Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Help Help Help Redirecting Virus

Posted on 2006-04-29
5
Medium Priority
?
913 Views
Last Modified: 2012-06-27
Hi Just trying to fix a machine,

Have run adaware and avast, removed the issues from there,

problem lies when i search in the address bar ie type anything in the address bar, where you epect it to seach

i n the status bar it starts by showing google.com then goes to top-10-stores.com keeps redirecting between the 2, not actually displaying anyhing all the movement is in the status bar.

it then halts in firefox it says this

"Problem loading page

Firefox has detected that the server is redirecting the request for this address in a way that will never complete."

help help help

what should i do net.

Thanks

Shane
0
Comment
Question by:ShaneJones
  • 3
5 Comments
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 800 total points
ID: 16568928
Check your Hosts file as described here
http://accs-net.com/hosts/how_to_use_hosts.html

Or use Hijackthis, and post here the link to its analysed+saved log file
http://www.alaynah.net/shehar/hijackthis.htm
0
 
LVL 12

Author Comment

by:ShaneJones
ID: 16568952
the hosts files were all ammended before i made this post,

hijack this can you post me the url for the download as i cannot get to any of the pages that the file is located on, it goes straight to the redirect

been looking at the http headers on firefox here is some info for me trying to load google

15:20:08.875[281ms][total 281ms] Status: 302[Found]
GET http://www.google.co.uk/ Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[www.google.co.uk]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:05 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://top-10-shop.com/c.php]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:09.156[260ms][total 260ms] Status: 302[Found]
GET http://top-10-shop.com/c.php Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[top-10-shop.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:05 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://www.google.com/spam]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:09.416[260ms][total 260ms] Status: 302[Found]
GET http://www.google.com/spam Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[www.google.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:05 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://top-10-shop.com/c.php]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:09.676[11217ms][total 11217ms] Status: 302[Found]
GET http://top-10-shop.com/c.php Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[top-10-shop.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:17 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://www.google.com/spam]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:20.903[260ms][total 260ms] Status: 302[Found]
GET http://www.google.com/spam Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[www.google.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:17 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://top-10-shop.com/c.php]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:21.163[1051ms][total 1051ms] Status: 302[Found]
GET http://top-10-shop.com/c.php Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[top-10-shop.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:18 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://www.google.com/spam]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:22.224[261ms][total 261ms] Status: 302[Found]
GET http://www.google.com/spam Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[www.google.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:18 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://top-10-shop.com/c.php]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:22.485[2544ms][total 2544ms] Status: 302[Found]
GET http://top-10-shop.com/c.php Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[top-10-shop.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:21 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://www.google.com/spam]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:25.029[270ms][total 270ms] Status: 302[Found]
GET http://www.google.com/spam Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[text/html]
   Request Headers:
      Host[www.google.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]
   Response Headers:
      Date[Sat, 29 Apr 2006 14:20:21 GMT]
      Server[Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a]
      Location[http://top-10-shop.com/c.php]
      Connection[close]
      Transfer-Encoding[chunked]
      Content-Type[text/html; charset=iso-8859-1]


15:20:25.299[0ms][total 0ms] Status: pending[]
GET http://top-10-shop.com/c.php Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[unknown] Mime Type[unknown]
   Request Headers:
      Host[top-10-shop.com]
      User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2]
      Accept[text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5]
      Accept-Language[en-gb,en;q=0.5]
      Accept-Encoding[gzip,deflate]
      Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
      Keep-Alive[300]
      Connection[keep-alive]

0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 1200 total points
ID: 16568969
Here.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet, just upload the logfile created, go here and paste your Hijackthis log, http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or copy and paste the log at;
http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Post the link to the saved list here.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 16568991
The link I posted above is a direct download so you shouldn't get redirected.

Your problem could be wareout, but until we see the Hijackthis log we won't know for sure.

You must have an active Internet connection when running this fix, in order to download the Brute Force Uninstaller (BFU) from Merijn's page.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

If you have problems with your connection:
Please go to Start -> Control Panel, and choose Network Connections.  Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties.  Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically.  Click OK twice, and restart your computer.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 16569142
Wow! that was so quick!
Is the redirection gone? it was a wareout then?

You didn't have to award points straightaway, some Askers wait for days, :)

Thanks for the points with an "A" grade!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question