Anti-Spyware Forums


Reply
 
 
nobluesman
Guest
Posts: n/a

 
      26-10-2009, 11:31 AM

I seem to have been infected with a malware file or site that redirects my
search engine inquiries to "r3953724.cn" which sends my inquiries to various
advertisers.
I tried several methods of removing this malware to no avail. Is this a new
threat and how do I get rid of it?
--
nobluesman
 
Reply With Quote
 
 
 
 
Malke
Guest
Posts: n/a

 
      26-10-2009, 11:42 AM
nobluesman wrote:

> I seem to have been infected with a malware file or site that redirects my
> search engine inquiries to "r3953724.cn" which sends my inquiries to
> various advertisers.
> I tried several methods of removing this malware to no avail. Is this a
> new threat and how do I get rid of it?


There are always new threats. The only links I found referencing your
particular redirect location (aside from yours) were on BleepingComputer's
HijackThis forums in threads getting guided help. That's probably what you
should do next.

Here is a list of numerous links to specialty forums where you can get that
guided help, including BleepingComputer's forum:

http://www.elephantboycomputers.com/...html#HJT-links

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a

 
      26-10-2009, 12:08 PM
From: "nobluesman" <(E-Mail Removed)>

| I seem to have been infected with a malware file or site that redirects my
| search engine inquiries to "r3953724.cn" which sends my inquiries to various
| advertisers.
| I tried several methods of removing this malware to no avail. Is this a new
| threat and how do I get rid of it?
| --
| nobluesman

Malware - Yes.
Virus -- probably not.

Perform a scan using Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
The Central Scrutinizer
Guest
Posts: n/a

 
      26-10-2009, 12:36 PM
Which AV product are you using? Which browser?

--



"nobluesman" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> I seem to have been infected with a malware file or site that redirects my
> search engine inquiries to "r3953724.cn" which sends my inquiries to
> various
> advertisers.
> I tried several methods of removing this malware to no avail. Is this a
> new
> threat and how do I get rid of it?
> --
> nobluesman



 
Reply With Quote
 
Arik
Guest
Posts: n/a

 
      26-10-2009, 01:11 PM
I have the same thing, it appears to be a remnant rootkit of Smitfraud
malware.

Clean installs of Malwarebytes, SuperAntiSpyware, adaware, spybot, and
ATF cleaner finally got everything removed but for the redirect
rootkit. Still looking for information on how to get rid of this.
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a

 
      26-10-2009, 05:14 PM
From: "Arik" <(E-Mail Removed)>

| I have the same thing, it appears to be a remnant rootkit of Smitfraud
| malware.

| Clean installs of Malwarebytes, SuperAntiSpyware, adaware, spybot, and
| ATF cleaner finally got everything removed but for the redirect
| rootkit. Still looking for information on how to get rid of this.

If it is a RootKit, Gmer
http://www.gmer.net/#files

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
Arik
Guest
Posts: n/a

 
      27-10-2009, 06:38 PM


did not work. still getting redirected.

It is going to h**p://r3953724.cn followed by hundreds of characters
in a script and then redirecting to some ad sites.
 
Reply With Quote
 
FromTheRafters
Guest
Posts: n/a

 
      27-10-2009, 07:21 PM
"Arik" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I have the same thing, it appears to be a remnant rootkit of Smitfraud
> malware.
>
> Clean installs of Malwarebytes, SuperAntiSpyware, adaware, spybot, and
> ATF cleaner finally got everything removed but for the redirect
> rootkit. Still looking for information on how to get rid of this.


What is a "rootkit"?

Have you checked your "hosts" file or your ISP's DNS settings?

Do you get your connectivity through a router, and is it "locked down"?


 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a

 
      27-10-2009, 08:13 PM
From: "Arik" <(E-Mail Removed)>



| did not work. still getting redirected.

| It is going to h**p://r3953724.cn followed by hundreds of characters
| in a script and then redirecting to some ad sites.



Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en...HJTInstall.exe

Then post the contents of the HJT log in your post with a full explanation of your problem
and what you have done to date in one of the below expert forums...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/i...hp?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://gladiator-antivirus.com/forum...?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
The Central Scrutinizer
Guest
Posts: n/a

 
      28-10-2009, 05:36 AM



"FromTheRafters" <erratic @nomail.afraid.org> wrote in message
news:(E-Mail Removed)...
> "Arik" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I have the same thing, it appears to be a remnant rootkit of Smitfraud
>> malware.
>>
>> Clean installs of Malwarebytes, SuperAntiSpyware, adaware, spybot, and
>> ATF cleaner finally got everything removed but for the redirect
>> rootkit. Still looking for information on how to get rid of this.

>
> What is a "rootkit"?


Are you serious???

"A rootkit is a software system that consists of one or more programs
designed to obscure the fact that a system has been compromised."

Check wikipedia!!! WTF!

DUH...

> Have you checked your "hosts" file or your ISP's DNS settings?


Oh yeah that is it... Double DUH.

> Do you get your connectivity through a router, and is it "locked down"?


Score again... Triple DUH.

--


 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"a new settings file for" - receivedt it only by chance, or the first sign of a large scale A new settings file for the ablaugerei.lemke@t-online.de has just been releasedcampaign? Gabriele Neukam Anti-Virus 1 15-10-2009 05:48 PM
New Security Model, New Anti Malware Vision (Venak and Avenak WhitePaper) Niagria Virus Information 1 15-12-2007 04:23 PM
A new week, a new ANN about Windows Defender Malke Computer Security 3 13-03-2006 06:01 PM
New computer with new windows, but locked old windows RCBogusch Security Software 1 02-07-2005 05:09 AM
new security centre wont recognise my new macafee virus software katy Virus Information 4 01-10-2004 10:27 PM


All times are GMT. The time now is 10:40 AM.