Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Reply to this topicStart new topic
> Which Virus Redirect My Browsers
Sylvester
post Jun 3 2012, 10:10 AM
Post #1


Newbie


Group: Members
Posts: 9
Joined: 3-June 12
Member No.: 105,716



Hello,

So far so good! I downloaded and install BitDefender AntiVirus Plus 2012. All the others failed. These were:

MalwareBytes
Spybot Search & Distroy
Adaware Anti-virus
SuperAntiSpyware

I had some sort of redirecting virus and also a pop-up that I could not get rid of. It would pop up saying Congratulations! You have won... It was on all browser; IE, Firfox and Chrome. Trying to close the popup made it worse and it would open up other advertising sites, even ****. I could not search. Every link I clicked on in Google redirected me to other sites.

Bitdefender found these after a full scan:

Gen:Trojan.Heur.LP.bi5@ay0VAzm

Rootkit.Patched.Simda.A

Could you let me know which one was causing the redirection please?

Go to the top of the page
 
+Quote Post
Catalin Salgau
post Jun 3 2012, 12:54 PM
Post #2


Virus Researcher
***

Group: Bitdefender Labs
Posts: 647
Joined: 3-July 08
From: Iasi, Romania
Member No.: 14,578



At a quick glance, I believe the two were related. Of the reported detections, the first might have lead to the mentioned inconveniences. The exact samples on your computer would have helped more than the detection names.
Go to the top of the page
 
+Quote Post
Christian
post Jun 3 2012, 01:59 PM
Post #3


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello (IMG:style_emoticons/default/smile.gif)

Welcome to the forums!

In order to be able to assist you please run a Full System Scan task with Bitdefender and send us the resulting scan report.

[how to GENERATE A FULL SYSTEM SCAN LOG from Bitdefender 2012]
- Before running the scan please make sure that you have the latest virus definitions downloaded via the Update module.
For this you need to open Bitdefender and from the main interface click on Update now;

- After the update process has completed successfully you can proceed to
running the scan task.
In the same window go to Antivirus and press the Scan now button =>Full system scan.
- After the scan has finished you need to submit the scan log file.

This is accomplished by running the Support tool file that can be downloaded from this location:

http://www.bitdefender.com/files/Knowledge...or_scanlogs.exe

Save the file prior to running it and to continue you need to accept the terms of use.
At the end of this process an archive will be created on your Desktop starting with bdamst.

Attach the file in your next reply.

Take care.
Go to the top of the page
 
+Quote Post
Sylvester
post Jun 4 2012, 03:34 AM
Post #4


Newbie


Group: Members
Posts: 9
Joined: 3-June 12
Member No.: 105,716



QUOTE (Christian @ Jun 3 2012, 10:59 PM) *
Hello (IMG:style_emoticons/default/smile.gif)

Welcome to the forums!

In order to be able to assist you please run a Full System Scan task with Bitdefender and send us the resulting scan report...

This is accomplished by running the Support tool file that can be downloaded from...

At the end of this process an archive will be created on your Desktop starting with bdamst.

Attach the file in your next reply.

Take care.


Hello and thanks,

I have done what you asked, but this happens: "Upload failed. You are not permitted to upload this type of file". BTW, it is a zip file. I tried to open it to have a look, but it is password protected. I'll try and send it to you via PM.

Regards.
Go to the top of the page
 
+Quote Post
Sylvester
post Jun 4 2012, 03:56 AM
Post #5


Newbie


Group: Members
Posts: 9
Joined: 3-June 12
Member No.: 105,716



Being new to this forum, I must be doing something wrong. It still failed via PM.

"Upload failed. You are not permitted to upload this type of file"

The file is called bdamst.zip
Go to the top of the page
 
+Quote Post
Christian
post Jun 4 2012, 05:35 AM
Post #6


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello (IMG:style_emoticons/default/smile.gif)

In this case, upload the file on

http://www.sendspace.com

or

http://www.mediafire.com

and send me a PM with the download link.

Have a nice day.
Go to the top of the page
 
+Quote Post
Sylvester
post Jun 4 2012, 11:02 AM
Post #7


Newbie


Group: Members
Posts: 9
Joined: 3-June 12
Member No.: 105,716




Thanks for the link,

I have just uploaded to sendspace and sent you all the details via PM.

Regards.
Go to the top of the page
 
+Quote Post
Christian
post Jun 4 2012, 11:48 AM
Post #8


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello (IMG:style_emoticons/default/smile.gif)

In the last scan log I can see that those 2 infected items were resolved.

Could you please post here a screenshot with that pop-up?

Thank you!
Go to the top of the page
 
+Quote Post
Sylvester
post Jun 5 2012, 04:36 AM
Post #9


Newbie


Group: Members
Posts: 9
Joined: 3-June 12
Member No.: 105,716



QUOTE (Christian @ Jun 4 2012, 08:48 PM) *
Hello (IMG:style_emoticons/default/smile.gif)

In the last scan log I can see that those 2 infected items were resolved.

Could you please post here a screenshot with that pop-up?

Thank you!


Hi Christian,

I have uploaded the images. In the properties of them, the link points to here:

http://cdn.adnxs.com/p/13/bb/7c/6a/13bb7c6...f99f499eaa1.gif

http://cdn.adnxs.com/p/ff/dc/ea/66/ffdcea6...ecbc1d2c145.gif

BTW, these gifs are animated and move like they are vibrating. Very annoying. If I click these to close them down, they will open up another site full of advertisements. Trying to close that site is useless and you are in an endless loop.

Some weeks ago, the Ask.com toolbar was installed without my consent. I also installed a "download video toolbar" from somewhere. I have since seen that they could harbour malware, so I uninstalled both of them.

Thanks for you help.
Attached File(s)
Attached File  Capture1.png ( 6.46K ) Number of downloads: 6
Attached File  Capture_2.png ( 28.41K ) Number of downloads: 5
 
Go to the top of the page
 
+Quote Post
Christian
post Jun 5 2012, 09:08 AM
Post #10


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello (IMG:style_emoticons/default/smile.gif)

Do you browse the web with Mozilla Firefox or Google Chrome?

Thank you!
Go to the top of the page
 
+Quote Post
Sylvester
post Jun 5 2012, 12:53 PM
Post #11


Newbie


Group: Members
Posts: 9
Joined: 3-June 12
Member No.: 105,716



QUOTE (Christian @ Jun 5 2012, 06:08 PM) *
Hello (IMG:style_emoticons/default/smile.gif)

Do you browse the web with Mozilla Firefox or Google Chrome?

Thank you!


Hi,

I browse with Firefox 12, Chrome (19.0.1084.52 m) and Internet Explorer 8. I probably use Firefox the most out of all of them. However, they are all being hijacked and that popup comes up in all. It is not all the time. It is sort of random but frequent enough to be annoying for both the redirection and those popups. I do have popup block set on all.

Could this be something in the master boot record? Could it be something to do with a Browser Helper Object in the registry. I have just read about similar problems to mine with this.

I will do another full scan tonight and let you know the outcome.

Regards.
Go to the top of the page
 
+Quote Post
Christian
post Jun 5 2012, 10:38 PM
Post #12


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello,

That is an ad you can remove it with a pop-up blocker or ad remover in your remover.

https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

https://chrome.google.com/webstore/detail/c...aibdccddilifddb

Install these in your browser and should be OK from now.

Take care.
Go to the top of the page
 
+Quote Post
Sylvester
post Jun 7 2012, 04:09 AM
Post #13


Newbie


Group: Members
Posts: 9
Joined: 3-June 12
Member No.: 105,716



Of cause it is an ad! But these only started to appear about a week ago and they are different to your normal advertisement. They also redirect your browser if you click them off. Also, while clicking on links in Google, I get redirected to a site that I did not want to go to and it is full of ads. This happens about every third link I click while doing searches. You have not given any help on why my browsers keep getting hijacked / redirected, and I think these popups are related.

