Richse1 Posted April 5, 2011 Hi all, I am a PC user, WinXP, Firefox. I would like to get some help from the users of this forum as It has been 3 days since I have been redirected to random websites each time I click on on a google link. Looking at few forums I now understand that it is a 'Redirect Malware'. I ran a few scans with my antivirus 'Avira'. Useless. Then I the did a scan, in a safe mode, via 'SuperAntispy' - nothing got fixed either. Then I downlodaded FREE SuperAntispyware. Tried a few times to do a full scan: Attempt # 1 (normal mode) - the scan froze before being fully complete - duration of the scan 6 hours, 56000 files scanned! Attempt # 2 (normal mode) - the scan froze before being complete - duration of the scan 4 hours, 48,000 files scanned . Attempt # 3 (normal mode) - After looking on few forums, I unchecked the DDA option in the Control Scanning section. I then ran another scan and it froze again after not being completed - duration of the scan 2 hours 48,000 fils scanned. Attempt # 4 (normal mode) - Launched another scan before going to bed. I noticed in the morning that my scan froze again in the middle of the night - duration of the scan 7 hours, file scanned 49,000. Attempt # 5(safe mode) - I just finished to scan my computer in Safe mode using Superantispyware, leaving the DDA option unchecked. Results: the scan stopped after it scan aprox 16,000 files, and quarantined 69 viruses.... So, I rebooted. Then I noticed that online NOTHING CHANGED! Sigh... ;( So I will do an ultimate attempt with Superantispyware, on safe mode, but this time I will make sure the DDA option is checked. Help please! R Share this post Link to post Share on other sites
Seth Posted April 5, 2011 Welcome to the SAS forum. Please post the SAS scan log that shows the 69 infections. Share this post Link to post Share on other sites
Richse1 Posted April 6, 2011 Hi Seth, Thanks for your help. I did a full scan with SAS on safe mode. Here is the Scan log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 04/06/2011 at 07:38 PM Application Version : 4.50.1002 Core Rules Database Version : 6752 Trace Rules Database Version: 4557 Scan type : Complete Scan Total Scan Time : 02:27:23 Memory items scanned : 227 Memory threats detected : 0 Registry items scanned : 6826 Registry threats detected : 0 File items scanned : 54955 File threats detected : 40 Adware.Tracking Cookie C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@adtech[1].txt C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt C:\Documents and Settings\NetworkService\Cookies\system@solvemedia[2].txt C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt .atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bouyguestelecom.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bouyguestelecom.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bouyguestelecom.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bouyguestelecom.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tradedoubler.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tradedoubler.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tradedoubler.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tradedoubler.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] Trojan.Agent/Gen-Kazy C:\SYSTEM VOLUME INFORMATION\_RESTORE{668477DC-0168-463C-90CE-C5FA71396F1C}\RP646\A0139458.EXE Trojan.Agent/Gen-FakeAV C:\SYSTEM VOLUME INFORMATION\_RESTORE{668477DC-0168-463C-90CE-C5FA71396F1C}\RP646\A0141441.EXE Trojan.Agent/Gen-FakeAlert C:\SYSTEM VOLUME INFORMATION\_RESTORE{668477DC-0168-463C-90CE-C5FA71396F1C}\RP650\A0151516.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{668477DC-0168-463C-90CE-C5FA71396F1C}\RP650\A0151517.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{668477DC-0168-463C-90CE-C5FA71396F1C}\RP650\A0151518.EXE Share this post Link to post Share on other sites
Richse1 Posted April 6, 2011 By the way I quarantined the 69 infected files from the scan in safe mode BUT the DDA option was unchecked. That was yeasterday afternoon. However, I ran another scan yesterday evening but with the DDA option checked. It founds 40 intected files, and that's the scan log I posted above. Not sure if this clarifiaction is helpful, but I thought I should tell you. Share this post Link to post Share on other sites
Seth Posted April 6, 2011 You're welcome. The log helped a great deal, and I see what's going on now. Unfortunately, I only have a minute to post right now, but I'll be back later with some suggestions. Share this post Link to post Share on other sites
Richse1 Posted April 6, 2011 I m glad the log gives you a better idea of the situation. Sure, get back to me when you have a chance. Thanks! Share this post Link to post Share on other sites
Seth Posted April 6, 2011 Ok, I'm sneaking this in... Some infections are in your System Restore folder. It's difficult for any antimalware program to remove those infections, as that folder is protected by Windows. I suggest you clear the restore points by disabling then enabling System Restore. The other "infections" are cookies, and technically not threats. In fact, many (including myself) turn off cookie detection. This is SAS's official response in regards to cookies: This subject has been the debate of many newsgroups and online forums. Cookies are simply text files stored on your hard drive and cannot themselves harm your computer in any way. Typically cookies are used to remember logins and keep track of user settings on web-sites.Cookies can be used to track your movement on the Internet ONLY if a site is aware of the cookies and is designed to use the specific cookies. Because of their use in tracking, many feel that this constitutes spyware. We do not consider cookies to be threats of anywhere near the same level of severity as actual malware threats that can steal real personal information, serve ads, or render a computer unusable. SUPERAntiSpyware will detect tracking cookies as "Adware.Tracking Cookies" and you can choose to remove them or leave them on your system. You may turn off this feature in the Preferences -> Scanning Control tab of SUPERAntiSpyware should you not wish cookies to be scanned, detected and removed. I'll be back later to discuss your scan time and DDA. Share this post Link to post Share on other sites
Seth Posted April 6, 2011 Continued from above: Are you still getting redirects? If so, submit a Customer Support Request and SAS can run diagnostics on your system. Mention this thread in the request. Here's the link for the request: https://www.superantispyware.com/precreateticket.html Share this post Link to post Share on other sites
SAS Customer Service Posted April 6, 2011 Continued from above: Are you still getting redirects? If so, submit a Customer Support Request and SAS can run diagnostics on your system. Mention this thread in the request. Here's the link for the request: https://www.superantispyware.com/precreateticket.html Way to go Seth! Thanks for your devotion to the issue! Share this post Link to post Share on other sites
Richse1 Posted April 7, 2011 Hi Seth, I am sorry I couldn't reply to you earlier. Thanks a lot for your messages. So here is what I did: 1) I deleted the restore points following these instructions from Windows.com. http://windows.microsoft.com/en-US/windows-vista/Delete-a-restore-point Although the instructions are for Windows Vista, I suspected this would still apply for the Windows XP version I am on. 2) Then, in order to make sure I really cleared these restore points I found another way to do it (precisely for Windows XP) on this link i.e. Disabled and enabled them. http://support.microsoft.com/kb/310405 3) I restarted the computer in Safe mode and ran a scan with the DDA checked and "Scan tracking cookies" checked. Here is the scan SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 04/08/2011 at 10:30 AM Application Version : 4.50.1002 Core Rules Database Version : 6752 Trace Rules Database Version: 4557 Scan type : Complete Scan Total Scan Time : 00:59:24 Memory items scanned : 226 Memory threats detected : 0 Registry items scanned : 6832 Registry threats detected : 0 File items scanned : 20527 File threats detected : 226 Adware.Tracking Cookie C:\Documents and Settings\LocalService\Cookies\system@247realmedia[2].txt C:\Documents and Settings\LocalService\Cookies\system@optimize.indieclick[1].txt C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt C:\Documents and Settings\LocalService\Cookies\system@www.adtrak[1].txt C:\Documents and Settings\LocalService\Cookies\system@overture[2].txt C:\Documents and Settings\LocalService\Cookies\system@advertise[2].txt C:\Documents and Settings\LocalService\Cookies\system@adserving.ezanga[2].txt C:\Documents and Settings\LocalService\Cookies\system@indieclick[2].txt C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt C:\Documents and Settings\LocalService\Cookies\system@click.blue-square-media[2].txt C:\Documents and Settings\LocalService\Cookies\system@ru4[1].txt C:\Documents and Settings\LocalService\Cookies\system@adviva[2].txt C:\Documents and Settings\LocalService\Cookies\system@invitemedia[2].txt C:\Documents and Settings\LocalService\Cookies\system@click.fastpartner[2].txt C:\Documents and Settings\LocalService\Cookies\system@burstnet[1].txt C:\Documents and Settings\LocalService\Cookies\system@media6degrees[2].txt C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt C:\Documents and Settings\LocalService\Cookies\system@www.findlouisiana[2].txt C:\Documents and Settings\LocalService\Cookies\system@bs.serving-sys[1].txt C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt C:\Documents and Settings\LocalService\Cookies\system@user.lucidmedia[1].txt C:\Documents and Settings\LocalService\Cookies\system@myroitracking[1].txt C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[3].txt C:\Documents and Settings\LocalService\Cookies\system@fastclick[1].txt C:\Documents and Settings\LocalService\Cookies\system@zedo[2].txt C:\Documents and Settings\LocalService\Cookies\system@findology[2].txt C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[2].txt C:\Documents and Settings\LocalService\Cookies\system@pro-market[1].txt C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt C:\Documents and Settings\LocalService\Cookies\system@www.burstnet[2].txt C:\Documents and Settings\LocalService\Cookies\system@clickbank[1].txt C:\Documents and Settings\LocalService\Cookies\system@revsci[1].txt C:\Documents and Settings\LocalService\Cookies\system@eas.apm.emediate[1].txt C:\Documents and Settings\LocalService\Cookies\system@specificclick[1].txt C:\Documents and Settings\LocalService\Cookies\system@mediabrandsww[1].txt C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[2].txt C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[2].txt C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[2].txt C:\Documents and Settings\NetworkService\Cookies\system@optimize.indieclick[2].txt C:\Documents and Settings\NetworkService\Cookies\system@clicks.fastgetonline[1].txt C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@clicksor[2].txt C:\Documents and Settings\NetworkService\Cookies\system@overture[2].txt C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[1].txt C:\Documents and Settings\NetworkService\Cookies\system@analytics.roimedia.co[1].txt C:\Documents and Settings\NetworkService\Cookies\system@adserving.ezanga[2].txt C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt C:\Documents and Settings\NetworkService\Cookies\system@indieclick[2].txt C:\Documents and Settings\NetworkService\Cookies\system@click.blue-square-media[1].txt C:\Documents and Settings\NetworkService\Cookies\system@clickpayz10.91497.information-seeking[1].txt C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt C:\Documents and Settings\NetworkService\Cookies\system@bizrate.co[2].txt C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@onlineadtracker.co[1].txt C:\Documents and Settings\NetworkService\Cookies\system@media.dx.hwpub[1].txt C:\Documents and Settings\NetworkService\Cookies\system@adserving.greenadvertizing[2].txt C:\Documents and Settings\NetworkService\Cookies\system@adviva[2].txt C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[1].txt C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt C:\Documents and Settings\NetworkService\Cookies\system@ads.financialcontent[1].txt C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[1].txt C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[2].txt C:\Documents and Settings\NetworkService\Cookies\system@ads.e-planning[1].txt C:\Documents and Settings\NetworkService\Cookies\system@ads.cpxcenter[2].txt C:\Documents and Settings\NetworkService\Cookies\system@audience2media[2].txt C:\Documents and Settings\NetworkService\Cookies\system@p353t1s3119119.kronos.bravenetmedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@audience2media[3].txt C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[1].txt C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[2].txt C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt C:\Documents and Settings\NetworkService\Cookies\system@bizrate[1].txt C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[2].txt C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[3].txt C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt C:\Documents and Settings\NetworkService\Cookies\system@clickpayz2.91497.information-seeking[1].txt C:\Documents and Settings\NetworkService\Cookies\system@liveperson[1].txt C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[2].txt C:\Documents and Settings\NetworkService\Cookies\system@findology[1].txt C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[2].txt C:\Documents and Settings\NetworkService\Cookies\system@pro-market[1].txt C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[2].txt C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt C:\Documents and Settings\NetworkService\Cookies\system@xml.happytofind[2].txt C:\Documents and Settings\NetworkService\Cookies\system@www.ist-track[1].txt C:\Documents and Settings\NetworkService\Cookies\system@eas.apm.emediate[1].txt C:\Documents and Settings\NetworkService\Cookies\system@tradedoubler[2].txt C:\Documents and Settings\NetworkService\Cookies\system@clickpayz7.91462.information-seeking[1].txt C:\Documents and Settings\NetworkService\Cookies\system@statse.webtrendslive[2].txt C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt C:\Documents and Settings\NetworkService\Cookies\system@masseysmedia[2].txt C:\Documents and Settings\NetworkService\Cookies\system@clickpayz10.91462.information-seeking[1].txt C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt C:\Documents and Settings\NetworkService\Cookies\system@www.cpcadnet[1].txt www.googleadservices.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .clubmed.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .clubmed.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .clubmed.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .clubmed.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .adtech.de [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .advertise.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .content.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .apmebf.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .mediaplex.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .mediaplex.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .cofidis2.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .cofidis2.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .cofidis2.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .cofidis2.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .smartadserver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bouyguestelecom.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bouyguestelecom.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bouyguestelecom.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bouyguestelecom.