FireFox Browser Redirection Problems

[meshaq2000]

Hi there,

I first noticed this in Firefox, but then it also happens in IE. whenever I do a search in either google or yahoo I get redirected to a weird site (but it only happens some of the time...some times I get to the real site, and whenever I do get the weird webpage, I just back out of it and click on the same link and I get to the page i'm supposed to get to).

I attached the gooredfix.txt file to this. Hopefully someone can help out and let me know how to fix it.

I originally downloaded Adware by Lavasoft, Housecall by Treadmicro, and CW Shredder as well as Malwarebytes. And while some of them found stuff, I still had the redirect problem. Then I purchased and downloaded Webroot Secure Anywhere (because of the high marks it was given by PC magazine) and that didn't find anything...so I ended up here and found the thread about using gooredfix.txt.

Thanks

[chaslang]

Welcome to Major Geeks!

Follow the instructions in the below thread. Make sure that you complete all steps as indicated if still having problems. And if and when you get to step 5, make sure you do everything in step 5 including the READ & RUN ME FIRST

Fixing Google Redirection/hijacking and other redirection problems

[meshaq2000]

So I followed that link and did all the steps (flushed the java cache, the firefox and IE caches, and the dns cache) and have included the Kaspersky TDSSKiller report because the problem persists (the browser redirect).

Thanks, in advance, for helping!

[meshaq2000]

Also - I noticed that it said to see if the redirect problem persisted, so I did and the problem persisted - so I went on to step five and have attached the MBRCheck thing to this post.

Thanks!

[chaslang]

Quote:

Originally Posted by meshaq2000

so I went on to step five and have attached the MBRCheck thing to this post.!

Let me repeat

Quote:

And if and when you get to step 5, make sure you do everything in step 5 including the READ & RUN ME FIRST

[meshaq2000]

Oops - sorry, I did that too, I just thought the reports that I put below were all you needed at this point. Attached are the reports from the malware removal attempt.

I have the SuperAnti Spyware log, the Malwarebytes log, the combofix, and the MGlog. I am running vista on a 64-bit so I didn't do the RRlog.

I'm still having the browser redirect problem. Let me know if you need to know which sites its redirecting to...

Thanks in advance!

[chaslang]

Your MBRcheck log shows a possible infection

Code:

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D

Being unknown does not always mean there is an infection; however since you are having problems, this could be the cause. Do you have your Vista Boot DVD so that we can use it to fix your MBR?

[meshaq2000]

So, of course, I've searched everywhere and I can't find my windows vista boot disk anywhere. I did find an old windows XP professional (version 2002) from a pc that died a long time ago. Could I use that or should I buy or try to find a replacement for windows vista?

[chaslang]

Quote:

Originally Posted by meshaq2000

I did find an old windows XP professional (version 2002) from a pc that died a long time ago. Could I use that

No!


Let's see if we can get lucky and use the below. Sometimes it will work but more frequently, it can not fix newer forms of MBR infections.

• Run MBRCheck.exe
• Wait until you see the following lines:
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.
    Enter your choice:

• Please push the 'Y' key and then press Enter
• When the program asks you to Enter your choice: enter 2 to Rstore the MBR and press the Enter key
• Now the program will ask you to "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
• The program will show Available MBR codes as below

Quote:

Enter the physical disk number to fix (0-99, -1 to cancel): 3
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel


Please select the MBR code to write to this drive:

• You need to select your version of Windows frrom the list. Which means you need to enter 3 for Vista and then press Enter.
• The program will prompt for confirmation. Type 'YES' and hit Enter.
• Left click on the title bar (where program name and path is written). From menu chose Edit -> Select All
• You will see all the text in the window get highlighted.
• Hit the Enter key on your keyboard to copy all of the text into the clipboard.
• Paste that text into Notepad, save it to your desktop as MBRfix.txt
• Restart your PC.
• Attach the MBRfix.txt file to your next message.
• Then also rerun a scan with MBRcheck and attach the new log so we can verify whether it actually succeeded.

[meshaq2000]

I think i'm reading that it still lists an unknown MBR code...

I've attached the MBRfix as well as the MBR check.

[chaslang]

Quote:

Originally Posted by meshaq2000

I think i'm reading that it still lists an unknown MBR code...

Correct. So let's try another tool. First we will actually get a log with it.

Please download aswMBR to your desktop.

• Double-click aswMBR.exe to run (Vista/7 right-click and select Run as Administrator)
• Select No when asked "Would you like to download latest Avast! virus definitions?"
• Click the [Scan] button.
• On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach)

Please make sure that you attach the above log first and then do the below.

• Now rerun aswMBR.exe (for Vista or Win7 right-click and select Run as Administrator)
• Select No when asked "Would you like to download latest Avast! virus definitions?"
• Click the FixMBR button.
• Then exit aswMBR and reboot your PC.
• After reboot run a new Scan with aswMBR and attach the newest log for review

[meshaq2000]

I ran the aswMBR scan and have attached the log.

[meshaq2000]

And then I did the rest of it and here's the second scan log.

[chaslang]

Quote:

Originally Posted by meshaq2000

And then I did the rest of it and here's the second scan log.

Okay it seems to have worked as I see:

Quote:

22:31:46.519 Disk 0 Windows VISTA default MBR code

Now just to double check, rerun MBRcheck and attach the log from it to make sure it also sees the proper MBR.


Also let me know if you are still having any problems.

[meshaq2000]

I ran MBRcheck again - and here's the log

[meshaq2000]

Also - I'm still getting the browser redirect.

[chaslang]

Quote:

Originally Posted by meshaq2000

I ran MBRcheck again - and here's the log

Hmmm! The log from MBRcheck still indicates an unknown MBR code. This would seem to indicate that aswMBR really did not fix your MBR. Possibly because the infection in the MBR itself is actively blocking it.

You need a boot CD to avoid having the infected MBR getting loaded. You need to fix a Vista boot DVD. You could borrow a friends temporarily just for the fix. Or another possible option may be to try what was posted in message # 12 of the below thread and see if you can get this CD to run.

whistler/black internet@mbr again!

[meshaq2000]

I'm glad you guys have solutions for morons like myself who somehow lose their boot cd. I downloaded Hiren's Boot CD to a clean pc, burned it to disc and followed all the instructions from there.

Then I ran another MBR check and have uploaded it. It has a different thing on it this time, so hopefully that means it's fixed...but, of course I wouldn't be here if I knew how to read it myself...

[chaslang]

Quote:

Originally Posted by meshaq2000

. It has a different thing on it this time, so hopefully that means it's fixed...but, of course I wouldn't be here if I knew how to read it myself...

Yes it is now showing a Windows XP MBR. We really wanted a Vista MBR but this is still better than the infected one and really should not cause any problems.

How are things running? Are you still having redirects? If so, is it only with Firefox?

[meshaq2000]

Hi there,

So it appears that IE doesn't redirect any search links (I clicked on more than 20 and no redirect)...but it happens still in Firefox. What should I do about that?