This one seems to be making the rounds, doesn’t it? Same old story: Suddenly found that Firefox is trying to redirect me from Google results to various addresses; Avast stops it most of the time, with the result that every site on my search results appears compromised, which is bollocks.
Running Firefox 3.6.18 and Windows 7 Ultimate 32-bit.
I read the posts here for a while and am here to beg for help. Ran OTS; I offer my log for analysis. Thanks for your time.
Edit: I believe I ran OTS before Malwarebytes Anti-Malware. My Malwarebytes scan of a little while ago uncovered a trojan which I promptly had the program fix; I did not make further note of it, but the redirect problem has persisted after a reboot.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
Thank you for seeing to my post so quickly. Please forgive my profound noobishness; I do not understand what you mean by asking me to upload the zipped malware files, as I do not know where they are located. I had to go AFK while the fix was running. When I returned, it had completed and popped the message saying I needed to reboot, but the program had frozen. Upon reloading my desktop, the OTS log appeared. I am attaching it now.
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Haha, thanks again! I have these programs, so I’m letting them do their thing. This will take quite some time, if my earlier MWBAM scan of an hour was any indication. I’ll post the results ASAP.
At the time of my last post, aswMBR was still in the early stages of its scan, so I could not upload anything yet.
Amalia seems to originally be an old Germanic name, though it is also used as a Hebrew name (and also Greek, apparently :D). It is not mine, though; I am an American involved in the Society for Creative Anachronism. Members of this group are encouraged to create for themselves a named persona representing a person who might have lived in the Middle Ages. I just decided to try it as my username.
I have attached the aswMBR log, as it’s finally finished. Starting MWBAM!
Thank you! Seems fine thus far; I was able to go to the first page of Google search results on “how to make a drinking horn”, while before, I couldn’t click most of those links without being redirected. Still running MWBAM.
I don’t think this is what he might be after as they are looking for the new variant and the aswMBR is reporting the default windows MBR, so it can’t be that, it would at least be reporting Unknown MBR code…
Or it could be well hidden or a failed installation of the malware (also happens).
Whilst it won’t hurt, I would be very surprised if much came out if this isn’t something I would expect many standard AV scans to be looking for much less pick up.