United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton Internet Security / Norton AntiVirus

Reply
Topic Options
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,248
Registered: ‎07-21-2008

Re: "Recommended for you" popup in IE 9

Options

‎04-19-2012 01:21 PM

Sanyo2012

 

The script is not for your machine.

 

A lot of people who have this redirect also have zeroaccess but it has been removed already or it's hiding from AV software.

 

Quads

Report Inappropriate Content
Message 21 of 34 (2,794 Views)
0 Kudos
compassPlant
Visitor
compassPlant
Posts: 8
Registered: ‎04-21-2012

Re: "Recommended for you" popup in IE 9

Options

‎04-21-2012 04:53 AM

Quads,

 

Thank you for posting the information about OTI and your script. I used both and have removed the problem that was in the beginning of this thread.  The popup was becoming very annoying. I have the log file that was created when I first installed OTI, didn't know if that was relevant to you or anyone else or would help in eliminating this problem.

 

Thanks again

Report Inappropriate Content
Message 22 of 34 (2,667 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,248
Registered: ‎07-21-2008

Re: "Recommended for you" popup in IE 9

Options

‎04-21-2012 05:17 AM

compassPlant

 

The script is not for your machine either,   Scripts are for that machine only.

 

Quads

Report Inappropriate Content
Message 23 of 34 (2,658 Views)
0 Kudos
Marissa
Newbie
Marissa
Posts: 1
Registered: ‎04-21-2012

Re: "Recommended for you" popup in IE 9

Options

‎04-21-2012 07:48 AM

Blocking this in internet explorer worked for me it :

 

Go to  My computer, Control Panel, Internet Options, Content tab, click on Enable under Content advisor, click on Approved sites tab, in Allow this website type http://www.google-analytics.com/ga.js and then click never, and apply

Report Inappropriate Content
Message 24 of 34 (2,641 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,248
Registered: ‎07-21-2008

Re: "Recommended for you" popup in IE 9

[ Edited ]
Options

‎04-21-2012 01:09 PM - edited ‎04-21-2012 01:11 PM

Marissa wrote:

Blocking this in internet explorer worked for me it :

 

Go to  My computer, Control Panel, Internet Options, Content tab, click on Enable under Content advisor, click on Approved sites tab, in Allow this website type[REMOVED] and then click never, and apply

Except you are still basically infected,   Blocking a problem does not fix this.   Then again some people don't mind still having the problem on their PC as long as they don't see it.

 

As long as users don't see your "fix" as a fix, because it is NOT.  So ignore the above instructions!!!!  Users doing so will still have the settings for the infection on their systems, let alone if you have zeroaccess in behind that.

 

Quads

 

 

Report Inappropriate Content
Message 25 of 34 (2,611 Views)
0 Kudos
compassPlant
Visitor
compassPlant
Posts: 8
Registered: ‎04-21-2012

Re: "Recommended for you" popup in IE 9

Options

‎04-21-2012 04:16 PM

Quads,

 

Can you help me get rid of this thing. It's back. I saw where you said that the script was specific to that particular machine. I have OTI installed on my machine. What can I do?

 

Thanks in advance

Report Inappropriate Content
Message 26 of 34 (2,589 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,248
Registered: ‎07-21-2008

Re: "Recommended for you" popup in IE 9

Options

‎04-21-2012 06:15 PM

You need your own thread.

 

Quads

Report Inappropriate Content
Message 27 of 34 (2,570 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,248
Registered: ‎07-21-2008

Re: "Recommended for you" popup in IE 9

[ Edited ]
Options

‎04-21-2012 07:57 PM - edited ‎04-21-2012 07:58 PM

Geez scripts are for the system it is intended for  yet everyone is using it, even if they have instead  (or also) zeroaccess in behind or a slightly different redirect, for instance, from one machine.

 

O1 HOSTS File: ([2012/03/15 01:20:56 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 149.5.18.172 xxx.google-analytics.com.
O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.172 xxx.statcounter.com.
O1 - Hosts: 108.163.215.51 xxx.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 xxx.statcounter.com.