I did notice the "en:Trojan.Heur.LP.bi5@ay0VAzm" was detected in the file called "c_7265175.nls". It was quarantined but not removed from c:\windows\system32. It seemed to be locked. I had to go into the System Recovery Consol to delete it. I'll now test all browsers to see if it (hijacking) has finally gone.
Go to the top of the page
 
+Quote Post
Christian
post Jun 12 2012, 06:30 AM
Post #14


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello Sylvester (IMG:style_emoticons/default/smile.gif)

Welcome back!

Let me know if everything is OK now.

Take care.
Go to the top of the page
 
+Quote Post
Sylvester
post Jun 15 2012, 04:04 AM
Post #15


Newbie


Group: Members
Posts: 9
Joined: 3-June 12
Member No.: 105,716



It wasn't. With the c_7265175.nls removed, I was still getting redirected from time-to-time. I had to uninstall BitDefender to run a program called ComboFix. That found a virus in the registry "Run" section. Something to do with a MainConcept "dll". I'm a bit disappointed that BitDefender did not quarantine c_7265175.nls properly.

I am not getting any more redirect at the moment, but I am still testing.
Go to the top of the page
 
+Quote Post
Christian
post Jun 18 2012, 09:02 AM
Post #16


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello (IMG:style_emoticons/default/smile.gif)

Welcome back!

In order to be able to further investigate the reported situation we need a bit more information from your computer as follows:

. A BDSYS log;

[how to GENERATE A BDSYS LOG]
. Save and extract the BDSYS tool to a location of your choice:

http://www.bitdefender.com/files/Knowledge.../BDSysLog_i.exe

. Make sure you close all active applications and then run "BDSysLog_i.exe"; If you receive a firewall
alert,select to Allow the application to connect;
. Click the "Create log" button to start generating the
log; A progress bar is indicating that the tool is creating the report;
. When the small window appears with the message "Log
saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;
. Attach that file in your next reply.

IMPORTANT:

.During this process the Real Time Protection in Bitdefender must be temporarily disabled;
.If you receive a Bitdefender Firewall alert to inform you that BDSysLog_i.exe tries to connect to the internet,then you need to select Allow;

[how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2012]
In order to disable the antivirus protection,please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield"tab and click on "Turn off" under On-access scanning.Select the time interval that suites your troubleshooting needs and click "OK" . The On-access scanning should be enabled back after finishing the troubleshooting procedure.

We will get back to you as soon as the analysis is complete.

Have a nice day.
Go to the top of the page
 
+Quote Post
Sylvester
post Jun 23 2012, 10:35 AM
Post #17


Newbie


Group: Members
Posts: 9
Joined: 3-June 12
Member No.: 105,716



It doesn't matter anymore because I didn't re-installed BitDefender. Thanks anyway.
Go to the top of the page
 
+Quote Post
Christian
post Jun 23 2012, 02:37 PM
Post #18


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello (IMG:style_emoticons/default/smile.gif)

We apologize for any negative experience you have encountered with our products or our support. Your feedback is appreciated, and will be directed to the appropriate team for review, to enable us to improve our support and services.

Thank you for taking the time and please do not hesitate to contact us if you need further details from us.

Have a great weekend!
Go to the top of the page
 
+Quote Post
Tytanis
post Jul 4 2012, 04:24 AM
Post #19


Newbie


Group: Members
Posts: 14
Joined: 4-July 12
Member No.: 106,771



For me, this issue was a FireFox addon called XULCache. It's a click-jacker. Simply deactivate it/uninstall it.
Go to the top of the page
 
+Quote Post
Christian
post Jul 4 2012, 06:22 AM
Post #20


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hi (IMG:style_emoticons/default/smile.gif)

That could be the source, but if you install all the extensions from Mozilla Store, you should be safe.

Take care.
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 1st September 2014 - 11:15 PM