Last night my PC started acted odd. First I noticed that while on hxxp://www.articleblast.com/ I was constantly being redirected to a spammy survey page (even from my account pages). This only happened on Article Blast though. (The page I get automatically sent to: hxxp://consumer-deals.com–prize.info/uk/3I/3gdh/?engsec=4 )
I had a warning of sorts from Facebook and was locked out for a while, but since got back in. But, sometimes Facebook pages come up blank and need refreshing a few times.
Then my PC Tools Firewall stopped working and turned off.
I ran a scan with Avast and Malwarebytes but they found nothing.
Then a little later Avast popped up saying that it had found a rootkit virus and suggested a scan on boot. So I did that and left it scanning overnight.
This morning Avast reports “no virus found” again.
I just went to ArticleBlast again and on reading a random article I was once again redirected. So something is still not right. Maybe ArticleBlast itself has been affected and the other things I saw were just coincidence? Although 4 coincidences in one evening seem a lot!
I just downloaded and ran Mcafees Rootkit Remover and that found nothing.
Suggestions please.
This is a work PC so really need to get secure. May clear all passwords out of Chrome and Firefox to be safe though.
Update: Also ran Kaspersky Rootkit Scanner and nothing found.
OK, scan finished, neiother of them have been removed or healed. Should I force delete them (Remove all unhealed) ?
Interesting as I Googled ntkrnlpa.exe and see some people have been reported BSOD related to it. Last week my PC did crash, BSOD, first time on this PC. So this may possible be another problem. Since then there has been a Windows update.
If nothing is obvious I will probably just reinstall Windows once everything is backed up.
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
Hmmm, so, if they know it is hacked, do they know if the virus can be passed on, and if so, what it is? Maybe I have something odd / new? Maybe I am just getting paranoid!
Kasperksy - Automatic Scan: running (events: 67072, objects: 306875, time: 04:08:57)
Still 1 day to go.
No threats found yet.
Chrome / Facebook: after Googling the problem I found a Yahoo! Answer that gave me an idea. I got under the Chrome bonnet and deleted all cookies. I then deleted several Extensions that I no longer use much.
This seems to have fixed the problem. No idea whether some old cookies or a specific extension, I got rid of a fair few, couple of SEO ones, a spell checker, 2 Google +1s, Gmail thingy, Skype thing. Something must have started upsetting Google Chrome. No idea what as I steamed in and removed them all (sorry!).
Kasperky will finish in about a week by the looks of things (8% complete after 4 hours, so I guess it could be 2 days?).
I guess no harm in leaving it running while it is there. Almost time for bed, maybe it will be done in the morning. It is not slowing things down either.
Is there a way to find out if articleblast.com has been hacked then?
Norman lab
This site does not contain any malicious javascript or exploit, it has three tracking scripts related to ads adBrite, quantserve and Google Analytics that are possibly inserted by site admin or by some wordpress plugin.
So do they have a virus on not? The site is unusable for me, every single page results in a redirect. And same problem affected a friend that took a look for me.