out a similar error message but its also the same problem.. about the proxy.. but the thing is I DID NOT configure a proxy!! Could this be related to the SZ problem?  ???
ASUS ROG Mobo - AMD Ryzen 7 3700X| RAM 32.00GB | 4TB HDD +1TB SSD | ATI Radeon RX 5700 XT 8GB
Windows 10 Pro 64bit |Avast One Individual | MBAM PRO - RealTime | SUPERAntiSpyware PRO |CC Cleaner | Chrome | Firefox |(The Latest Release of all the Software)

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: MY safe zone browser hijacked! goes to fake google
« Reply #61 on: April 13, 2011, 03:29:54 PM »
Yesterday was Microsoft Patch Tuesday.  Those experiencing problems may have updated and restarted their machines.  One patch was for a DNS vulnerability.  Just a guess, as I'm using Avast Free which has no SafeZone browser.

Microsoft Security Bulletin MS11-030 - Critical
Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
http://www.microsoft.com/technet/security/Bulletin/MS11-030.mspx

The patch is for all versions of Windows.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Offline DraKuL

  • Sr. Member
  • ****
  • Posts: 392
Re: MY safe zone browser hijacked! goes to fake google
« Reply #62 on: April 13, 2011, 03:33:56 PM »
I resolved the IE / Chrome issue, there were proxy settings added but the fields were blank..  :-\
ASUS ROG Mobo - AMD Ryzen 7 3700X| RAM 32.00GB | 4TB HDD +1TB SSD | ATI Radeon RX 5700 XT 8GB
Windows 10 Pro 64bit |Avast One Individual | MBAM PRO - RealTime | SUPERAntiSpyware PRO |CC Cleaner | Chrome | Firefox |(The Latest Release of all the Software)

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: MY safe zone browser hijacked! goes to fake google
« Reply #63 on: April 13, 2011, 03:34:04 PM »
Yesterday was Microsoft Patch Tuesday.  Those experiencing problems may have updated and restarted their machines.  One patch was for a DNS vulnerability.  Just a guess, as I'm using Avast Free which has no SafeZone browser.

Microsoft Security Bulletin MS11-030 - Critical
Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
http://www.microsoft.com/technet/security/Bulletin/MS11-030.mspx

The patch is for all versions of Windows.

Damn! You are right... yesterday was MS patchday.
That might well be the reason.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline DraKuL

  • Sr. Member
  • ****
  • Posts: 392
Re: MY safe zone browser hijacked! goes to fake google
« Reply #64 on: April 13, 2011, 03:35:55 PM »
Yesterday was Microsoft Patch Tuesday.  Those experiencing problems may have updated and restarted their machines.  One patch was for a DNS vulnerability.  Just a guess, as I'm using Avast Free which has no SafeZone browser.

Microsoft Security Bulletin MS11-030 - Critical
Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
http://www.microsoft.com/technet/security/Bulletin/MS11-030.mspx

The patch is for all versions of Windows.

Damn! You are right... yesterday was MS patchday.
That might well be the reason.

But how could this lead to SZ redirecting to fake sites?  :-\
ASUS ROG Mobo - AMD Ryzen 7 3700X| RAM 32.00GB | 4TB HDD +1TB SSD | ATI Radeon RX 5700 XT 8GB
Windows 10 Pro 64bit |Avast One Individual | MBAM PRO - RealTime | SUPERAntiSpyware PRO |CC Cleaner | Chrome | Firefox |(The Latest Release of all the Software)

dagrev

  • Guest
Re: MY safe zone browser hijacked! goes to fake google
« Reply #65 on: April 13, 2011, 03:37:39 PM »


But how could this lead to SZ redirecting to fake sites?  :-\
[/quote]

And not affect non SZ connections?

disPlay

  • Guest
Re: MY safe zone browser hijacked! goes to fake google
« Reply #66 on: April 13, 2011, 03:38:54 PM »
Yesterday was Microsoft Patch Tuesday.  Those experiencing problems may have updated and restarted their machines.  One patch was for a DNS vulnerability.  Just a guess, as I'm using Avast Free which has no SafeZone browser.

Microsoft Security Bulletin MS11-030 - Critical
Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
http://www.microsoft.com/technet/security/Bulletin/MS11-030.mspx

The patch is for all versions of Windows.

Damn! You are right... yesterday was MS patchday.
That might well be the reason.

