Go Back   Android Forums > Android Community > The Lounge > Computers & IT

Get excited for the Samsung Galaxy S5! Find everything you need and discuss it in our Galaxy S5 Forum!

test: Reply
 
LinkBack Thread Tools
Old October 19th, 2011, 10:16 PM   #1 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default Angelfire redirect

So just noticed something to do with angelfire was giving me bogus search results in google and the top 10 results or so upon clicking them gave me a redirect to some malicious site(s)...

As far as I can tell it isn't affecting my system anywhere else. Had a pretty serious attack 2 weeks ago and scanned (in safe mode) for 2 whole days till pc started acting right. Just occured to me tonight that this was happening, I assume since the original attack.

Haven't been back in safe mode since original attack but regular scans with superantispyware and malwarebytes come up empty. Doing one last full scan with security essentials before i mess with safe mode again.....

Only happens in FF 7.0.1... checked all the settings i can think of, cleared cookies, cache.....

Any thoughts/ideas on how to gwet rid of or stop the redirects?

NightAngel79 is offline  
Reply With Quote
sponsored links
Old October 19th, 2011, 11:43 PM   #2 (permalink)
Senior Member
 
andruoid's Avatar
 
Join Date: Jan 2011
Location: BC, Canada
Gender: Male
Posts: 811
 
Device(s): NEXUS 4
Carrier: Not Provided

Thanks: 133
Thanked 187 Times in 148 Posts
Default

off the top of my head, just check your hosts file in C:\windows\system32\drivers\etc ...right click hosts, select Open and open with notepad. Any odd entries that dont have a comment; "#" copy/paste them here.

This is what a normal hosts file looks like:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
andruoid is offline  
Last edited by andruoid; October 19th, 2011 at 11:46 PM.
Reply With Quote
The Following User Says Thank You to andruoid For This Useful Post:
NightAngel79 (October 20th, 2011)
Old October 20th, 2011, 08:54 AM   #3 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

Quote:
Originally Posted by andruoid View Post
off the top of my head, just check your hosts file in C:\windows\system32\drivers\etc ...right click hosts, select Open and open with notepad. Any odd entries that dont have a comment; "#" copy/paste them here.

This is what a normal hosts file looks like:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Yea tried that... ^that is exactly what mine looks like....
NightAngel79 is offline  
Reply With Quote
Old October 20th, 2011, 09:04 AM   #4 (permalink)
4 8 15 16 23 42
 
Xyro's Avatar
 
Join Date: Dec 2009
Location: UK
Posts: 11,989
 
Device(s): SGS3, Nexus 7, HTC Desire HD, HTC Hero (GSM)
Carrier: Orange

Thanks: 3,186
Thanked 7,189 Times in 3,840 Posts
xyro.af@gmail.com
Default

Are there any other symptoms other than the google search results?
__________________
Site Rules/Guidelines

If you see a post that needs a mod's attention, hit the button.
Xyro is offline  
Reply With Quote
Old October 20th, 2011, 09:11 AM   #5 (permalink)
Senior Member
 
andruoid's Avatar
 
Join Date: Jan 2011
Location: BC, Canada
Gender: Male
Posts: 811
 
Device(s): NEXUS 4
Carrier: Not Provided

Thanks: 133
Thanked 187 Times in 148 Posts
Default

ComboFix, not sure if you have tried this. I've had 100% recovery on the systems I have run this in. It's another malware/spyware removal tool. Here is the link for the utility and instructions; A guide and tutorial on using ComboFix
andruoid is offline  
Reply With Quote
The Following User Says Thank You to andruoid For This Useful Post:
NightAngel79 (October 20th, 2011)
Old October 20th, 2011, 09:56 AM   #6 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

Quote:
Originally Posted by Xyro View Post
Are there any other symptoms other than the google search results?

