Jump to content

even after search rle822x.cn not found

morissen3k8

By morissen3k8
in File Detections

 Share

Recommended Posts

morissen3k8

morissen3k8

Posted
Posted

I've installed and ran version 1.41 but even after running nothing comes up. In the past something similar for this was

reported by MWBytes 1.39 as being the atapi.sys But this time around in Windows 7 nothing is being reported and is declared

clean by MWBytes. I was able to remove atapi.sys using an indirect boot-up and removing the atapi.sys however after

running a test it seems the problem has went away but now it has reappeared again upon boot-up. Any ideas?

I continue to see http://rle822x.cn/ showing up in the unblocked window but also the click as being reirected

Thank

Link to post
Share on other sites
morissen3k8

morissen3k8

Posted
  • Author
Posted
I've installed and ran version 1.41 but even after running nothing comes up. In the past something similar for this was

reported by MWBytes 1.39 as being the atapi.sys But this time around in Windows 7 nothing is being reported and is declared

clean by MWBytes. I was able to remove atapi.sys using an indirect boot-up and removing the atapi.sys however after

running a test it seems the problem has went away but now it has reappeared again upon boot-up. Any ideas?

I continue to see http://rle822x.cn/ showing up in the blocked window but also the a tab window open to redirected site

in firefox.

Thanks.

note here is a sample of blocked link http://rle822x.cn/rKn4fkdE8A3X9lU5a9e766bb9cdf3b53045eb72b8f6dd8b727x

in firefox with noscript and a new opened tab

i've tried combofix, sophos anti-rootkit with no result, nothing found but the google site redirections are now random

instead of every link that i click on...

Link to post
Share on other sites
  • 2 weeks later...
chorlton

chorlton

Posted
Posted
did you every find a solution, im having the same problem, see the green globe, redirected. Nothing fixes it tried ad-aware, malware bytes, avg, avast, spybot, atf cleaner, cc cleaner, gooredfix ect

I too have the same problem. I have the full retail AVG8.5 suite installed and first spotted a problem when the AVG firewall kicked in. Running a virus scan found, and appeared to clean, a number of instances of "Sheur2.BOCF" which I can't find any reference to on-line yet.

I've since also mounted a live Linux disk and run KlamAV on the windows disks. This only found a few instances of Broken.Executables and Encrypted.Zips which I quarantined and deleted. SpybotSD had a problem reading its config files.

Back in windows and everything looks clean except for the firefox behaviour where random links redirect to addresses such as "http://www.curesforcalifornia.com", which NoScript intercepts before it can redirect to rle822x.cn.

I'm obviously worried that something worse might be lurking under the covers.

I'll go retry Spybot and install MalwareBytes next but I thought I'd post here with the additional info as this site is the only working reference for rle822x.cn returned by Google.

Link to post
Share on other sites
Huttah93

Huttah93

Posted
Posted

I am also having this same rle822x.cn problem. Same as chorlton, this was the only website that google upturned when searching for it.

MalwareBytes detected 2 rootkits and removed them, yet I'm having the same problem.

I completely removed Firefox, including the Mozilla folders under \AppData\ and \Roaming\ (I'm running Windows 7, FYI), and all registry entries.

This problem hasnt surfaced on Internet Explorer, and I can use it no problem. But, like most people, I despise it.

I tried re-installing Firefox, and it was going good for a whole 5 minutes until it started happening again. NoScript is catching the links (I've had it installed for quite some time).

So far, no programs have found anything. ESET Nod32 hasnt caught anything, but Windows Defender caught a couple of trojans and removed them when running a scan with Nod32.

Any solutions? Anyone?

Link to post
Share on other sites
PJay

PJay

Posted
Posted

Hey guys, not sure if this helps too much or there is some kinda authority you can report em to, but i ran this rle822x.cn through whois.coms domain lookup and got the following information (note the company name and owners Gmail address <_< )

Domain Name: rle822x.cn

ROID: 20090702s10001s62312051-cn

Domain Status: ok

Registrant Organization: Lamak ltd.

Registrant Name: LamakTut

Administrative Email: tu6lik2@gmail.com

Sponsoring Registrar: ������������������������������������������

Name Server:ns3.cnmsn.com

Name Server:ns4.cnmsn.com

Registration Date: 2009-07-02 00:30

Expiration Date: 2010-07-02 00:30

Hope this helps

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept