Tzerreitug Posted June 14, 2009 Hello, I am a new user and hoping to find some help. Today, out of nowhere, I think I inherited some sort of malware/spyware/virus on my computer (which is odd, since I've been gone for most of the day with my dog at the vet [it hasn't been a good day] and nowhere near my computer. And super duper odd that in my years of owning a computer have NEVER gotten a virus). Anyways, when I got home, I went to search something on google (I am currently using Firefox 5.0) and when I clicked on a result, it redirected me to a totally bizarre search site like Shopica, Ebay, Orbitz, etc. It takes me a few tries to eventually get to the page I want. And I didn't think anything of it until I got really annoyed and did some searching and realized from the pages and pages of tech forums that this is some sort of spywayre/malware virus. Again I have no idea how I absorbed this virus, but there it is. Long story short, after a few failed scans from malware/spyware programs (they all detected NOTHING. I am also using AVG and it did not detect anything after today's scan), I finally downloaded and ran SuperAntiSpyware. I ran a scan and the results look like the problem (does that make sense?)- it detected 100 Adware Tracking Cookies to sites I've never visited before, and many look like the websites that I am being redirected to. This is very frustrating as I am frightened to do anything- especially log into my email account, shopping sites, and online banking site. I tried attaching the results form the Scan Log (it's a txt.) and it's not letting me do it, so if someone can help me out, maybe I could copy + paste the results??? I would appreciate any help that you can give me. Thank you!!!! Share this post Link to post Share on other sites
siliconman01 Posted June 14, 2009 I tried attaching the results form the Scan Log (it's a txt.) and it's not letting me do it, so if someone can help me out, maybe I could copy + paste the results??? Yes, just copy/paste the scan log back here in your post. Did you let SAS quarantine the detected items? You should also boot your computer into SAFE MODE (without networking) and run a Complete scan of your computer using SAS. Let it quarantine what it finds. Share this post Link to post Share on other sites
Tzerreitug Posted June 14, 2009 siliconman01, First, here is the scan log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 06/13/2009 at 09:53 PM Application Version : 4.26.1004 Core Rules Database Version : 3938 Trace Rules Database Version: 1881 Scan type : Quick Scan Total Scan Time : 00:17:10 Memory items scanned : 565 Memory threats detected : 0 Registry items scanned : 511 Registry threats detected : 0 File items scanned : 12940 File threats detected : 100 Adware.Tracking Cookie C:\Documents and Settings\Tanya\Cookies\tanya@serving-sys[3].txt C:\Documents and Settings\Tanya\Cookies\tanya@celebrateexpress.122.2o7[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@rm.yieldmanager[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@content.yieldmanager[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@hairfinder[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@advertising[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@insightexpressai[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@adecn[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@chitika[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@at.atwola[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@kontera[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@overture[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@precisionclick[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@tradedoubler[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@doubleclick[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@ads.pointroll[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@adopt.euroclick[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@adrevolver[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@sales.liveperson[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@adserver.advertstream[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@ad.yieldmanager[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@ehg-foxsports.hitbox[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@ads.addynamix[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@tacoda[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@ehg-dig.hitbox[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@sales.liveperson[3].txt C:\Documents and Settings\Tanya\Cookies\tanya@te.kontera[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@perf.overture[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@e-2dj6wal4ehcjaco.stats.esomniture[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@interclick[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@server.iad.liveperson[3].txt C:\Documents and Settings\Tanya\Cookies\tanya@counter.hitslink[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@linksynergy[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@oasn04.247realmedia[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@media.adrevolver[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@bs.serving-sys[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@realmedia[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@msnportal.112.2o7[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@247realmedia[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@adultedreg[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@reduxads.valuead[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@msnservices.112.2o7[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@warnerbros.112.2o7[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@ads.bridgetrack[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@adbrite[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@anad.tacoda[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@adopt.specificclick[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@www.googleadservices[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@pro-market[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@2o7[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@freecodesource.advertserve[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@zedo[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@specificclick[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@media6degrees[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@questionmarket[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@ads.realtechnetwork[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@statse.webtrendslive[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@adserver.adtechus[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@ehg-davidsbridal.hitbox[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@dc.tremormedia[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@mediaplex[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@counter.surfcounters[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@mediamall.wireless.att[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@bizrate[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@ads.motogp[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@collective-media[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@trafficmp[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@tremor.adbureau[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@server.iad.liveperson[4].txt C:\Documents and Settings\Tanya\Cookies\tanya@webreports.digitalinsight[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@web4.realtracker[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@sales.liveperson[5].txt C:\Documents and Settings\Tanya\Cookies\tanya@hitbox[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@imrworldwide[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@tribalfusion[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@statcounter[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@ads.lucidmedia[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@fastclick[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@atwola[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@atdmt[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@ads.as4x.tmcs[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@server.iad.liveperson[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@borders.112.2o7[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@burstnet[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@adcentriconline[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@revsci[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@dynamic.media.adrevolver[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@data.coremetrics[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@iacas.adbureau[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@cdn4.specificclick[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@www.burstnet[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@ehg-reddoorinteractive.hitbox[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@intermundomedia[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@www.hairfinder[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@ussearch.122.2o7[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@burstbeacon[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@specificmedia[2].txt C:\Documents and Settings\Tanya\Cookies\tanya@www.findstuff[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@trvlnet.adbureau[1].txt C:\Documents and Settings\Tanya\Cookies\tanya@www.burstbeacon[1].txt Second, no, I haven't done a THING to SAS in case I do something "wrong", I haven't gone to the next step yet Third, no, I did not run it in Safe Mode (not a real technically savvy person when it comes to things like that). Thank you for your reply and for any help in advance (trying to solve this is really eating up my Saturday night!!) Share this post Link to post Share on other sites
siliconman01 Posted June 14, 2009 The items that SAS is finding are Tracking Cookies. You should let SAS quarantine these. I doubt, however, that they are the source of your problem that you described. Below is a website that describes how to reboot your computer into SAFE MODE. Please follow the instructions for your particular Windows operating system and boot into SAFE MODE. Then run a Complete Scan with SAS and let it quarantine anything it finds. Then reboot back into Normal Mode and post back here the SAS log for the latest scan. http://www.pchell.com/support/safemode.shtml Share this post Link to post Share on other sites
siliconman01 Posted June 14, 2009 In addition to my post above, please download and install Hijackthis from the link below. http://www.bleepingcomputer.com/files/hijackthis.php After you have scanned in SAFE MODE with SAS and have rebooted back into Normal Mode, run a Hijackthis scan and copy/paste its scan log back here too. Share this post Link to post Share on other sites
siliconman01 Posted June 14, 2009 Your Hijackthis scan log is not showing any infections. Everything looks normal and acceptable. I recommend that you submit a support request to the SAS gurus so that they can dig deeper on your system. The link below permits you to submit a support request. You may have a new variant of some strange infection that is just emerging on the Internet. https://www.superantispyware.com/precreateticket.html Share this post Link to post Share on other sites