The links almost look like real links but if clicked lead to malicious sites. Other than that no, left pc in safe mode scanning with malwarebytes. Will also try the above I guess...
NightAngel79 is offline  
Reply With Quote
Old October 20th, 2011, 05:26 PM   #7 (permalink)
Senior Member
 
ToastPwnz's Avatar
 
Join Date: Jul 2010
Posts: 522
 
Device(s): HTC Droid Eris (retired), Verizon Samsung Galaxy Nexus, HP Touchpad
Carrier: Not Provided

Thanks: 51
Thanked 74 Times in 69 Posts
Default

Don't use ComboFix, its highly unlikely whatever is causing it is "serious" enough for ComboFix.
No offense intended to the poster or you, I just hate seeing people screw up their computer because they haven't learned how ComboFix and programs like it work.

I'm willing to help if you still need it, just let me know.
ToastPwnz is offline  
Reply With Quote
Old October 20th, 2011, 05:49 PM   #8 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

Quote:
Originally Posted by ToastPwnz View Post
Don't use ComboFix, its highly unlikely whatever is causing it is "serious" enough for ComboFix.
No offense intended to the poster or you, I just hate seeing people screw up their computer because they haven't learned how ComboFix and programs like it work.

I'm willing to help if you still need it, just let me know.
i'm down for any advice. i consider myself an advanced user so am willing to try anything.. scanning with antispyware and malwarebytes in safe mode yielded zero results still


edit: combofix sounds promising but would love to hear your suggestions toast
NightAngel79 is offline  
Last edited by NightAngel79; October 20th, 2011 at 05:55 PM.
Reply With Quote
Old October 20th, 2011, 05:53 PM   #9 (permalink)
Senior Member
 
andruoid's Avatar
 
Join Date: Jan 2011
Location: BC, Canada
Gender: Male
Posts: 811
 
Device(s): NEXUS 4
Carrier: Not Provided

Thanks: 133
Thanked 187 Times in 148 Posts
Default

I'm not offend. I'm just busy studying for Security+ ...my mindset right now is nuke first and don't give malware a chance
andruoid is offline  
Reply With Quote
Old October 20th, 2011, 05:57 PM   #10 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

Quote:
Originally Posted by andruoid View Post
I'm not offend. I'm just busy studying for Security+ ...my mindset right now is nuke first and don't give malware a chance
Combo seems pretty straight forward. I've cleaned out systems you could barely use with the 2 programs i been using, hell my system had that fake AV going on couple weeks ago and i *thought* i got it all out. Its just this one little remnant i can't seem to get rid of
NightAngel79 is offline  
Reply With Quote
sponsored links
Old October 20th, 2011, 08:43 PM   #11 (permalink)
Senior Member
 
ToastPwnz's Avatar
 
Join Date: Jul 2010
Posts: 522
 
Device(s): HTC Droid Eris (retired), Verizon Samsung Galaxy Nexus, HP Touchpad
Carrier: Not Provided

Thanks: 51
Thanked 74 Times in 69 Posts
Default

Quote:
Originally Posted by NightAngel79 View Post
i'm down for any advice. i consider myself an advanced user so am willing to try anything.. scanning with antispyware and malwarebytes in safe mode yielded zero results still


edit: combofix sounds promising but would love to hear your suggestions toast
Its not so much that ComboFix is confusing, it is quite straight forward, its just that unless you know all the various commands, and theres a lot of them, and what they do, theres always a slight possibility you might mess something up.

If you can download OTL, run it and put the two logs it spits out (OTL.txt and Extras.txt) on Pastebin I should, though never a 100% guarantee, be able to find whats causing the problem from that, you can PM me the links to the logs if you would rather do that instead of posting them in this thread. I'm guessing off past experience its a registry edit that the fake AV left behind.


So many commas in those "passages".
ToastPwnz is offline  
Reply With Quote
Old October 20th, 2011, 09:02 PM   #12 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

So i shouldn't try OTL's 'run fix' or 'clean up' tools?

(scanning with it now)
NightAngel79 is offline  
Reply With Quote
Old October 20th, 2011, 09:07 PM   #13 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

edited

there they are
NightAngel79 is offline  
Last edited by NightAngel79; October 22nd, 2011 at 08:46 AM.
Reply With Quote
Old October 20th, 2011, 09:24 PM   #14 (permalink)
Senior Member
 
ToastPwnz's Avatar
 
Join Date: Jul 2010
Posts: 522
 
Device(s): HTC Droid Eris (retired), Verizon Samsung Galaxy Nexus, HP Touchpad
Carrier: Not Provided

Thanks: 51
Thanked 74 Times in 69 Posts
Default

Run OTL.exe[list][*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

[edited]


I'm thinking Audiogalaxy might be the problem, I can't see anything else in there that points toward the issue you're having. Run that fix and let me know if you still have that problem.
ToastPwnz is offline  
Last edited by NightAngel79; October 22nd, 2011 at 08:46 AM.
Reply With Quote
The Following User Says Thank You to ToastPwnz For This Useful Post:
NightAngel79 (October 21st, 2011)
Old October 20th, 2011, 09:33 PM   #15 (permalink)
4 8 15 16 23 42
 
Xyro's Avatar
 
Join Date: Dec 2009
Location: UK
Posts: 11,989
 
Device(s): SGS3, Nexus 7, HTC Desire HD, HTC Hero (GSM)
Carrier: Orange

Thanks: 3,186
Thanked 7,189 Times in 3,840 Posts
xyro.af@gmail.com
Default

I would have guessed 192.168.X.1 is the router.
Xyro is offline  
Reply With Quote
The Following User Says Thank You to Xyro For This Useful Post:
NightAngel79 (October 21st, 2011)
Old October 20th, 2011, 09:50 PM   #16 (permalink)
Senior Member
 
ToastPwnz's Avatar
 
Join Date: Jul 2010
Posts: 522
 
Device(s): HTC Droid Eris (retired), Verizon Samsung Galaxy Nexus, HP Touchpad
Carrier: Not Provided

Thanks: 51
Thanked 74 Times in 69 Posts
Default

Quote:
Originally Posted by Xyro View Post
I would have guessed 192.168.X.1 is the router.
That would also make sense, I get in a hurry and I tend to overlook at least one thing.
Better safe than sorry though, so far I haven't ran into any problems involving unrecognized IP's, but theres always that small chance.
ToastPwnz is offline  
Reply With Quote
The Following User Says Thank You to ToastPwnz For This Useful Post:
NightAngel79 (October 21st, 2011)
Old October 20th, 2011, 10:31 PM   #17 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

trying it now... i did have malware quarantine something from audiogalaxy instal folder.... maybe time to chuck that.... will run your fix and see whats up...

about IP, i have 4 computers on network at any given time, plus phone, plus ps3, 360, sometimes a wii and sometimes a nook... no idea what is what as far as ip's go but always figured the .1.1 was router...
NightAngel79 is offline  
Reply With Quote
Old October 20th, 2011, 10:41 PM   #18 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

edited
NightAngel79 is offline  
Last edited by NightAngel79; October 22nd, 2011 at 08:45 AM.
Reply With Quote
Old October 20th, 2011, 10:50 PM   #19 (permalink)
Senior Member
 
ToastPwnz's Avatar
 
Join Date: Jul 2010
Posts: 522
 
Device(s): HTC Droid Eris (retired), Verizon Samsung Galaxy Nexus, HP Touchpad
Carrier: Not Provided

Thanks: 51
Thanked 74 Times in 69 Posts
Default

Are you still getting the redirect? The script worked properly, so if Audiogalaxy was the problem, its gone now.
ToastPwnz is offline  
Reply With Quote
The Following User Says Thank You to ToastPwnz For This Useful Post:
NightAngel79 (October 21st, 2011)
Old October 21st, 2011, 09:48 AM   #20 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

Hmm still getting an abnormal amount of malicious results, the top 6 to 7 results lead to a site WOT gives a red/poor rating. The redirect doesn't seem to be happening though....

what do you see as the top results for this: https://www.google.com/search?hl=en&source=hp&biw=1760&bih=859&q=pc+error &oq=pc+error&aq=f&aqi=p-p1g9&aql=1&gs_sm=e&gs_upl=1781l3297l0l5168l8l8l0l0 l0l0l282l1356l0.5.3l8l0

and i just used the seard term pc error, it really doesn't matter what i google.
on that link (or just google 'pc error') are the top results pc-error-free; pcaholic; smartpctools? (just the top 3 for me)
NightAngel79 is offline  
Reply With Quote
sponsored links
Old October 21st, 2011, 09:51 AM   #21 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

hmmm, trying other search terms it seems it may have stopped.... before it was redirecting what looked like wikipedia links to weird stuff, doesn't seem to be happening now... Thanks a ton toast!!

Uninstalling audiogalaxy with revo now! Wonder what the deal with that is
NightAngel79 is offline  
Reply With Quote
Old October 21st, 2011, 02:47 PM   #22 (permalink)
Senior Member
 
ToastPwnz's Avatar
 
Join Date: Jul 2010
Posts: 522
 
Device(s): HTC Droid Eris (retired), Verizon Samsung Galaxy Nexus, HP Touchpad
Carrier: Not Provided

Thanks: 51
Thanked 74 Times in 69 Posts
Default

Quote:
Originally Posted by NightAngel79 View Post
hmmm, trying other search terms it seems it may have stopped.... before it was redirecting what looked like wikipedia links to weird stuff, doesn't seem to be happening now... Thanks a ton toast!!

Uninstalling audiogalaxy with revo now! Wonder what the deal with that is
In response to the post before this one, I see Smart PC Tools, PC Error Free and PC Hell.

Glad I could help, if it pops up again just let me know.
You can go ahead and use the Clean Up function in OTL now, assuming you still have it on your PC.
ToastPwnz is offline  
Reply With Quote
Old October 21st, 2011, 02:54 PM   #23 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

Quote:
Originally Posted by ToastPwnz View Post
In response to the post before this one, I see Smart PC Tools, PC Error Free and PC Hell.

Glad I could help, if it pops up again just let me know.
You can go ahead and use the Clean Up function in OTL now, assuming you still have it on your PC.
is there a need to 'clean up' ? still have on computer btw
NightAngel79 is offline  
Reply With Quote
Old October 21st, 2011, 04:01 PM   #24 (permalink)
Senior Member
 
ToastPwnz's Avatar
 
Join Date: Jul 2010
Posts: 522
 
Device(s): HTC Droid Eris (retired), Verizon Samsung Galaxy Nexus, HP Touchpad
Carrier: Not Provided

Thanks: 51
Thanked 74 Times in 69 Posts
Default

Quote:
Originally Posted by NightAngel79 View Post
is there a need to 'clean up' ? still have on computer btw
You don't have to, but I would recommend it since it will remove the files it moved earlier.
ToastPwnz is offline  
Reply With Quote
The Following User Says Thank You to ToastPwnz For This Useful Post:
NightAngel79 (October 21st, 2011)
Old October 21st, 2011, 05:09 PM   #25 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

word
NightAngel79 is offline  
Reply With Quote
Old October 21st, 2011, 11:50 PM   #26 (permalink)
Senior Member
 
9to5cynic's Avatar
 
Join Date: Feb 2011
Location: /home/
Posts: 4,858
 
Device(s): Galaxy S3 (Verizon) Evo 4G - retired/rooted
Carrier: Verizon

Thanks: 3,066
Thanked 1,762 Times in 1,189 Posts
Send a message via AIM to 9to5cynic
Default

What was the cause of this? Was it the audiogalaxy program or something else?

You may want to look into NoScript. A very helpful firefox extension.
9to5cynic is offline  
Reply With Quote
Old October 22nd, 2011, 12:04 AM   #27 (permalink)
Senior Member
 
ToastPwnz's Avatar
 
Join Date: Jul 2010
Posts: 522
 
Device(s): HTC Droid Eris (retired), Verizon Samsung Galaxy Nexus, HP Touchpad
Carrier: Not Provided

Thanks: 51
Thanked 74 Times in 69 Posts
Default

Quote:
Originally Posted by 9to5cynic View Post
What was the cause of this? Was it the audiogalaxy program or something else?

