Browser redirect, multiple machines, scorecardresearch.com

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rauscs, Jul 22, 2014.

  1. rauscs

    rauscs Private E-2

    First saw this today in our medium-sized business. I've seen 6 infections today in various computers of the 50 we have on site. Both IT managers are having the problem (I'm one of them). We are both pretty savvy, and haven't taken any action that would cause infection. All browsers (firefox/chrome/ie) originally take you to the requested page, then redirect to b.scorecardresearch.com (404). I've installed adblockplus under chrome, and added a block on this website. I seem to be able to browse without problems, but can see it trying to redirect. I've run through all of the procedures and am attaching logs here. Thanks in advance for your help. Steve
     

    Attached Files:

    rauscs, Jul 22, 2014
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Re run Hitman and have it remove the little bits it is finding.


    Download OTL to your desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Attach both of these logs into your next reply.




    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.



    Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool.
    • Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Attach the logfile to your next next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
     
    Kestrel13!, Jul 24, 2014
    #2
  3. rauscs

    rauscs Private E-2

    Hi - thanks for that.

    I ran Hitman Prox64 v3.7.9 build 221, loaded from their site. When it comes time to delete the AskBar pieces, it prompted for a license key, and I couldn't find a way to get around it. I've attached the log anyway.

    All other processes were completed, and logs are attached here. I appreciate the help!

    Steve
     

    Attached Files:

    rauscs, Jul 24, 2014
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Kestrel13!, Jul 24, 2014
    #4
  5. rauscs

    rauscs Private E-2

    Thanks for the information. I am no longer seeing redirects on my computer.

    Do you have any idea what this might have been? I went through the full set of cleanup steps on my machine, and I'm not sure what step cleaned up what. It appears that the adblocker is stopping our other 'infected' machines from redirects, but what do I do on those machines? Do I go through all of the steps to make sure those machines are clean, or just live with it?
    Thanks again for your help.
    Steve
     
    rauscs, Jul 28, 2014
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    How many other machines are there? You could at least reset all the browsers for each machine involved and let me know how that pans out.
     
    Kestrel13!, Jul 29, 2014
    #6
  7. rauscs

    rauscs Private E-2

    Don't give up on me, I'll be out of town for a week or so, but will get back on this when I return. Thanks, Steve
     
    rauscs, Jul 31, 2014
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    OK, I'll be floating around somewhere. ;)
     
    Kestrel13!, Aug 1, 2014
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds