Add me to the list of those with redirect issues. Click on link results from a Google search and if it doesn’t go to the right place it’s either a redirect or an avast site block alert, which I assume now that avast is blocking the redirect site rather than the site I was trying to go to.
Attached are the results from my aswMBR scan.
A couple of stupid questions. I see this is being called by some a “Google” redirect issue. By that one would assume you could use other search engines and not have the problem, or is this a case of using google generically to mean all search engines? And I’m guessing this is across all browsers?
Also, is it just when clicking a link from a search or have people found it an issue when going to normal sites they always visit (typing in a url, clicking a bookmark, etc.) or clicking links in a forum, say like from avast?
What is OTS? This is just a scan, right, doesn’t make any changes or anything, won’t cause any system crashes. I’ve read several threads on here where people have run into system problems trying run some things. That may be because of other issues they may have on their computer, though. My computer is my job, so partner that with my lack of computer knowledge and I tend to be probably more paranoid about trying things than I should be.
Thanks!
I just finished a MBAM quick scan and I’m now running a full scan.
UPDATE: MBAM full scan showed no issues.
SECOND UPDATE: Probably wasn’t necessary but I uploaded the .dat file created by aswMBR to VirusTotal and nothing showed up: 0/43. Saw this suggested to others a few times so I thought, why not.
Yes, it is the scanner (OldTimer’s Scan-It!). It makes log with detail info about your system, this log can be seen by malware remove specialist (essexboy, probably :). Also this scanner can apply custom fixes but these fixes should be written specially for your system. And it is necessary to look at this kind of log to understand where can be problem.
Old-Timers Scan-It. Never in a million years would I have guessed that one! Thanks, psw! I have some client work I have to get done and since the scan may take a while and the instructions say not to do anything else on the computer while the scan is running, I’ll have to do it later today. I’ll post the results.
Thought I’d add this quickly. When the avast malicious site blocker comes up it has this:
64 dot 111 dot 211 dot 172
Also, does it affect Start Page browser? Since it doesn’t happen with every link I click on I can’t tell. Does happen with Bing, Google, Yahoo, Dogpile.
The combofix thing in the other thread is I believe because of the new variant malware doing the rounds… However, he is the only one (to my knowledge) that has experienced it. Since then we have learnt more about this variant and will be taking a different approach. Actually you can use the system whilst OTS is running but it will be a little slow while it does its data gathering thing
OK this may take a bit longer as your temporary folders are pretty full and I will be emptying them, on completion let me know if the redirects persist
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
Received an error message and so fix did not continue. Also ended up with a kind of grayed-out thumbs.db icon on my desktop after I restarted. Do you know what that is from? I started to delete it but then it said it was a system file so I didn’t. It wasn’t there before I tried to run the fix.
Held my breath that the icons and such would come back after I restarted since the program didn’t finish.
Here’s the message:
“Access violation at address 00402993 in module OTS.exe Read of address 01712000.”
The system files will be revealed whilst OTS does it’s work and it will kill all processes so that it can run uninterupted. We will hide the files once you are clean
Could you re-run a quick OTS scan please no scripts required to see if it removed the miscreant
Clicked on OTS to run and after avast recommending I open in sandbox and I chose to open normally this popped up in a Notepad window:
Files\Folders moved on Reboot…
File move failed. C:\WINDOWS\temp_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_960.dat not found!
Registry entries deleted on Reboot…
Also, what does running without script mean? Running it without the added things in the Customer Scan box and Additional Scans?
So far it’s not happening but it didn’t happen all the time before so…
FORGOT TO ADD THIS: the name of the file with the message above is 07152011_163825.log.
Do I try it again? (I realize you guys might be headed off to bed soon.)
This “File move failed. C:\WINDOWS\temp_avast_\Webshlock.txt scheduled to be moved on reboot.” is an avast file and as such whilst you have a browser open will be present and protected. So it isn’t an issue if removed on boot, it will be recreated when required.
I had put my best guesses down as I thought essexboy would be tucked up in bed now ;D