You may want to look into NoScript. A very helpful firefox extension.
It seems that it was Audiogalaxy, nothing else in the log looked to be related to that kind of problem.
ToastPwnz is offline  
Reply With Quote
Old October 22nd, 2011, 08:45 AM   #28 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

Quote:
Originally Posted by 9to5cynic View Post
What was the cause of this? Was it the audiogalaxy program or something else?

You may want to look into NoScript. A very helpful firefox extension.
Noscript blocked way too much shit, always had to 'allow' crap and i got tired of messing with it, usually am fine with adblockplus...

Quote:
Originally Posted by ToastPwnz View Post
It seems that it was Audiogalaxy, nothing else in the log looked to be related to that kind of problem.
yea, really am wondering what the deal with audiogalaxy was, didnt really use it any more so no big deal to delete it just wonder how/what infected it...

(btw, gonna edit those logs out of my posts, dont see any reason for them to stay. will leave thread open though, hard telling who else it might help
NightAngel79 is offline  
Reply With Quote
Old October 22nd, 2011, 09:31 AM   #29 (permalink)
Senior Member
 
andruoid's Avatar
 
Join Date: Jan 2011
Location: BC, Canada
Gender: Male
Posts: 811
 
Device(s): NEXUS 4
Carrier: Not Provided

Thanks: 133
Thanked 187 Times in 148 Posts
Default

I've been too busy to help but it looks like everything ToastPwnz killed off the issue. 8)

"If" something is redirecting you in the future open a command line and type: netstat -an this will show current connections and port numbers they are using. From there you can select the redirect IP and just add it to a firewall deny/block rule until you find out what is going on.
andruoid is offline  
Last edited by andruoid; October 22nd, 2011 at 10:41 AM.
Reply With Quote
The Following User Says Thank You to andruoid For This Useful Post:
NightAngel79 (October 22nd, 2011)
Old October 22nd, 2011, 04:18 PM   #30 (permalink)
Senior Member
 
ToastPwnz's Avatar
 
Join Date: Jul 2010
Posts: 522
 
Device(s): HTC Droid Eris (retired), Verizon Samsung Galaxy Nexus, HP Touchpad
Carrier: Not Provided

Thanks: 51
Thanked 74 Times in 69 Posts
Default

Quote:
Originally Posted by NightAngel79 View Post
Noscript blocked way too much shit, always had to 'allow' crap and i got tired of messing with it, usually am fine with adblockplus...



yea, really am wondering what the deal with audiogalaxy was, didnt really use it any more so no big deal to delete it just wonder how/what infected it...

(btw, gonna edit those logs out of my posts, dont see any reason for them to stay. will leave thread open though, hard telling who else it might help
According to its entry on SystemLookup, it has some adware programs packaged with it.

SystemLookup - Audiogalaxy
ToastPwnz is offline  
Reply With Quote
The Following User Says Thank You to ToastPwnz For This Useful Post:
NightAngel79 (October 23rd, 2011)
sponsored links
Old October 23rd, 2011, 06:49 AM   #31 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

It seems the other profile on my pc is having redirect issues also. havent had time to look at it yet though, *thought* i completely got rid of audiogalaxy so not sure what the dealio is
NightAngel79 is offline  
Reply With Quote
Old October 23rd, 2011, 07:37 AM   #32 (permalink)
Member
 
Join Date: May 2011
Location: Near Stirling, Scotland
Posts: 214
 
Device(s): Samsung Galaxy S3 LTE i9305
Carrier: Not Provided

Thanks: 12
Thanked 39 Times in 28 Posts
Default

try this site and search for Audiogalaxy

Adware, Spyware and Advertising Trojans - Info & Removal Procedures
Haggistech is offline  
Reply With Quote
The Following User Says Thank You to Haggistech For This Useful Post:
NightAngel79 (October 23rd, 2011)
Old October 23rd, 2011, 01:19 PM   #33 (permalink)
Over Macho Grande?
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

You should give NoScript a chance IMO. And unlike Fallout 3, I'm serisouly gonna try and talk you into this

Best thing to do with NoScript is train it. Whitelist the sites you trust permanently and after awhile the hassle factor is not a big deal.

Also make sure to show the add-ons bar at the bottom, and customize it with the "temporarily allow all this page" button.


alostpacket is offline  
Reply With Quote
The Following User Says Thank You to alostpacket For This Useful Post:
NightAngel79 (October 23rd, 2011)
Old October 23rd, 2011, 01:56 PM   #34 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

Quote:
Originally Posted by alostpacket View Post
You should give NoScript a chance IMO. And unlike Fallout 3, I'm serisouly gonna try and talk you into this

Best thing to do with NoScript is train it. Whitelist the sites you trust permanently and after awhile the hassle factor is not a big deal.

Also make sure to show the add-ons bar at the bottom, and customize it with the "temporarily allow all this page" button.


LOL!!

I gave up on it pretty easily... after i get this redirect issue completely stamped out then *maybe*
NightAngel79 is offline  
Reply With Quote
Old October 23rd, 2011, 01:57 PM   #35 (permalink)
Over Macho Grande?
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

alostpacket is offline  
Reply With Quote
Old October 23rd, 2011, 05:00 PM   #36 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

Well i I figured out when the initial infection left behind. The other profile has NO extensions in firefox, so when i saw XUL Cache 1.0 on the list i knew something was up. Removed it and redirects stopped completely

When i went back to my desktop to remove it it completely looked up firefox. I'm on a rare visit with chrome right now. Don't wanna kill the process cause i have like 9 tabs open for research (helping SO with homework.)

Screenshot of add-on
NightAngel79 is offline  
Reply With Quote
Old October 23rd, 2011, 05:42 PM   #37 (permalink)
Member
 
Join Date: May 2011
Location: Near Stirling, Scotland
Posts: 214
 
Device(s): Samsung Galaxy S3 LTE i9305
Carrier: Not Provided

Thanks: 12
Thanked 39 Times in 28 Posts
Default

ThreatExpert Report: Malware.Ackantta, W32.Ackantta!gen, Trojan.Win32.Buzus.dccy, Generic.dx!nai..
Haggistech is offline  
Reply With Quote
Old October 23rd, 2011, 06:40 PM   #38 (permalink)
Senior Member
 
andruoid's Avatar
 
Join Date: Jan 2011
Location: BC, Canada
Gender: Male
Posts: 811
 
Device(s): NEXUS 4
Carrier: Not Provided

Thanks: 133
Thanked 187 Times in 148 Posts
Default

Quote:
Originally Posted by NightAngel79 View Post

Screenshot of add-on

Canonical? ...isn't that the parent of Ubuntu?
andruoid is offline  
Reply With Quote
Old October 23rd, 2011, 07:21 PM   #39 (permalink)
Jolly Bounty Hunter
Thread Author (OP)
 
NightAngel79's Avatar
 
Join Date: May 2010
Location: Northern Ky
Gender: Male
Posts: 21,312
 
Device(s): HTC OneMax; Note 10.1; DROID DNA (retired);Transformer Prime(daughter); Rezound(retired); Droid In
Carrier: Verizon

Thanks: 13,496
Thanked 6,328 Times in 3,873 Posts
Send a message via Skype™ to NightAngel79
Default

Quote:
Originally Posted by andruoid View Post
Canonical? ...isn't that the parent of Ubuntu?

Not sure
NightAngel79 is offline  
Reply With Quote
Old October 23rd, 2011, 07:31 PM   #40 (permalink)
Senior Member
 
ToastPwnz's Avatar
 
Join Date: Jul 2010
Posts: 522
 
Device(s): HTC Droid Eris (retired), Verizon Samsung Galaxy Nexus, HP Touchpad
Carrier: Not Provided

Thanks: 51
Thanked 74 Times in 69 Posts
Default

Quote:
Originally Posted by andruoid View Post
Canonical? ...isn't that the parent of Ubuntu?
Indeed it is, unless there are multiple Canonical LTD's.
Canonical Homepage | Canonical
ToastPwnz is offline  
Reply With Quote
sponsored links
Reply


Go Back   Android Forums > Android Community > The Lounge > Computers & IT
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 02:18 AM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.