• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 930
  • Last Modified:

Help Help Help Redirecting Virus

Hi Just trying to fix a machine,

Have run adaware and avast, removed the issues from there,

problem lies when i search in the address bar ie type anything in the address bar, where you epect it to seach

i n the status bar it starts by showing google.com then goes to top-10-stores.com keeps redirecting between the 2, not actually displaying anyhing all the movement is in the status bar.

it then halts in firefox it says this

"Problem loading page

Firefox has detected that the server is redirecting the request for this address in a way that will never complete."

help help help

what should i do net.

Thanks

Shane
0
ShaneJones
Asked:
ShaneJones
  • 3
2 Solutions
 
SheharyaarSaahilCommented:
Check your Hosts file as described here
http://accs-net.com/hosts/how_to_use_hosts.html

Or use Hijackthis, and post here the link to its analysed+saved log file
http://www.alaynah.net/shehar/hijackthis.htm
0
 
ShaneJonesAuthor Commented:
the hosts files were all ammended before i made this post,

hijack this can you post me the url for the download as i cannot get to any of the pages that the file is located on, it goes straight to the redirect

been looking at the http headers on firefox here is some info for me trying to load google

15:20:08.875[281ms][total 281ms] Status: 302[Found]
GET http://www.google.co.uk/ Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[www.google.co.uk]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:05 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://top-10-shop.com/c.php]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:09.156[260ms][total 260ms] Status: 302[Found]
GET http://top-10-shop.com/c.php Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[top-10-shop.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:05 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://www.google.com/spam]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:09.416[260ms][total 260ms] Status: 302[Found]
GET http://www.google.com/spam Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[www.google.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:05 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://top-10-shop.com/c.php]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:09.676[11217ms][total 11217ms] Status: 302[Found]
GET http://top-10-shop.com/c.php Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[top-10-shop.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:17 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://www.google.com/spam]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:20.903[260ms][total 260ms] Status: 302[Found]
GET http://www.google.com/spam Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[www.google.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:17 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://top-10-shop.com/c.php]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:21.163[1051ms][total 1051ms] Status: 302[Found]
GET http://top-10-shop.com/c.php Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[top-10-shop.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:18 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://www.google.com/spam]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:22.224[261ms][total 261ms] Status: 302[Found]
GET http://www.google.com/spam Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[www.google.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:18 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://top-10-shop.com/c.php]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:22.485[2544ms][total 2544ms] Status: 302[Found]
GET http://top-10-shop.com/c.php Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[top-10-shop.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:21 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://www.google.com/spam]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:25.029[270ms][total 270ms] Status: 302[Found]
GET http://www.google.com/spam Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[www.google.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:21 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://top-10-shop.com/c.php]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:25.299[0ms][total 0ms] Status: pending[]
GET http://top-10-shop.com/c.php Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[unknown] Mime Type[unknown]
   Request Headers:
      Host[top-10-shop.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]

0
 
rpggamergirlCommented:
Here.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet, just upload the logfile created, go here and paste your Hijackthis log, http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or copy and paste the log at;
http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Post the link to the saved list here.
0
 
rpggamergirlCommented:
The link I posted above is a direct download so you shouldn't get redirected.

Your problem could be wareout, but until we see the Hijackthis log we won't know for sure.

You must have an active Internet connection when running this fix, in order to download the Brute Force Uninstaller (BFU) from Merijn's page.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

If you have problems with your connection:
Please go to Start -> Control Panel, and choose Network Connections.  Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties.  Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically.  Click OK twice, and restart your computer.
0
 
rpggamergirlCommented:
Wow! that was so quick!
Is the redirection gone? it was a wareout then?

You didn't have to award points straightaway, some Askers wait for days, :)

Thanks for the points with an "A" grade!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now