But how could this lead to SZ redirecting to fake sites?  :-\


Good Question.
We will have to wait for the avast team to explore the issue.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: MY safe zone browser hijacked! goes to fake google
« Reply #67 on: April 13, 2011, 03:39:03 PM »
But how could this lead to SZ redirecting to fake sites?  :-\

Sorry, we have no idea either, as we didn't get any (useable) feedback now. :(
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Hermite15

  • Guest
Re: MY safe zone browser hijacked! goes to fake google
« Reply #68 on: April 13, 2011, 03:39:15 PM »


But how could this lead to SZ redirecting to fake sites?  :-\


And not affect non SZ connections?

exactly... this said, Chrome/Chromium uses all IE/Windows network settings (as opposed to Firefox), but again, just the SZ browser being affected, I seriously doubt MS updates has anything to do with that.
« Last Edit: April 13, 2011, 03:42:15 PM by Logos »

Offline DraKuL

  • Sr. Member
  • ****
  • Posts: 392
Re: MY safe zone browser hijacked! goes to fake google
« Reply #69 on: April 13, 2011, 03:44:07 PM »
hmm so the bsod and the change in proxy settings were not related to this? could the bsod have caused the proxy settings change? I got the bsod right when I switched off SZ.. but do you guys reckon that it might be a random bsod?

Edit: the browsers(outside the SZ) were working fine till I got the bsod.. So I'm guessing it triggered the change in proxy settings.
« Last Edit: April 13, 2011, 03:46:46 PM by DraKuL »
ASUS ROG Mobo - AMD Ryzen 7 3700X| RAM 32.00GB | 4TB HDD +1TB SSD | ATI Radeon RX 5700 XT 8GB
Windows 10 Pro 64bit |Avast One Individual | MBAM PRO - RealTime | SUPERAntiSpyware PRO |CC Cleaner | Chrome | Firefox |(The Latest Release of all the Software)

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re: MY safe zone browser hijacked! goes to fake google
« Reply #70 on: April 13, 2011, 03:46:34 PM »
DraKuL, please follow these steps:

1. Disable avast self protection
2. If SafeZone was actived (i.e. you used it after reboot), switch to SafeZone and use Turn Off button (=> it'll terminate all running processes in SafeZone)
3. Download http://public.avast.com/~kurtin/x7.zip (14Mb)
4. Backup (= delete from original location) \Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe (+ SafeZoneBrowser.dll, dnshttp.dll)
5. Unpack x7.zip into \sfzone folder
6. Switch to SafeZone, was it fixed or not?

Thanks.

Hermite15

  • Guest
Re: MY safe zone browser hijacked! goes to fake google
« Reply #71 on: April 13, 2011, 03:46:49 PM »
hmm so the bsod and the change in proxy settings were not related to this? could the bsod have caused the proxy settings change? I got the bsod right when I switched off SZ.. but do you guys reckon that it might be a random bsod?

blue screens are related to drivers... no idea why you had one... not sure if Avast loads drivers for virtualization.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re: MY safe zone browser hijacked! goes to fake google
« Reply #72 on: April 13, 2011, 03:48:53 PM »
DraKuL, you can send me the latest minidump (\Windows\Minidump folder) to my email, I'll see if it was already fixed or not.

Quote
blue screens are related to drivers... no idea why you had one... not sure if Avast loads drivers for virtualization.
aswSnx.sys

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: MY safe zone browser hijacked! goes to fake google
« Reply #73 on: April 13, 2011, 03:52:29 PM »
DraKuL, please follow these steps:

1. Disable avast self protection
2. If SafeZone was actived (i.e. you used it after reboot), switch to SafeZone and use Turn Off button (=> it'll terminate all running processes in SafeZone)
3. Download http://public.avast.com/~kurtin/x7.zip (14Mb)
4. Backup (= delete from original location) \Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe (+ SafeZoneBrowser.dll, dnshttp.dll)
5. Unpack x7.zip into \sfzone folder
6. Switch to SafeZone, was it fixed or not?

pk, I hope you have a shorter/easier fix at hand...!!
Not every user is able to do this. ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DraKuL

  • Sr. Member
  • ****
  • Posts: 392
Re: MY safe zone browser hijacked! goes to fake google
« Reply #74 on: April 13, 2011, 03:55:01 PM »
DraKuL, please follow these steps:

5. Unpack x7.zip into \sfzone folder


Windows wont let me delete/overwrite SZ folder.. Folder/File access denied.. Tried running windows explorer as admin still wont let me overwrite the files..
« Last Edit: April 13, 2011, 03:56:44 PM by DraKuL »
ASUS ROG Mobo - AMD Ryzen 7 3700X| RAM 32.00GB | 4TB HDD +1TB SSD | ATI Radeon RX 5700 XT 8GB
Windows 10 Pro 64bit |Avast One Individual | MBAM PRO - RealTime | SUPERAntiSpyware PRO |CC Cleaner | Chrome | Firefox |(The Latest Release of all the Software)