Lately I have had 2 computers infected with something that will randomly give me popups to news-11-today.com, easyshoplocal.com, localpages.com, and lots more. Also if I do a google search, and click on a link, it won’t send me to that page, but other random pages.
Avast hasn’t caught anything yet. Can you help me make this thing go away?
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
after install click update so you have latest database before scan
run quick scan and click on the remove selected button to quarantine anything found
you may post the scan log here
Report 2010-06-25 20:22:58 (GMT 1)
Website news-11-today.com
Domain Hash c38355cae74da1130c96b5794612ffb3
IP Address 174.143.45.135 [SCAN]
IP Hostname -
IP Country US (United States)
AS Number 33070
AS Name RMH-14 - Rackspace Hosting
Detections 2 / 19 (11 %)
Status SUSPICIOUS
Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee TrustedSource CLEAN
Scanning site with: MyWOT DETECTED
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard DETECTED
Scanning site with: ZeuS Tracker CLEAN
Report 2010-06-25 20:27:09 (GMT 1)
Website localpages.com
Domain Hash 6a632bab368bc7d3472c77724798438c
IP Address 64.74.172.200 [SCAN]
IP Hostname localpages.com
IP Country US (United States)
AS Number 10912
AS Name INTERNAP-BLK - Internap Network Services Corp…
Detections 3 / 19 (16 %)
Status DANGEROUS
Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts DETECTED
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee TrustedSource CLEAN
Scanning site with: MyWOT DETECTED
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard DETECTED
Scanning site with: ZeuS Tracker CLEAN
As this is happening on two computers are they connecting via a router ? If so the router might be infected. I will do one system at a time, would it be possible to keep the other disconnected from the net ?
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan…click on NO, then use the following settings for a more complete scan…
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED …
[] IAT/EAT
[] Drives/Partition other than Systemdrive (typically C:)
[*] Show All (don’t miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg
Click the image to enlarge it
[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [Save…] button, and in the File name area, type in “ark.txt”
[*]Save the log where you can easily find it, such as your desktop. CautionRootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries
Please copy and paste the report into your Post.
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select Scan all users
[*]Under the Custom Scan box paste this in