Jump to content


Photo

Dogpile - Redirect


  • This topic is locked This topic is locked
15 replies to this topic

#1 Bob5280

Bob5280

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 10 August 2011 - 04:14 PM

When I do a search on Dogpile.com and click on one of the search link my computeris being redirected
to CS.INFOSPACE.COM - but only momentarily - then I am taken to the search link that I had clicked on.
This is NOT happening in say Google. The exact URL that I am being taken to is:

http://cs.infospace....ashx?...e&ep=0
euip=70.22.218.33&npp=1&p=0&pp=3&pvaid=e0cec14a378248dbb3c2e5c1b8a15303&ru=http%3a%2f%2fwww.ebaumsworld.com%2fuser%2fblog%2fSpaceEagle%2fview%3d815664972f&s=dogpile&sid=794727687.869437799649.1312900556
&vid=794727687.869437799649.1312804680.5&hash=B25411A37CFFE88722536C68855C1E91

The URL contains a hash number.

I am also getting a tremendous amount of APHXXX.TMP files created in my C:\TEMP directory whenever I go to the Internet. When I open these files in Notepad - they appear to be webpage codings of places that I have surfed.

I have scanned with Ad-Aware Internet Security Pro and found nothing but cookies.

Any suggestions that you may have would be great.

#2 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 11 August 2011 - 09:31 AM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 Bob5280

Bob5280

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 12 August 2011 - 03:41 PM

Attached File  dds.txt   13.28KB   202 downloads

When I do a search on Dogpile.com and click on one of the search link my computeris being redirected
to CS.INFOSPACE.COM - but only momentarily - then I am taken to the search link that I had clicked on.
This is NOT happening in say Google. The exact URL that I am being taken to is:

http://cs.infospace....ashx?...e&ep=0
euip=70.22.218.33&npp=1&p=0&pp=3&pvaid=e0cec14a378248dbb3c2e5c1b8a15303&ru=http%3a%2f%2fwww.ebaumsworld.com%2fuser%2fblog%2fSpaceEagle%2fview%3d815664972f&s=dogpile&sid=794727687.869437799649.1312900556
&vid=794727687.869437799649.1312804680.5&hash=B25411A37CFFE88722536C68855C1E91

The URL contains a hash number.

I am also getting a tremendous amount of APHXXX.TMP files created in my C:\TEMP directory whenever I go to the Internet. When I open these files in Notepad - they appear to be webpage codings of places that I have surfed.

I have scanned with Ad-Aware Internet Security Pro and found nothing but cookies.

Any suggestions that you may have would be great.

Attached Files



#4 Bob5280

Bob5280

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 12 August 2011 - 03:42 PM

Attached File  dds.txt   13.28KB   202 downloads

Attached Files

  • Attached File  dds.txt   13.28KB   142 downloads


#5 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 12 August 2011 - 04:23 PM

Hi,

You should keep only one of these: Ad-Aware, BitDefender or Microsoft Security Essentials. It's not recommended to have multiple antivirus programs installed and running.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#6 Bob5280

Bob5280

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 12 August 2011 - 06:36 PM

Hi,

You should keep only one of these: Ad-Aware, BitDefender or Microsoft Security Essentials. It's not recommended to have multiple antivirus programs installed and running.
Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.



I ran combofix but could find no Combofox text file. Attached are the DDS generated files

Attached Files



#7 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 13 August 2011 - 09:32 AM

Hi,

Please look for ComboFix.txt file in c:\ and c:\ComboFix locations. If you can't find one please run ComboFix again.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#8 Bob5280

Bob5280

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 13 August 2011 - 03:32 PM

Hi,

Please look for ComboFix.txt file in c:\ and c:\ComboFix locations. If you can't find one please run ComboFix again.


I have searched for it and run Combofix a number of times and still no combofix.txt. When I use Windows search it finds a copy but when I click on it it says that the path is invalid. Also get a message on reboot (everytime combofix is run) that windows has recovered from a serious error.

Edited by Bob5280, 13 August 2011 - 03:51 PM.


#9 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 13 August 2011 - 04:00 PM

Hi,

Try to run ComboFix in safe mode making sure protection software is disabled. Also, I still recommend you uninstall extra antivirus programs to free system resources.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#10 Bob5280

Bob5280

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 13 August 2011 - 05:56 PM

Hi,

Try to run ComboFix in safe mode making sure protection software is disabled. Also, I still recommend you uninstall extra antivirus programs to free system resources.


Took two tries in Safe mode to produce the Combofix.txt file. VERY scary infections on this computer. I am so glad that you are doing this - much appreciated believe me. I will attach all the files requested to this post

Attached Files



#11 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 14 August 2011 - 09:14 AM

Hi again,

Upload c:\windows\system32\kernel32.dll file to http://www.virustotal.com (choose to reanalyse if prompted) and post back a link to the results.

* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish
  • Copy and paste results as a reply to this topic.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#12 Bob5280

Bob5280

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 14 August 2011 - 03:58 PM

Attached are the results

Attached Thumbnails

  • Kernel_dll_08_14_2011_1.jpg
  • Kernel_dll_08_14_2011_2.jpg
  • Kernel_dll_08_14_2011_3.jpg
  • Eset_Scan_08_14_2011.jpg


#13 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 14 August 2011 - 04:35 PM

Things look ok. It seems problem isn't in your system. Someone else mentioned about similar redirections in this topic.

Let's uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#14 Bob5280

Bob5280

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 14 August 2011 - 05:58 PM

Things look ok. It seems problem isn't in your system. Someone else mentioned about similar redirections in this topic.

Let's uninstall ComboFix:

  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


I uninstalled Combofix. Thanks for the "heads-up" with Dogpile - probably something that they are doing. Thanks for sticking with this with my computer - much appreciated. I know that this is a step-wise procedure and is tedious - appreciate your patience.

#15 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 14 August 2011 - 08:21 PM

You're welcome :D
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#16 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 16 August 2011 - 07:54 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users