Jump to content

browser redirecting driving me nuts


Recommended Posts

Hello. First off I want to thank you for this great service. You've helped in the past.

I'm having a problem with my browser redirecting when I do a google search and click on one of the results. I updated and did a quick scan with MWB but nothing was found. I tried Antivir and it found a trojan but I still had the redirect problem. So, I tried Combofix but when that's scanning I get the Blue Screen of Death and it says Bad Pool Caller (if I recall correctly). Not sure what to do next. Can you help please?

Link to post
Share on other sites

Hello. First off I want to thank you for this great service. You've helped in the past.

I'm having a problem with my browser redirecting when I do a google search and click on one of the results. I updated and did a quick scan with MWB but nothing was found. I tried Antivir and it found a trojan but I still had the redirect problem. So, I tried Combofix but when that's scanning I get the Blue Screen of Death and it says Bad Pool Caller (if I recall correctly). Not sure what to do next. Can you help please?

....and it's obviously affecting my ability to post to this forum as I now see my topic was posted twice. Sorry about that.

Link to post
Share on other sites

Hi,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Attach them back to your topic.

--

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck all but sections option and then click scan.
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Attach log in your reply.

Link to post
Share on other sites

Hi,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Attach them back to your topic.

--

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck all but sections option and then click scan.
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Attach log in your reply.

The two DDS reports are attached. When I tried to run GMER I got the BSOD that said Paged Fault in non-paged area.

Thanks for the help.

Link to post
Share on other sites

The two DDS reports are attached. When I tried to run GMER I got the BSOD that said Paged Fault in non-paged area.

Thanks for the help.

OK, well it doesn't look like anything is attached unless I'm missing something. I will try it again. As you might have guessed, I'm not the swiftest computer person.

Attachdds.txt

DDS2.txt

Link to post
Share on other sites

OK, well it doesn't look like anything is attached unless I'm missing something. I will try it again. As you might have guessed, I'm not the swiftest computer person.

I re-ran GMER and didn't get the BSOD this time. The log is attached.

gmer.txt

Link to post
Share on other sites

Hi,

Please use t_reply.gif-button while replying to not quote previous post :)

Seems that you've run ComboFix there (that is not recommended unless under supervision of trained helper). Post contents of c:\ComboFix.txt file.

Link to post
Share on other sites

Starting in safe mode worked! The log is attached, unless you need posted. When combofix was done, my McAfee warned of a registry change. I didn't know what to do so I allowed it, assuming that it was something combofix was doing. I wasn't bright enough to write down what it said. Once again, thanks for your help.

combofixlog.txt

Link to post
Share on other sites

Also, I was supposed to disable virus scanning but combofix said I had AntiVir running. AntiVir was something I tried when I first had problems as recommended in the pinned topic. After I was done with it I removed the program using add/remove programs but Combofix says I still have AntiVir running. Do you know where the heck it is and tell me how to get rid of it? I couldn't figure out "where" it was so I ran Combofix despite the warning about it.

Link to post
Share on other sites

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::
{AD166499-45F9-482A-A743-FDD3350758C7}
File::
c:\windows\system32\bootwchx.dll
Folder::
c:\documents and settings\John\Local Settings\Application Data\rspxwwwtt
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
"blasress"=-

Save this as

CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one (both 9.3 and update 9.3.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Download ATF (Atribune Temp File) Cleaner

Link to post
Share on other sites

Hi,

Delete these files if found:

C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\6.0\11\377af0b-261db5b1

C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\6.0\27\15bee2db-1d080d94

C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\6.0\59\4eae6f3b-7f7341e5

C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\6.0\62\939cb3e-3bce09fb

How's the system running now?

Link to post
Share on other sites

I won't have access to my computer at home for several hours but it seems to be working much better, with no browser redirects. I will delete those files when I get home. The question I have is that it wasn't obvious to me that the Kapersky scan actually removed the items I found or if it was just saying they were there. I suppose it's silly that it would find them and not remove them but it had me wondering....

Link to post
Share on other sites

I cannot find the files listed. However, my computer is running better now with no redirects (but I haven't used it as much lately either). Are there more steps that I should be taking? What about the items that Kapersky found?

Thanks again.

Link to post
Share on other sites

I cannot find the files listed. However, my computer is running better now with no redirects (but I haven't used it as much lately either). Are there more steps that I should be taking? What about the items that Kapersky found?

Thanks again.

well.....I take that back. My computer does appear to be operating better with no redirects, but some webpages, like the Yahoo home page are showing up very oddly. I don't know the correct terminology, but it's just like a list of items on the left side of the screen with links. It is certainly not the conventional appearance. Do I need to reinstall something?

Link to post
Share on other sites

OK, I cleared the cache and things are looking much better, including the fact that my secure GMail is now loading. What are the steps to uninstall ComboFix? Since it's on my desktop do I just delete it? It's not listed on my add/remove programs list. Is there anything else I should do?

Again, Thanks a Million!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.