05-30-2012 07:02 PM
I'm jumping in because I, too, have the redirector hijacking my surfing.
I have run the scan described by Quad and have attached the log.
Nutshell of situation:
Over the weekend, I realized when only on the internet my keystroke entries were hit and miss while typing. In other words, the last sentence I just typed would look like - i rlied mykke entris wre htnd ms - it was driving me crazy. So, I ran a quickscan, had anything wiggy fixed. Uninstalled several unwanted "free" software that was downloaded by other members of the family. Ran another quickscan. Cleaned the disc by using the disc cleanup under system tools - the defragged overnight. Got up the next morning to a new, speedy computer working like new. Also, downloaded Skype and setup the account and even enjoyed a video chat with my daughter with no issues.
Yesterday enjoyed surfing as usual, no problems at all. Today, much like yesterday until I was searching on google. Search "planting sprouting seeds" - clicked on the first link that was appealling and was first redirected to something that was either BeeS or Beez. Thought I click the wrong link so I hit the back arrow in the upper left hand corner and was redirected further into that hijacker site. Closed browser window and tried again many times. Sometimes I was redirected to BeeZ or now yellowise and sometimes straight to the link (how I found this post).
Before I found this thread, I went to internet option and had the defaults reset because I thought it may be an add-on. Removed all add-ons. Then ran a quickscan with Glary Utilities where there was several registry errors - several temporary files - but no malware detected.
Launched google again (something just occured to me - I tried on a new look for google for a bit with igoogle but then selected revert back to old - or something of that nature - but I cannot remember where that fit in to the course of events. I wonder if that was the first thing that happened then the redirecting was after that but I cannot be sure). I was still having problems so I found this thread and ran the requested scan.
As mentioned, my log report is attached.
05-30-2012 07:13 PM
BTW - I looked in my history and the website it beesq.net that I mentioned before.
I was just redirected again to yellowise trying to get here once more and hit the back arrow to try to get back to google and was then redirected to searchformore.com.
05-30-2012 11:52 PM - edited 05-30-2012 11:57 PM
Delete your Browsing data, History and cache Or use this tool by Microsoft http://support.microsoft.com/kb/923737
Please read carefully Read all of this message first
Download Combofix http://www.bleepingcomputer.com/download/anti-viru
Doiwnload the attached CFscript.txt, , For some browsers Right Click the attachment on the forum and select "Save AS" or similar to Download it. See screenshot below.
Now drag the CFScript.txt into the ComboFix.exe
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
06-01-2012 10:15 PM
Dang it!! I printed your direction and my color cartridge is out of ink and I didn't see the VERY IMPORTANT - save to desktop for the Combofix download. Now I'm in a pickle because the path it was run from I cannot access because it was in a temporary internet file (thus the very important note- I'm certain). I am replying from my husband's computer because I now cannot access the internet or anything that requires an internet connection. HELP!
Usually follows directions really well but not this time DOOFUS
06-01-2012 10:23 PM - edited 06-01-2012 10:25 PM
There is nothing much I can do if you do not follow instructions, There is a reason why Combofix is to run from the desktop, not from the temp. net files.
The tools I use are advanced and the instructions are strict for a reason
The only thing I can think of is to use System Restore and if the infection started 2 weeks ago, go back 3 weeks.
06-02-2012 06:51 AM
I completely understand! Please accept my apology. I should not have been working on the situation tired and aggrevated. Word to the wise!!
I have restored the system, as you mentioned, and it appears to be working well. No redirects at this time (fingers crossed).
Thanks for all that you do to help us will little know-how!
06-02-2012 01:18 PM
Please read carefully and Slowly
Please scan with ESET next
I'd like us to scan your machine with ESET OnlineScan
If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.