vlc update infected ?????

[pmal67]

hello to all ,
after update of vlc media player my home page was hijacked by seeearch , mbam scan is attached


Internet Explorer 8.0.6001.18702

09/09/2011 19:03:53
mbam-log-2011-09-09 (19-03-53).txt

Scan type: Full scan (C:\|)
Objects scanned: 220368
Time elapsed: 39 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hope this helps someone out there

keep up the good work

[Asyn]

hello to all ,
after update of vlc media player my home page was hijacked by seeearch...

Where did you download VLC..??

[Coolmario88]

I would like to say this as a tip to any user reading this..  I came across a Fake VLC player download website a earlier this year...  I wonder if the OP downloaded Vlc media player from the link i listed below... or from another site.

The Real website to download VLC Media player is http://www.videolan.org/vlc/

[Asyn]

I wonder if the OP downloaded Vlc media player from the link i listed below... or from another site.

That's what I'm trying to find out.

[pmal67]

Thanks for interest ,
it seems that I'm not the only one that has suffered this problem .I'm living in France and run my laptop using French . I googled 'remove seeearch ' and on many French forums the general opinion was that the problem was vlc and the last update notification .Many users said that they had while surfing the net had recieved a message advising them that they could update vlc .

Hope this makes some sense to al you intelligent people

Paul

ps ran a new scan with mbytes and everything so I think that this discussion is closed 

[Asyn]

You didn't answer my/our question..!!

[polonus]

Hi pmal67,

Has it something to do with this download mentioned here?
have you seen this message  and the address there:
http://mailman.videolan.org/pipermail/vlc/2011-August/020271.html
link author is Rhett Trappman, he is
Malware Reseacher from (Microsoft Malware Protection Center Portal)

On VT url scan the following link is flagged by Phistank and TrendMicro flag this as it redirects to
-http://www.downloaddirect.com/download/VLCSetup.exe redirects to
-http://www.thislinkhasbeendisabled.com
better to say:   
 
-http://www.downloaddirect.com/download/VLCSetup.exe redirects to
-http://www.thislinkhasbeendisabled.com
Looks like a parked domain site (suspicious?)

Check: -http://www.thislinkhasbeendisabled.com?epl=jkj6lnRts88GHbEC_W8rbVCKL8sFCYVTJHfxTxyQpkIuRkezOEFEmQ0kfEPsUqnhjYIDi4KyVQ3QWAo3oZnXdOWYXUXyDsqrnhru77q23IiPIPHPgImPuFL_DCNDT55tynf7XGOxGJC1QkVjQUq5LTzWCczqGlmibR7f7zRAKryBBsJwDDQAaGgA0aZMTxGi3oCMRmqP9KgePZGe5KmGlAAgwN7vvwAJBAjw_wEAAECA3wsAAKX4slxZUyZZQTE2aFpCrwAAAPA

see: http://wepawet.iseclab.org/view.php?hash=cca04f1d06dbf1edfc33c94487210111&t=1315669489&type=js   

As we cannot get to the original download link for the Fake Version we cannot establish an analysis, not even for those performed in the past, or can you give the MD5 hash of the
executable in question. Normally it is 2A79FA3BB35B64661A5BBC05B6002CBD and
C663E66B07DC8BB4CD86B30D031026AF  Unsafe versions are described here:
http://www.prevx.com/filenames/2097554129206086-X1/VLCSETUP.EXE.html

polonus

[Left123]

Maybe you didn't notice something like "set my home page bla bla bla" and you let it ticked?