Hello

Hello Everyone

So I managed to find this site after hitting a problem with my browser. Basically when I google say ebay and then click on the link I am directed to a spurious page like searchingworld or freewirelessworld or some other rubbish. It will do this twice before it will let me open ebay.

I tried installing Norton Antivirus and already had Windows Deender running but they didn't find anything out of place. I contacted a friend who told me I have been hijacked. He recommended STOPzilla which I installed but still no joy.

So here I am.

I found the page READ & RUN ME FIRST Before Asking for Support and followed the instructions. I think I now need to post a please help but I have had a problem:

I ran the online Panda Active Scan but I couldn't find where to click to see report and then save so is this going to be a big No No?

 

Just do what you can in the READ ME, it tells you in the READ ME how to view, save and attach the log.

 

OK thanks bj

I tried Panda today and it worked and found 4 infections so I have saved the report.

I will attach here and next the 5 log files.

 

OK so I think thats everything.

Happy hunting.

 

Your log looks good, I would however run CCleaner to cleanup the Panda detections.

Are you having any current problems? If so, can you elaborate?

 

bj

OK I do still have the problem which I am told is hijacking. Let me explain:

My home page is Google. I open IE and get Google. I type in hotmail and click find. Up comes the list of search results. There at the top is Hotmail – it is not an ad just a plain vanilla search result with a link to – hotmail.com So I click on it and I don’t get Hotmail I get something else. This time I just tried I first got the following address in the address bar -

67.29.139.220/click/?affiliate=AND1&subid=518&Terms=hotmail&sid=Z110045130x8VN3d3dfdTM1kzMzMzMwAzM4MzN58VNwcTMy8FM1gzN0czM2ETM

and this then directed me to -

monstermarketplace.com/searchao.asp?q=hotmail&ref=and1-518

I click back [2 jumps straight to the google results] and click on the hotmail result at the top again and I get sent to –

netster.com/results/results_arb.asp?pid=searchfeed2&keywords=hotmail

with no hop in between.

The 3rd time I normally always get to the right place.

Now the list of different pages I can get sent to varies but there are some familiar favourites that I see regularly:

cosavista.net
freewirelessworld.com
mov-x-archive.com
oldhetaira.com
robogold.biz
romemaster.com
rpicamps.com
searchingworld.com
up-search.com
weddingcamerasplace.com
www-search.net

there even seems to be some intelligence to the hijacking like if I am searching in google for something car [auto] related I might get sent to the following sites even when I am clicking on something different obviously -

lowcarinsuranceguide.automotivecenter.com
insureme.com
bestcarinsuranceblog.com
carseller.com

So it normally only does 2 spurious redirects per search, so if I go back and click again 2 times the last one normally gets me where I need to be so the third attempt in effect. I can tell if the browser is going to do this because it takes an extra couple of seconds for IE to wake up and then the [wrong] page to load up.

At first I did some digging and found my DNS server addresses in my IPconfig had changed. These were and should always be just default [obtain automatically] but some how they had been populated with a 81.x.x.x address. I am not 100% sure on that address because I changed it back to default and so lost them. I thought this had fixed it but no. Then I installed Norton Antivirus 2006 15 day trial and this found nothing. Then a friend said I need stopzilla so I installed its trial and it has quarantined some stuff but the problem still exists. The last thing I was told to try before finding this site was an smtfraudfix bat file in safe mode. So I am now left scratching my head. I am also worried that every http request I send is getting recorded or logged somewhere by some unsavoury characters. This is leading to paranoia!

So any help would be much appreciated.

 

OK it seems i have fixed it. I wont say myself as I just found a useful post on another board from someone with a similar problem. This is the link to it:

http://www.windowsbbs.com/showthread.php?t=59389

I downloaded the fixwareout.exe and ran it. The report at the end told me it had found nothing but now my browser is working as epxected so no more spurious redirects.

I have now followed 'How to Protect yourself from malware!' instructions and hopefully now I will be able to roam free.

Thank you for the assist.

ATM

 

Your Welcome!

Glad you got your problem fixed.