1. Download our Official Android App: Forums for Android!

Angelfire redirect

Discussion in 'Computers' started by NightAngel79, Oct 19, 2011.

  1. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky
    So just noticed something to do with angelfire was giving me bogus search results in google and the top 10 results or so upon clicking them gave me a redirect to some malicious site(s)...

    As far as I can tell it isn't affecting my system anywhere else. Had a pretty serious attack 2 weeks ago and scanned (in safe mode) for 2 whole days till pc started acting right. Just occured to me tonight that this was happening, I assume since the original attack.

    Haven't been back in safe mode since original attack but regular scans with superantispyware and malwarebytes come up empty. Doing one last full scan with security essentials before i mess with safe mode again.....

    Only happens in FF 7.0.1... checked all the settings i can think of, cleared cookies, cache.....

    Any thoughts/ideas on how to gwet rid of or stop the redirects?
     

    Advertisement

  2. andruoid

    andruoid Android Expert
    Rank:
    None
    Points:
    343
    Posts:
    1,424
    Joined:
    Jan 10, 2011

    Jan 10, 2011
    1,424
    1,289
    343
    Male
    BC, Canada
    off the top of my head, just check your hosts file in C:\windows\system32\drivers\etc ...right click hosts, select Open and open with notepad. Any odd entries that dont have a comment; "#" copy/paste them here.

    This is what a normal hosts file looks like:

    # Copyright (c) 1993-2009 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    # localhost name resolution is handled within DNS itself.
    # 127.0.0.1 localhost
    # ::1 localhost
     
    NightAngel79 likes this.
  3. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky
    Yea tried that... ^that is exactly what mine looks like....
     
  4. Xyro

    Xyro 4 8 15 16 23 42
    Moderator
    Rank:
     #18
    Points:
    1,413
    Posts:
    12,878
    Joined:
    Dec 1, 2009

    Dec 1, 2009
    12,878
    9,199
    1,413
    UK
    Are there any other symptoms other than the google search results?
     
  5. andruoid

    andruoid Android Expert
    Rank:
    None
    Points:
    343
    Posts:
    1,424
    Joined:
    Jan 10, 2011

    Jan 10, 2011
    1,424
    1,289
    343
    Male
    BC, Canada
    ComboFix, not sure if you have tried this. I've had 100% recovery on the systems I have run this in. It's another malware/spyware removal tool. Here is the link for the utility and instructions; A guide and tutorial on using ComboFix
     
    NightAngel79 likes this.
  6. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky

    The links almost look like real links but if clicked lead to malicious sites. Other than that no, left pc in safe mode scanning with malwarebytes. Will also try the above I guess...
     
  7. ToastPwnz

    ToastPwnz Android Enthusiast
    Rank:
    None
    Points:
    98
    Posts:
    523
    Joined:
    Jul 20, 2010

    Jul 20, 2010
    523
    74
    98
    Don't use ComboFix, its highly unlikely whatever is causing it is "serious" enough for ComboFix.
    No offense intended to the poster or you, I just hate seeing people screw up their computer because they haven't learned how ComboFix and programs like it work.

    I'm willing to help if you still need it, just let me know.
     
  8. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky
    i'm down for any advice. i consider myself an advanced user so am willing to try anything.. scanning with antispyware and malwarebytes in safe mode yielded zero results still


    edit: combofix sounds promising but would love to hear your suggestions toast
     
  9. andruoid

    andruoid Android Expert
    Rank:
    None
    Points:
    343
    Posts:
    1,424
    Joined:
    Jan 10, 2011

    Jan 10, 2011
    1,424
    1,289
    343
    Male
    BC, Canada
    I'm not offend. :cool: I'm just busy studying for Security+ ...my mindset right now is nuke first and don't give malware a chance ;)
     
  10. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky
    Combo seems pretty straight forward. I've cleaned out systems you could barely use with the 2 programs i been using, hell my system had that fake AV going on couple weeks ago and i *thought* i got it all out. Its just this one little remnant i can't seem to get rid of
     
  11. ToastPwnz

    ToastPwnz Android Enthusiast
    Rank:
    None
    Points:
    98
    Posts:
    523
    Joined:
    Jul 20, 2010

    Jul 20, 2010
    523
    74
    98
    Its not so much that ComboFix is confusing, it is quite straight forward, its just that unless you know all the various commands, and theres a lot of them, and what they do, theres always a slight possibility you might mess something up.

