Not what you were looking for? Ask our experts!
Reply
Visitor
Artistoo79
Posts: 4
Registered: ‎12-18-2011

Re: Yellowise redirector

I'm jumping in because I, too, have the redirector hijacking my surfing.

 

I have run the scan described by Quad and have attached the log.

 

Nutshell of situation:

 

Over the weekend, I realized when only on the internet my keystroke entries were hit and miss while typing.  In other words, the last sentence I just typed would look like - i rlied mykke entris wre htnd ms - it was driving me crazy.  So, I ran a quickscan, had anything wiggy fixed.  Uninstalled several unwanted "free" software that was downloaded by other members of the family.  Ran another quickscan.  Cleaned the disc by using the disc cleanup under system tools - the defragged overnight.  Got up the next morning to a new, speedy computer working like new.  Also, downloaded Skype and setup the account and even enjoyed a video chat with my daughter with no issues.

 

Yesterday enjoyed surfing as usual, no problems at all.  Today, much like yesterday until I was searching on google.  Search "planting sprouting seeds" - clicked on the first link that was appealling and was first redirected to something that was either BeeS or Beez.  Thought I click the wrong link so I hit the back arrow in the upper left hand corner and was redirected further into that hijacker site.  Closed browser window and tried again many times.  Sometimes I was redirected to BeeZ or now yellowise and sometimes straight to the link (how I found this post). 

 

Before I found this thread, I went to internet option and had the defaults reset because I thought it may be an add-on.  Removed all add-ons.  Then ran a quickscan with Glary Utilities where there was several registry errors - several temporary files - but no malware detected.

 

Launched google again (something just occured to me - I tried on a new look for google for a bit with igoogle but then selected revert back to old - or something of that nature - but I cannot remember where that fit in to the course of events.  I wonder if that was the first thing that happened then the redirecting was after that but I cannot be sure).  I was still having problems so I found this thread and ran the requested scan. 

 

As mentioned, my log report is attached.

Visitor
Artistoo79
Posts: 4
Registered: ‎12-18-2011

Re: Yellowise redirector

BTW - I looked in my history and the website it beesq.net that I mentioned before.

 

I was just redirected again to yellowise trying to get here once more and hit the back arrow to try to get back to google and was then redirected to searchformore.com. 

Bot Obliterator
Quads
Posts: 16,541
Registered: ‎07-21-2008

Re: Yellowise redirector

[ Edited ]

Delete your Browsing data,  History and cache  Or use this tool by Microsoft http://support.microsoft.com/kb/923737

 

Then 

 

Please read carefully Read all of this message first

 

Download Combofix http://www.bleepingcomputer.com/download/anti-virus/combofix


  • Ensure that Combofix is saved directly to the Desktop <--- Very important

  • Disable all security programs as they will have a negative effect on Combofix,
  • Close any open browsers and any other programs you might have running

Doiwnload the attached CFscript.txt, , For some browsers Right Click the attachment on the forum and select "Save AS" or similar to Download it. See screenshot below.

 

Right Click download.jpg

 

Now  drag the CFScript.txt into the ComboFix.exe  

 


  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Quads

shannons
Posts: 11,962
Topics: 51
Kudos: 115
Solutions: 8
Registered: ‎01-07-2009

Re: Yellowise redirector

Visitor
Artistoo79
Posts: 4
Registered: ‎12-18-2011

Re: Yellowise redirector

Dang it!!  I printed your direction and my color cartridge is out of ink and I didn't see the VERY IMPORTANT - save to desktop for the Combofix download.  Now I'm in a pickle because the path it was run from I cannot access because it was in a temporary internet file (thus the very important note- I'm certain).  I am replying from my husband's computer because I now cannot access the internet or anything that requires an internet connection.  HELP!

 

Signed,

Usually follows directions really well but not this time DOOFUS

Bot Obliterator
Quads
Posts: 16,541
Registered: ‎07-21-2008

Re: Yellowise redirector

[ Edited ]

There is nothing much I can do if you do not follow instructions,  There is a reason why Combofix is to run from the desktop, not from the temp. net files.

 

The tools I use are advanced and the instructions are strict for a reason

 

The only thing I can think of is to use System Restore and if the infection started 2 weeks ago, go back 3 weeks.

 

 

Quads

Visitor
Artistoo79
Posts: 4
Registered: ‎12-18-2011

Re: Yellowise redirector

I completely understand!  Please accept my apology. I should not have been working on the situation tired and aggrevated.  Word to the wise!!

 

I have restored the system, as you mentioned, and it appears to be working well.  No redirects at this time (fingers crossed).

 

Thanks for all that you do to help us will little know-how!

 

Bot Obliterator
Quads
Posts: 16,541
Registered: ‎07-21-2008

Re: Yellowise redirector

Please read carefully and Slowly

 

 Please scan with ESET next 


I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and DON'T (NO) check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Attach the resulting log in your next reply


If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it. 

 

Quads