• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Angelfire redirect

NightAngel79

Mandalorian
Administrator
May 11, 2010
25,308
13,894
Northern Ky
So just noticed something to do with angelfire was giving me bogus search results in google and the top 10 results or so upon clicking them gave me a redirect to some malicious site(s)...

As far as I can tell it isn't affecting my system anywhere else. Had a pretty serious attack 2 weeks ago and scanned (in safe mode) for 2 whole days till pc started acting right. Just occured to me tonight that this was happening, I assume since the original attack.

Haven't been back in safe mode since original attack but regular scans with superantispyware and malwarebytes come up empty. Doing one last full scan with security essentials before i mess with safe mode again.....

Only happens in FF 7.0.1... checked all the settings i can think of, cleared cookies, cache.....

Any thoughts/ideas on how to gwet rid of or stop the redirects?
 
off the top of my head, just check your hosts file in C:\windows\system32\drivers\etc ...right click hosts, select Open and open with notepad. Any odd entries that dont have a comment; "#" copy/paste them here.

This is what a normal hosts file looks like:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
 
  • Like
Reactions: NightAngel79
Upvote 0
off the top of my head, just check your hosts file in C:\windows\system32\drivers\etc ...right click hosts, select Open and open with notepad. Any odd entries that dont have a comment; "#" copy/paste them here.

This is what a normal hosts file looks like:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

Yea tried that... ^that is exactly what mine looks like....
 
Upvote 0
Don't use ComboFix, its highly unlikely whatever is causing it is "serious" enough for ComboFix.
No offense intended to the poster or you, I just hate seeing people screw up their computer because they haven't learned how ComboFix and programs like it work.

I'm willing to help if you still need it, just let me know.
 
Upvote 0
Don't use ComboFix, its highly unlikely whatever is causing it is "serious" enough for ComboFix.
No offense intended to the poster or you, I just hate seeing people screw up their computer because they haven't learned how ComboFix and programs like it work.

I'm willing to help if you still need it, just let me know.

i'm down for any advice. i consider myself an advanced user so am willing to try anything.. scanning with antispyware and malwarebytes in safe mode yielded zero results still


edit: combofix sounds promising but would love to hear your suggestions toast
 
Upvote 0
I'm not offend. :cool: I'm just busy studying for Security+ ...my mindset right now is nuke first and don't give malware a chance ;)

Combo seems pretty straight forward. I've cleaned out systems you could barely use with the 2 programs i been using, hell my system had that fake AV going on couple weeks ago and i *thought* i got it all out. Its just this one little remnant i can't seem to get rid of
 
Upvote 0
i'm down for any advice. i consider myself an advanced user so am willing to try anything.. scanning with antispyware and malwarebytes in safe mode yielded zero results still


edit: combofix sounds promising but would love to hear your suggestions toast

Its not so much that ComboFix is confusing, it is quite straight forward, its just that unless you know all the various commands, and theres a lot of them, and what they do, theres always a slight possibility you might mess something up.

If you can download OTL, run it and put the two logs it spits out (OTL.txt and Extras.txt) on Pastebin I should, though never a 100% guarantee, be able to find whats causing the problem from that, you can PM me the links to the logs if you would rather do that instead of posting them in this thread. I'm guessing off past experience its a registry edit that the fake AV left behind.


So many commas in those "passages". :p
 
Upvote 0
Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    [edited]


    I'm thinking Audiogalaxy might be the problem, I can't see anything else in there that points toward the issue you're having. Run that fix and let me know if you still have that problem.
 
  • Like
Reactions: NightAngel79
Upvote 0
trying it now... i did have malware quarantine something from audiogalaxy instal folder.... maybe time to chuck that.... will run your fix and see whats up...

about IP, i have 4 computers on network at any given time, plus phone, plus ps3, 360, sometimes a wii and sometimes a nook... no idea what is what as far as ip's go but always figured the .1.1 was router...
 
Upvote 0
Hmm still getting an abnormal amount of malicious results, the top 6 to 7 results lead to a site WOT gives a red/poor rating. The redirect doesn't seem to be happening though....

what do you see as the top results for this: https://www.google.com/search?hl=en...81l3297l0l5168l8l8l0l0l0l0l282l1356l0.5.3l8l0

and i just used the seard term pc error, it really doesn't matter what i google.
on that link (or just google 'pc error') are the top results pc-error-free; pcaholic; smartpctools? (just the top 3 for me)
 
Upvote 0
hmmm, trying other search terms it seems it may have stopped.... before it was redirecting what looked like wikipedia links to weird stuff, doesn't seem to be happening now... Thanks a ton toast!!

Uninstalling audiogalaxy with revo now! Wonder what the deal with that is

In response to the post before this one, I see Smart PC Tools, PC Error Free and PC Hell.

Glad I could help, if it pops up again just let me know.
You can go ahead and use the Clean Up function in OTL now, assuming you still have it on your PC.
 
Upvote 0
In response to the post before this one, I see Smart PC Tools, PC Error Free and PC Hell.

Glad I could help, if it pops up again just let me know.
You can go ahead and use the Clean Up function in OTL now, assuming you still have it on your PC.

is there a need to 'clean up' ? still have on computer btw
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones