Welcome to Gaia! ::

tokisaur's avatar

Cat

Jaydi Blaze
yep.


I deleted all the threats, but then now it's not just happili. It's a LOT more websites like happili D8
omgsdksiadfhkadskfsdfjdsfkjsdkjdskjfsdkjfd
/panic
hello toki
Jaydi Blaze
yep.


I deleted all the threats, but then now it's not just happili. It's a LOT more websites like happili D8
omgsdksiadfhkadskfsdfjdsfkjsdkjdskjfsdkjfd
/panic
http://majorgeeks.com/GooredFix_d7057 run that.
tokisaur's avatar

Cat

Jaydi Blaze


"Error 404!

/GooredFix_d7057
File Not Found!"
hello toki
Jaydi Blaze


"Error 404!

/GooredFix_d7057
File Not Found!"
sorry, wrong url

http://majorgeeks.com/GooredFix_d7057.html
tokisaur's avatar

Cat

Jaydi Blaze


Downloaded. Now what?
now run it biggrin
tokisaur's avatar

Cat

Jaydi Blaze


THis is what i got:
========== GooredLog ==========

C razz rogram Files (x86)Mozilla Firefoxextensions
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:15 05/05/2011]

C:UsersivyApplication DataMozillaFirefoxProfilesqraup666.defaultextensions
{5911488E-9D1E-40ec-8CBB-06B231CC153F} [18:48 20/08/2011]

[HKEY_LOCAL_MACHINESoftwareMozillaFirefoxExtensions]
"wrc@avast.com"="C razz rogram FilesAVAST SoftwareAvastWebRepFF" [02:58 07/08/2011]

-=E.O.F=-
good. Should work now.
tokisaur's avatar

Cat

Jaydi Blaze
good. Should work now.

Nope. The happili redirect is still showing up.
This code/url/whatever shows up in front of every thing I click.
http://173.231.21.176/click.php?id=pagE0LNteCKATt4ZCMK...QniwLSo,&o=
Wtf.......

run one of these:

32 bit: http://files.surfright.nl/HitmanPro36.exe
64 bit: http://files.surfright.nl/HitmanPro36_x64.exe

This uses multiple programs to scan for intections. If it's not on here, than I have no clue.
tokisaur's avatar

Cat

Jaydi Blaze


On every malware scanner, it always detects 'ToolbarUpdate.exe' and tracking cookies.
I then delete it and reboot. I scan again, and it's there again gonk

....now when i click on a link, instead of the real website, an ad appears instead
gonk gonk gonk gonk gonk
tokisaur's avatar

Cat


Ok, I read some articles online and it's hidden by a rootkit.
"It's caused by a multi-faceted threat variously called TDSS, Alureon, or Tidserv.

The first time I ran into Tidserv it was inflicting exactly the same symptoms on my daughter's laptop. Unlike Lance's security-free test system, her laptop was protected by an up-to-date installation of Norton Internet Security 2010; it didn't help. She worked directly with Symantec technicians to identify and eliminate this then-new variant. Symantec's page on what they call Backdoor.Tidserv now includes a removal tool designed specifically to wipe out this threat.

Tidserv does indeed redirect search result links so you end up visiting web sites associated with the threat's authors, but that's just the most visible effect. According to Symantec it hides itself using advanced rootkit technology, displays advertisements, and opens a back door that further compromises the affected system's security.

Symantec reports that this Trojan is designed specifically to make money. It generates web traffic, collects sales leads for other dubious sites, and tries to fool the victim into paying for useless software. If those tricks don't work it can kick up the threat level by downloading additional malicious or misleading programs.

Pernicious threats like this one, threats that sometimes get past normal security, are precisely the target for Symantec's free Norton Power Eraser tool. I advised Lance to try the beta version of Norton Power Eraser 1.5, released today in conjunction with the Norton 360 Version 5 public beta. This update gives Norton Power Eraser the new ability to draw on Symantec's massive Norton Insight database to help identify threats.

Alas, Norton Power Eraser isn't yet powerful enough to remove this particular threat. Symantec supplied a brand new removal tool and reported that the removal techniques from this tool will eventually be merged into NPE. I predict eventual success, but jury is still out as the removal tool takes quite a while to finish its scan (eight hours on my clean test system).

If you click on a search link and it goes to the wrong place once, that might be a fluke. If it happens multiple times you've got a problem. Update your antivirus and run a full scan, seek a threat-specific removal tool online, or try a free tool like Norton Power Eraser. You don't want to leave a threat like Tidserv running loose on your computer."
tokisaur's avatar

Cat



"The virus, Go.google.com disables the running firewalls and anti-virus softwares and breaks your security, it records and send the web urls visited on the infected computer to the hacker.

Most common signs of this virus go.google.com browser hijacker is that It corrupt Registry files and it causes “Blue Screen of Death” error in windows
This virus also changes the desktop background
MS IE and mozila Firefox brows the web slow after getting infected by go.google.com and this virus also infects e-mail attachments, messenger and other freeware programs
There are two tools available on the Internet which can remove go.google.com virus from Windows XP and Windows Vista

Note: Both of these tools are Shareware programs classified as spyware and antivirus tools which lets you remove the virus completely free of cost, so you can use them in their trail version time period."
tokisaur's avatar

Cat

Jaydi Blaze


Would this work?

Quote:
Follow the instructions below:
1: Go to my computer and C:–>Windows–>System32–>Drivers–>etc folder.
2: In this folder, Look for a file named “Hosts”
3: Right click on this file and open it with the notepad
4: Now delete all the lines of IP addresses in the text document except for “127.0.0.1 localhost”.
5: Save the file and close it.

Doing this solvs the problem and Now you should be able to surf Internet without any redirect problem. But remember! you still need to get rid of several infected files from your computer, remote registry entries and un-register the DLL files

Quick Reply

Submit
Manage Your Items
Other Stuff
Get Items
Get Gaia Cash
Where Everyone Hangs Out
Other Community Areas
Virtual Spaces
Fun Stuff
Gaia's Games