Author Topic: Yet another URL redirect bug  (Read 10172 times)

0 Members and 1 Guest are viewing this topic.

Chibi1015

  • Guest
Yet another URL redirect bug
« on: July 07, 2011, 03:30:21 AM »
Same issues as everyone else. Bing searched being redirected, avast catching the 64.111.211.158 IP address. No virus scans finding anything. Chrome, Firefox and system restore disabled.... wheeee!! Running OST and will paste find in next post.

Chibi1015

  • Guest
Re: Yet another URL redirect bug
« Reply #1 on: July 07, 2011, 03:55:47 AM »

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1048
  • Proud Community Member&Helper.
Re: Yet another URL redirect bug
« Reply #2 on: July 07, 2011, 07:49:55 AM »
Possibly infected by Olmarik.
Please download aswMBR from here > http://public.avast.com/~gmerek/aswMBR.htm
1)Double click the aswMBR.exe to run it
2)Click the [Scan] button to start scan
3)On completion of the scan click [Save log], save it to your desktop and post in your next reply

I have to go now,i'll be back in 5 hours.Stupid foreign languages ;D
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Yet another URL redirect bug
« Reply #3 on: July 07, 2011, 07:17:28 PM »
Hi there are you missing some files and folders ?

Download Unhide.exe to your desktop and run

THEN

Download RogueKiller to your desktop
 
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 

Please post the contents of the RKreport.txt in your next Reply.

FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.
 
Double click the aswMBR.exe to run it
 
Click the "Scan" button to start scan
 
 
On completion of the scan click save log, save it to your desktop and post in your next reply


Chibi1015

  • Guest
Re: Yet another URL redirect bug
« Reply #4 on: July 08, 2011, 04:23:54 AM »
Here are both logs.

Chibi1015

  • Guest
Re: Yet another URL redirect bug
« Reply #5 on: July 08, 2011, 04:24:51 AM »
And the other log

com155

  • Guest
Re: Yet another URL redirect bug
« Reply #6 on: July 08, 2011, 10:56:51 AM »
1.try downloading dr.web from here.
www.freedrweb.com/?lng=en

2.do a full scan and i am sure it will find it and u should choose to cure it.

3.once done post logs on next comment and tell me whether this worked or not.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Yet another URL redirect bug
« Reply #7 on: July 08, 2011, 03:53:03 PM »
Hi Chibi1015,

Go and read the proposed cleansing here: http://www.bleepingcomputer.com/forums/topic407933.html
and then I will ask essexboy to give you instructions how to proceed with this
so-called Vista repair virus or 64dot111dot211dot158 redirect virus,

polonus
« Last Edit: July 08, 2011, 03:56:21 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Yet another URL redirect bug
« Reply #8 on: July 08, 2011, 07:16:51 PM »
Hi now you have your files and folders back -lets check out those suspicious files.  Just one will do I feel

 
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into  the  "Suspicious files to scan" box on the top of the page:
     
    • C:\Windows\System32\drivers\wimmount.sys
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

THEN

Could you run a fresh OTS log for me please and let me know what problems you currently have

