1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is this a Virus/Malware?

Discussion in 'BlackHat Lounge' started by turbopugsleylx, Apr 20, 2010.

  1. turbopugsleylx

    turbopugsleylx Jr. VIP Jr. VIP Premium Member

    Joined:
    Jun 6, 2008
    Messages:
    3,150
    Likes Received:
    965
    Occupation:
    www.xgcmedia.com
    Location:
    www.xgcmedia.com
    Home Page:
    hey guys I have been noticing this...not sure if its google or my pc...

    When I search something in google lets say I search "cheap villas in Greece"

    when I go to click on the first listing it takes me to some related page about airline flights to greece (thats not the url that was on google) I click back and click again and this time it takes me to the correct URL...

    It has done this with all sorts of searches...yet Malbytes and Avast and Kaspersky show nothing...

    Any ideas..?
     
  2. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    I had similar issues late last year...if I could find the thread I'd link it here but my (now old, second) computer got nailed with nasty malware. Kaspersky could not clean it but a full, paid version ofMalwarebytes did take care of it.

    When you go to click on the link after your search on goog, take a look at your status bar. Are you being redirected down there to some ppc redirect? You'll probably have to do a full scan with more than one virus prog to clean this up. Since I used my old box for everything including banking I just said fuck it, bought a new one and now use the old one for all shady stuff (including BHW :rolleyes:)
     
  3. appleman

    appleman Regular Member

    Joined:
    Oct 30, 2009
    Messages:
    358
    Likes Received:
    97
    simplysup.com and malware bytes free ...
    if its a nasty one it will kill all the normal programs you use to clean and then you will have to look around more. good luck
     
  4. specopkirbs

    specopkirbs BANNED BANNED

    Joined:
    Nov 28, 2008
    Messages:
    920
    Likes Received:
    746
    i have the same issue, really pissing me off now, its clever though, actually shows targeted offers and pages relating to my search on google lol i reckon someone is banking hard with this, damn it, oh well going to try some suggestions above to remove it, its a bitch to get rid of though
     
  5. turbopugsleylx

    turbopugsleylx Jr. VIP Jr. VIP Premium Member

    Joined:
    Jun 6, 2008
    Messages:
    3,150
    Likes Received:
    965
    Occupation:
    www.xgcmedia.com
    Location:
    www.xgcmedia.com
    Home Page:
    Does anyone know what these three files in my boot/startup section are?

    SEE BELOW
     

    Attached Files:

  6. gregstereo

    gregstereo Elite Member

    Joined:
    Oct 5, 2009
    Messages:
    1,833
    Likes Received:
    1,027
    Occupation:
    I'm known to locate certain things from time to ti
    Location:
    Moose Factory, ON
    I believe the first one is just a java update checker, if you have java tools installed this gets installed resident.

    The other two items sounds similar - "annoying but safe":

    http://lmgtfy.com/?q=ssbkgdupdate

    http://lmgtfy.com/?q=isusscheduler

    but since your computer is already exhibiting signs of a browser hijack, update malwarebytes anti-malware to the latest defs, reboot into safe mode, and do a full scan

    you can go celebrate 4/20 while that's running

    then run an AV app after that like loclhero suggested
     
  7. GreyWolf

    GreyWolf Executive VIP Jr. VIP

    Joined:
    Aug 17, 2009
    Messages:
    1,930
    Likes Received:
    5,389
    Gender:
    Male
    Occupation:
    Artist / Craftsman
    Location:
    sitting at my PC
    as greg says they don't appear to be you problem.

    I had to deal with a highjack issue on a clients computer once. He kept bringing his computer to me, I would check for viruses get everything cleaned up and working great then hed take it home and still have the same problem. Finally I went to his house to chck up on it and sure enough it was still happening.

    It turned out to be the settings on his linksys router had been highjacked. If you leave your admin password to be the default, it is possible for malware to configure your router to redirect traffic as well. I did a reset on his router and the problem went away. Needless to say we changed the router admin password after that.

    This might not be the problem here, but its a good lesson. If you use a router, be sure to protect it as well.

    Here are some good resources if your still having problems:
    Code:
    http://forums.malwarebytes.org/
    http://www.bleepingcomputer.com/forums/forum22.html
    http://forums.majorgeeks.com/showthread.php?t=35407
     
  8. Bradm

    Bradm Registered Member

    Joined:
    Oct 25, 2009
    Messages:
    51
    Likes Received:
    50
    Occupation:
    Accountant
    Location:
    Calgary Alberta, Canada
    Home Page:
    I don't know if this has anything to do with it but when I first started firefox this morning, I was warned that a java add-on was unsafe and firefox disabled it.
     
  9. gregstereo

    gregstereo Elite Member

    Joined:
    Oct 5, 2009
    Messages:
    1,833
    Likes Received:
    1,027
    Occupation:
    I'm known to locate certain things from time to ti
    Location:
    Moose Factory, ON
    Unrelated. I got the same advisory from ffox, it does that periodically and is just a warning that the java addon can make ffox unstable, not insecure. Sun blows goats sometimes.

    The OP has (at the least) a browser hijack.
     
  10. thomansfel

    thomansfel Jr. VIP Jr. VIP

    Joined:
    Dec 11, 2009
    Messages:
    535
    Likes Received:
    162
    Occupation:
    working for myself
    Location:
    in a cave with WiFi
    same issue here but i noticed that it depends on your IP if you are redirected or not, in my case when I use an US ip i get redirected, surely someone makes good cash on this
     
    Last edited: Apr 20, 2010
  11. raidel21

    raidel21 Regular Member

    Joined:
    May 17, 2009
    Messages:
    401
    Likes Received:
    324
    It may just be adware..

    If you were hijacked , searching google wouldn't necessarily do that.
    Sounds like someone hijacked your search results..Adware.

    Do you have any new toolbars you didn't dl yourself?
    Are you protecting your Keystrokes? You can even protect your keystrokes
    with a Virus infection...

    If your computer was Hijacked you are totally screwed...
    They can literally see what you see and control your whole computer.
    Including any and all passwords to any and all of your acounts.
     
  12. thomansfel

    thomansfel Jr. VIP Jr. VIP

    Joined:
    Dec 11, 2009
    Messages:
    535
    Likes Received:
    162
    Occupation:
    working for myself
    Location:
    in a cave with WiFi
    what did you used to get rid of this malware ? i would like to double check if its still there, thx
     
  13. turbopugsleylx

    turbopugsleylx Jr. VIP Jr. VIP Premium Member

    Joined:
    Jun 6, 2008
    Messages:
    3,150
    Likes Received:
    965
    Occupation:
    www.xgcmedia.com
    Location:
    www.xgcmedia.com
    Home Page:
    Read this thread by trophaeum...

    http://www.blackhatworld.com/blackh.../178936-antivirus-read-me-guys-seriously.html


    I noticed on the link he posted there a customer said "Hi, I have had the so called "Google Redirect" virus for a couple of weeks, and wasted a lot of time with full scans using Norton 2010, Panda, Spybot, etc. to no avail, they just showed "no problems". Today I came across a reference to your software as a fix for this virus. I did your cloud scan which identified a couple of problems and fixed them very quickly, and bingo, no more redirects. Thank you, it is worth a lot more than I paid."

    This program found 3 viruses/trojans all three other programs never found...