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .mm.chitika.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .xiti.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tacoda.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tacoda.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tacoda.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tacoda.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .mediabrandsww.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .adserver.adtechus.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .ar.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tribalfusion.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] www.cpcadnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] www.cpcadnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .adviva.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .ads.adviva.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bs.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bnpparibasnet.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bnpparibasnet.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bnpparibasnet.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bnpparibasnet.solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tradedoubler.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tradedoubler.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tradedoubler.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .tradedoubler.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .bizzclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] www.cpcadnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .adinterax.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .adinterax.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .solution.weborama.fr [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] fr.sitestat.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] fr.sitestat.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .findology.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .findology.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] .content.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\06it9hri.default\cookies.sqlite ] 5) Finally, I am still redirected. Nothing changed unfortunately... ;( What do you think of this scan? Is there anyhthing else you can think of? I guess, I will also check the link you posted to see if Customer Support Request and SAS can run diagnostics on my system. Thanks, R Share this post Link to post Share on other sites
Richse1 Posted April 7, 2011 While I am waiting for more instruction from you end Seth, I have also sent a full diagnostic to the SAS team following the instruction of your link. Share this post Link to post Share on other sites
Seth Posted April 7, 2011 You did clear the restore points successfully, and your complete scan time of 59 minutes is within range. Good job. I suspect that if you re-enabled DDA, the scan time won't increase significantly. It seems as though your previous System restore points were giving DDA a problem. Did you read the comments on cookies? Note that cookies are created as soon as you open web pages. The Customer Support Request will allow the SAS team to find out why you're getting the redirects. Share this post Link to post Share on other sites
Richse1 Posted April 7, 2011 Hi Seth, Thank you for you reply and you encouraging comment! Yes I did read the note on the cookies. Next times I won't include them in the scan. Is there anything else I can do in between, or should I let the SAS team get back to me? I would also like to inform you and the SAS team of a few other types of symptoms: 1) My computer is a bit slower than it use to be. 2) Over the last 2 or 3 days I noticed that it took much more time to switch on the computer and get my windows desktop loaded. Similarly, the lack of speed is the same when I want to switch the computer off. 3) In fact, between yesterday and today I had to do a 'hard switch it off' (excuse my english on this one - I don't know the expression! ) I mean switch off by pressing the ON/OFF button of my CPU. I know this is not good. 4) It just happened a 20 mins ago, when starting the computer, during he launching phase of Windows ( with the logo etc) my computer got stuck 3 times on the blue page where the mention 'Welcome' is displayed. Once again I had to reboot in hard 3 times. 5) Over the last two days, while surfing on the web, Firefox just randomly open a brand new web page on a random website. This occurred perhaps 3 times. That's it you know everything. Let me know I can do anything else while waiting for the SAS team. Thanks R Share this post Link to post Share on other sites
Seth Posted April 7, 2011 Once SAS determines and rectifies the infection that's causing the redirects, we can address those issues if they continue. Share this post Link to post Share on other sites