Chibi1015

  • Guest
Re: Yet another URL redirect bug
« Reply #9 on: July 11, 2011, 05:44:56 AM »
Apparently these scans found nothing
VirSCAN.org Scanned Report :
Scanned time   : 2011/07/10 23:30:47 (EDT)
Scanner results: Scanners did not find malware!
File Name      : wimmount.sys
File Size      : 19008 byte
File Type      : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5            : 5cf95b35e59e2a38023836fff31be64c
SHA1           : a332e9956744c2e03a7afe150eecd90fc92f03d5
Online report  : http://file.virscan.org/report/cba441367c62323289467ace313e4dd6.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      5.1.0.3         20110711022251    2011-07-11  40.13  -
AhnLab V3      2011.07.11.00   2011.07.11        2011-07-11  40.16  -
AntiVir        8.2.6.6         7.11.11.47        2011-07-11  0.27   -
Antiy          2.0.18          20110205.7694535  2011-02-05  0.12   -
Arcavir        2011            201105080215      2011-05-08  0.03   -
Authentium     5.1.1           201107101511      2011-07-10  1.50   -
AVAST!         4.7.4           110710-1          2011-07-10  0.01   -
AVG            8.5.850         271.1.1/3757      2011-07-11  0.27   -
BitDefender    7.90123.8484597 7.38243           2011-07-11  4.34   -
ClamAV         0.96.5          13304             2011-07-10  0.01   -
Comodo         4.0             9344              2011-07-10  40.10  -
CP Secure      1.3.0.5         2011.07.09        2011-07-09  0.04   -
Dr.Web         5.0.2.3300      2011.07.11        2011-07-11  13.75  -
F-Prot         4.4.4.56        20110710          2011-07-10  1.48   -
F-Secure       7.02.73807      2011.07.11.01     2011-07-11  0.18   -
Fortinet       4.2.257         13.421            2011-07-10  40.09  -
GData          22.876/22.216   20110711          2011-07-11  40.09  -
ViRobot        20110709        2011.07.09        2011-07-09  40.09  -
Ikarus         T3.1.32.20.0    2011.07.11.78799  2011-07-11  4.84   -
JiangMin       13.0.900        2011.07.10        2011-07-10  40.09  -
Kaspersky      5.5.10          2011.07.11        2011-07-11  0.14   -
KingSoft       2009.2.5.15     2011.7.10.9       2011-07-10  40.19  -
McAfee         5400.1158       6403              2011-07-10  9.37   -
Microsoft      1.7000          2011.07.11        2011-07-11  40.09  -
NOD32          3.0.21          6265              2011-07-04  0.00   -
Norman         6.07.10         6.07.00           2011-07-10  10.01  -
Panda          9.05.01         2011.07.10        2011-07-10  40.09  -
Trend Micro    9.200-1012      8.280.01          2011-07-10  0.05   -
Quick Heal     11.00           2011.07.09        2011-07-09  40.21  -
Rising         20.0            23.65.04.03       2011-07-08  40.15  -
Sophos         3.20.2          4.66              2011-07-11  3.96   -
Sunbelt        3.9.2497.2      9829              2011-07-10  40.20  -
Symantec       1.3.0.24        20110710.003      2011-07-10  0.65   -
nProtect       20110601.01     3460661           2011-06-01  40.10  -
The Hacker     6.7.0.1         v00252            2011-07-10  40.09  -
VBA32          3.12.16.4       20110708.1439     2011-07-08  4.61   -
VirusBuster    5.3.0.4         14.0.117.0/56023182011-07-10  0.00   -

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Yet another URL redirect bug
« Reply #10 on: July 11, 2011, 08:59:22 PM »
That is a false positive as I have one as well now  ;D

Are you still getting redirects ?

If so I would like to try something

Please read carefully and follow these steps. 
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
     
     

     
     
  • If an infected file is detected, the default action will be Cure, click on Continue.
     
     

     
     
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
     
     

     
     
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
     
     

     
     
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Chibi1015

  • Guest
Re: Yet another URL redirect bug
« Reply #11 on: July 12, 2011, 03:22:20 AM »
It found nothing... nothing in thereport either. I'm still getting redirects, along with blocked malicious websites trying to popup, Malwarebytes, Firefox and system restore are all being blocked still.

psw

  • Guest
Re: Yet another URL redirect bug
« Reply #12 on: July 12, 2011, 05:40:05 AM »
You can try advise from
http://forum.avast.com/index.php?topic=81439.msg665856#msg665856
rerun aswMBR, use FixMBR button and reboot.
After reboot rerun aswMBR, select AV engine: (none), make Scan  - it will be fast, save the log and post it.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Yet another URL redirect bug
« Reply #13 on: July 12, 2011, 07:43:39 PM »
Before you run Dr Web

Re-Run aswMBR 
 
Click Scan
 
On completion of the scan
 
Click the FIXMBR Button   


 
Reboot and run a fresh aswMBR scan
Save the log as before and post in your next reply

AntiAlchemist5

  • Guest
Re: Yet another URL redirect bug
« Reply #14 on: July 14, 2011, 03:01:16 AM »
Hey, I'm a friend of Chibi's and tried to get rid of this myself. I wasn't sure what exactly was happening to her computer, so I installed AVG, uninstalling Avast to do so. After trying that, I was pointed to this forum and this thread.

I ran the scan and clicked FixMBR, then rebooted it. But I can't get the 2nd scan done, because it keeps crashing and Blue Screening on me. Should I put Avast back on, or continue trying to get this log to share?