 

but the system has also got

 

aswMBR.txt: 
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 05:11:06
-----------------------------
05:11:06.004 OS Version: Windows x64 6.1.7601 Service Pack 1
05:11:06.004 Number of processors: 8 586 0x1E05
05:11:06.005 ComputerName: ALEX-NEW UserName: Alex
05:11:06.871 Initialize success
05:12:13.158 AVAST engine defs: 12032401
05:12:25.004 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:12:25.006 Disk 0 Vendor: Intel___ 1.0. Size: 1907734MB BusType: 8
05:12:25.008 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0
05:12:25.010 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
05:12:25.012 Disk 0 MBR read successfully
05:12:25.014 Disk 0 MBR scan
05:12:25.018 Disk 0 Windows 7 default MBR code
05:12:25.021 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
05:12:25.023 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907632 MB offset 206848
05:12:25.074 Disk 0 scanning C:\Windows\system32\drivers
05:12:38.047 Service scanning
05:12:46.528 Service maxbackserviceint C:\Windows\system32\oracleorahome90agent.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:02.811 Modules scanning
05:13:02.825 Disk 0 trace - called modules:
05:13:02.900 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
05:13:02.931 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800c98f790]
05:13:02.935 3 CLASSPNP.SYS[fffff88001b7543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a93e050]
05:13:04.016 AVAST engine scan C:\Windows
05:13:06.689 AVAST engine scan C:\Windows\system32
05:13:08.499 File: C:\Windows\system32\amfilter.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:10.368 File: C:\Windows\system32\asc3350p.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:10.459 File: C:\Windows\system32\ASUSVRC.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:13.163 File: C:\Windows\system32\AVCamUSB20.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:13.210 File: C:\Windows\system32\avgfwsrv.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:13.734 File: C:\Windows\system32\bb-run.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:15.962 File: C:\Windows\system32\bwcsrv.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:20.788 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-JQ [Trj]
05:13:22.067 File: C:\Windows\system32\CT20XUT.DLL.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:32.685 File: C:\Windows\system32\dlapoolm.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:32.957 File: C:\Windows\system32\dmload.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:37.027 File: C:\Windows\system32\EAWDMFD.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:43.720 File: C:\Windows\system32\hmonitor.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:48.119 File: C:\Windows\system32\ino_flpy.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:48.154 File: C:\Windows\system32\inport.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:48.372 File: C:\Windows\system32\iPassPeriodicUpdateApp.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:56.849 File: C:\Windows\system32\LXARScan.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:57.260 File: C:\Windows\system32\MaVctrl.dll **INFECTED** Win64:Sirefef-E [Trj]
05:13:57.714 File: C:\Windows\system32\mcafeeframework.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:02.352 File: C:\Windows\system32\MRESP50a64.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:09.124 File: C:\Windows\system32\mvwebserver.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:19.163 File: C:\Windows\system32\NWHOST.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:21.082 File: C:\Windows\system32\oracleorahome90agent.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:21.136 File: C:\Windows\system32\osaio.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:21.356 File: C:\Windows\system32\OVT511Plus.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:24.075 File: C:\Windows\system32\pmem.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:29.823 File: C:\Windows\system32\rchost.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:33.370 File: C:\Windows\system32\RTL8023xp.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:34.050 File: C:\Windows\system32\s116mgmt.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:36.077 File: C:\Windows\system32\se59nd5.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:38.812 File: C:\Windows\system32\slabser.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:39.325 File: C:\Windows\system32\smbusp.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:39.848 File: C:\Windows\system32\sony_ssm.sys.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:40.185 File: C:\Windows\system32\spcstb.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:42.707 File: C:\Windows\system32\sscdmdm.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:43.424 File: C:\Windows\system32\stylexphelper.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:43.637 File: C:\Windows\system32\SWNC8U51.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:43.923 File: C:\Windows\system32\symfw.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:43.968 File: C:\Windows\system32\symmpi.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:49.811 File: C:\Windows\system32\ulcdrhlp.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:50.976 File: C:\Windows\system32\usbvm321.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:52.640 File: C:\Windows\system32\vhidmini.dll **INFECTED** Win64:Sirefef-E [Trj]
05:14:53.836 File: C:\Windows\system32\w200bus.dll **INFECTED** Win64:Sirefef-E [Trj]
05:15:01.608 File: C:\Windows\system32\wmiaprpl.dll **INFECTED** Win64:Sirefef-E [Trj]
05:15:02.013 File: C:\Windows\system32\wmp54gssvc.dll **INFECTED** Win64:Sirefef-E [Trj]
05:15:02.565 File: C:\Windows\system32\wmpnetworksvc.dll **INFECTED** Win64:Sirefef-E [Trj]
05:15:19.333 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
05:15:22.955 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
05:18:09.361 File: C:\Windows\assembly\tmp\loader.tlb **SUSPICIOUS**
05:18:09.465 File: C:\Windows\assembly\tmp\U\00000001.@ **SUSPICIOUS**
05:18:09.579 File: C:\Windows\assembly\tmp\U\000000c0.@ **SUSPICIOUS**
05:18:09.659 File: C:\Windows\assembly\tmp\U\000000cb.@ **SUSPICIOUS**
05:18:09.723 File: C:\Windows\assembly\tmp\U\000000cb.@ **INFECTED** Other:Malware-gen
05:18:09.732 File: C:\Windows\assembly\tmp\U\000000cf.@ **SUSPICIOUS**
05:18:09.772 File: C:\Windows\assembly\tmp\U\80000000.@ **SUSPICIOUS**
05:18:09.859 File: C:\Windows\assembly\tmp\U\800000c0.@ **SUSPICIOUS**
05:18:09.878 File: C:\Windows\assembly\tmp\U\800000c0.@ **INFECTED** Win32:Sirefef-PL [Rtk]
05:18:09.931 File: C:\Windows\assembly\tmp\U\800000cb.@ **SUSPICIOUS**
05:18:09.941 File: C:\Windows\assembly\tmp\U\800000cb.@ **INFECTED** Win32:Malware-gen
05:18:09.954 File: C:\Windows\assembly\tmp\U\800000cf.@ **SUSPICIOUS**
05:18:09.973 File: C:\Windows\assembly\tmp\U\800000cf.@ **INFECTED** Win32:Malware-gen
05:18:09.985 File: C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} **SUSPICIOUS**
05:18:10.509 AVAST engine scan C:\Windows\system32\drivers
05:18:25.767 AVAST engine scan C:\Users\Alex
05:28:03.355 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
05:28:03.697 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt" 