    If you can download OTL, run it and put the two logs it spits out (OTL.txt and Extras.txt) on Pastebin I should, though never a 100% guarantee, be able to find whats causing the problem from that, you can PM me the links to the logs if you would rather do that instead of posting them in this thread. I'm guessing off past experience its a registry edit that the fake AV left behind.


    So many commas in those "passages". :p
     
  12. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky
    So i shouldn't try OTL's 'run fix' or 'clean up' tools?

    (scanning with it now)
     
  13. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky
    edited

    there they are
     
  14. ToastPwnz

    ToastPwnz Android Enthusiast
    Rank:
    None
    Points:
    98
    Posts:
    523
    Joined:
    Jul 20, 2010

    Jul 20, 2010
    523
    74
    98
    Run OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      [edited]


      I'm thinking Audiogalaxy might be the problem, I can't see anything else in there that points toward the issue you're having. Run that fix and let me know if you still have that problem.
     
    NightAngel79 likes this.
  15. Xyro

    Xyro 4 8 15 16 23 42
    Moderator
    Rank:
     #18
    Points:
    1,413
    Posts:
    12,878
    Joined:
    Dec 1, 2009

    Dec 1, 2009
    12,878
    9,199
    1,413
    UK
    I would have guessed 192.168.X.1 is the router.
     
    NightAngel79 likes this.
  16. ToastPwnz

    ToastPwnz Android Enthusiast
    Rank:
    None
    Points:
    98
    Posts:
    523
    Joined:
    Jul 20, 2010

    Jul 20, 2010
    523
    74
    98
    That would also make sense, I get in a hurry and I tend to overlook at least one thing. :p
    Better safe than sorry though, so far I haven't ran into any problems involving unrecognized IP's, but theres always that small chance.
     
    NightAngel79 likes this.
  17. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky
    trying it now... i did have malware quarantine something from audiogalaxy instal folder.... maybe time to chuck that.... will run your fix and see whats up...

    about IP, i have 4 computers on network at any given time, plus phone, plus ps3, 360, sometimes a wii and sometimes a nook... no idea what is what as far as ip's go but always figured the .1.1 was router...
     
  18. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky
  19. ToastPwnz

    ToastPwnz Android Enthusiast
    Rank:
    None
    Points:
    98
    Posts:
    523
    Joined:
    Jul 20, 2010

    Jul 20, 2010
    523
    74
    98
    Are you still getting the redirect? The script worked properly, so if Audiogalaxy was the problem, its gone now.
     
    NightAngel79 likes this.
  20. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky
    Hmm still getting an abnormal amount of malicious results, the top 6 to 7 results lead to a site WOT gives a red/poor rating. The redirect doesn't seem to be happening though....

    what do you see as the top results for this: https://www.google.com/search?hl=en...81l3297l0l5168l8l8l0l0l0l0l282l1356l0.5.3l8l0

    and i just used the seard term pc error, it really doesn't matter what i google.
    on that link (or just google 'pc error') are the top results pc-error-free; pcaholic; smartpctools? (just the top 3 for me)
     
  21. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky
    hmmm, trying other search terms it seems it may have stopped.... before it was redirecting what looked like wikipedia links to weird stuff, doesn't seem to be happening now... Thanks a ton toast!!

    Uninstalling audiogalaxy with revo now! Wonder what the deal with that is
     
  22. ToastPwnz

    ToastPwnz Android Enthusiast
    Rank:
    None
    Points:
    98
    Posts:
    523
    Joined:
    Jul 20, 2010

    Jul 20, 2010
    523
    74
    98
    In response to the post before this one, I see Smart PC Tools, PC Error Free and PC Hell.

    Glad I could help, if it pops up again just let me know.
    You can go ahead and use the Clean Up function in OTL now, assuming you still have it on your PC.
     
  23. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky
    is there a need to 'clean up' ? still have on computer btw
     
  24. ToastPwnz

    ToastPwnz Android Enthusiast
    Rank:
    None
    Points:
    98
    Posts:
    523
    Joined:
    Jul 20, 2010

    Jul 20, 2010
    523
    74
    98
    You don't have to, but I would recommend it since it will remove the files it moved earlier.
     
    NightAngel79 likes this.
  25. NightAngel79

    NightAngel79 Bounty Hunter Administrator
    Moderator Thread Starter
    Rank:
     #16
    Points:
    1,453
    Posts:
    22,509
    Joined:
    May 11, 2010

    May 11, 2010
    22,509
    7,945
    1,453
    Male
    Systems Administrator
    Northern Ky

Share This Page

Loading...