Richse1 Posted April 11, 2011 Hi again Seth, I am still waiting for the SAS team to get back to me. Over the week-end and especially the situation worsened a little more: the computer is slower, I can't swith it off unless in Hard, more pop up etc... This morning and had a recurrent warning from my Antivrus (i.e. Antivir) telling me that a Trojan needs to be quaratined ... So I did another scan in safe mode (as you recommended, I didn't scan the cookies) Here is my Scan log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 04/12/2011 at 01:40 PM Application Version : 4.50.1002 Core Rules Database Version : 6752 Trace Rules Database Version: 4557 Scan type : Complete Scan Total Scan Time : 01:02:32 Memory items scanned : 221 Memory threats detected : 0 Registry items scanned : 7499 Registry threats detected : 2 File items scanned : 23312 File threats detected : 2 Malware.Trace C:\WINDOWS\TASKS\{22116563-108C-42c0-A7CE-60161B75E508}.job C:\WINDOWS\TASKS\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job HKU\.DEFAULT\Software\NtWqIVLZEWZU HKU\S-1-5-18\Software\NtWqIVLZEWZU I hope this could give more insight to you & the SAS team on how things are evolving over here. Let me know I you have any recommendation. Thank you, R Share this post Link to post Share on other sites
rise Posted April 11, 2011 Hi I can help you fixing your computer, just let me know if you want to Share this post Link to post Share on other sites
Richse1 Posted April 12, 2011 Hi I can help you fixing your computer, just let me know if you want to Sure any help is Welcome. Thanks! What do you recommend? Share this post Link to post Share on other sites
rise Posted April 12, 2011 First do like in this post https://forums.superantispyware.com/index.php?app=forums&module=forums§ion=findpost&pid=21037 Then -Download aswMBR.exe from here: http://public.avast.com/~gmerek/aswMBR.exe and save it to your Dekstop -Double click the aswMBR.exe to run it -Click the "Scan" button to start scan -On completion of the scan click save log, save it to your desktop and post in your next reply Share this post Link to post Share on other sites
anrose Posted April 15, 2011 Hi everyone, I would suggest that you try to use Dr.Web Anti Virus for Windows 4.44. This antivirus really works for me it will also works for you. Hope it will help you solve your problems. Share this post Link to post Share on other sites
Midnite Posted April 17, 2011 Hello all - I also have this nasty annoying infection ... apparently so do many many many others on the net ... I have found posts about this dated back to 2010 and I am surprised that no one has a solution yet ... I have run almost every possible scan on my PC and I am clean all aroung except for this DAMN redirect on search malware / trojan which is at this point driving me NUTS ... if anyone has any idea how to remove this PLEASE post something here and let us know ... I am sending in a request as well to the staff ( experts ) here as well per the post above to see if anyone can help solve this ... PLEASE I am ready to pull out what hair I have left and to be honest that is not ALOT Share this post Link to post Share on other sites
rise Posted April 17, 2011 Hello all - I also have this nasty annoying infection ... apparently so do many many many others on the net ... I have found posts about this dated back to 2010 and I am surprised that no one has a solution yet ... I have run almost every possible scan on my PC and I am clean all aroung except for this DAMN redirect on search malware / trojan which is at this point driving me NUTS ... if anyone has any idea how to remove this PLEASE post something here and let us know ... I am sending in a request as well to the staff ( experts ) here as well per the post above to see if anyone can help solve this ... PLEASE I am ready to pull out what hair I have left and to be honest that is not ALOT Hi Download OTL from here: http://oldtimer.geekstogo.com/OTL.exe to your Dekstop. Double click on the icon to run it select All users then under the Custom/scans fixes copy/paste the following: netsvcs drivers32 %SYSTEMDRIVE%\*.* %systemroot%\Fonts\*.com %systemroot%\Fonts\*.dll %systemroot%\Fonts\*.ini %systemroot%\Fonts\*.ini2 %systemroot%\Fonts\*.exe %systemroot%\system32\spool\prtprocs\w32x86\*.* %systemroot%\REPAIR\*.bak1 %systemroot%\REPAIR\*.ini %systemroot%\system32\*.jpg %systemroot%\*.jpg %systemroot%\*.png %systemroot%\*.scr %systemroot%\*._sy %APPDATA%\Adobe\Update\*.* %ALLUSERSPROFILE%\Favorites\*.* %APPDATA%\Microsoft\*.* %PROGRAMFILES%\*.* %APPDATA%\Update\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\System32\config\*.sav %PROGRAMFILES%\bak. /s %systemroot%\system32\bak. /s %ALLUSERSPROFILE%\Start Menu\*.lnk /x %systemroot%\system32\config\systemprofile\*.dat /x %systemroot%\*.config %systemroot%\system32\*.db %PROGRAMFILES%\Internet Explorer\*.dat %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x %USERPROFILE%\Desktop\*.exe %PROGRAMFILES%\Common Files\*.* %systemroot%\*.src %systemroot%\install\*.* %systemroot%\system32\DLL\*.* %systemroot%\system32\HelpFiles\*.* %systemroot%\system32\rundll\*.* %systemroot%\winn32\*.* %systemroot%\Java\*.* %systemroot%\system32\test\*.* %systemroot%\system32\Rundll32\*.* %systemroot%\AppPatch\Custom\*.* HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs Now click Quick scan.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Post both logs in your reply. Then -Download aswMBR.exe from here: http://public.avast.com/~gmerek/aswMBR.exe and save it to your Dekstop -Double click the aswMBR.exe to run it -Click the "Scan" button to start scan -On completion of the scan click save log, save it to your desktop and post in your next reply Share this post Link to post Share on other sites