 

So for the standard user using the browser to block the redirect works for that symptom only,,,,,,   Yay that fixed it for me. and users go away without completely checking their system for the likes of above.

 

Quads

 

Report Inappropriate Content
Message 28 of 34 (2,558 Views)
TGS949
Visitor
TGS949
Posts: 5
Registered: ‎04-15-2012

Re: "Recommended for you" popup in IE 9

Options

‎04-22-2012 02:04 AM

Quad thnks for your help.  Others seem to be using this even though the fix is custom so I hope they will not damage their environment.  Maybe Norton will wake up and realize a need to block these useless pain in the butt "add-ons".

 

This Recommended for you pest is just that, a mosquito, it is not damaging.

 

Thanks again.

Report Inappropriate Content
Message 29 of 34 (2,525 Views)
0 Kudos
Super Trojan Terminator
Super Trojan Terminator
Krusty13
Posts: 3,301
Registered: ‎05-31-2011

Re: "Recommended for you" popup in IE 9

Options

‎04-22-2012 02:46 AM

HI TGS949,

 

 Please understand that although your problem seems to be solved,  Quads may have further instructions for you.

 

People who run scripts on their machines that are not written specifically for their system are asking for trouble and will be lucky to receive any help.

 

Cheers,  Dave.

Windows 7 x64 SP1     N360v20.3.1.22     NU16     SSR 2013     Secunia PSI     SpywareBlaster     NoScript     MBAM free     SAS free

Report Inappropriate Content
Message 30 of 34 (2,517 Views)
0 Kudos

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+