ggFTW

MMORPG Gamer Community


Go Back   ggFTW Forum > Off Topic > Computers & Technology > Technical Issues

Vindictus
Looking for a new MMO?

Try 

Vindictus

Rating:  

8.2

 
LinkBack Thread Tools Display Modes
03-10-2012   #1 (permalink)
ggFTW Stalker
evilxshadow's Avatar
 
Join Date: Oct 2008
Posts: 1,075
iTrader: (0)
evilxshadow has a spectacular aura aboutevilxshadow has a spectacular aura about
Default searchbif.exe

anyone know how to stop google from redirecting it to that site?
sometimes when i click on a link in google, it redirects it to that site and my virus scanner says its a malware.

i've scanned using housecall, spybot search & destroy, and malwarebytes and they all find nothing.

please and thx for help if you can help me on this problem.
 
Get rid of this ad by registering for our community.
03-10-2012   #2 (permalink)
wat?
DarkRayne's Avatar
Games
Anarchy OnlineAionAtlantica OnlineFinal Fantasy XIV
Awards Facebook Fan
 
Join Date: Jun 2008
Posts: 861
iTrader: (0)
DarkRayne has a spectacular aura aboutDarkRayne has a spectacular aura aboutDarkRayne has a spectacular aura about
Send a message via MSN to DarkRayne
Class: Sith Assassin lt_sorcerer
Guild: Omega Matrix
Xfire: d4rthsid
Default

Maybe this helps
Help with Searchbif.net Virus! - Windows 7 Forums
Not sure if it's the same issue as yours.
__________________


 
03-10-2012   #3 (permalink)
kag
meow
kag's Avatar
Games
Asda StoryLunia
Awards MoM Award
 
Join Date: Aug 2007
Location: Rodesia
Posts: 2,900
iTrader: (0)
kag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond repute
Class: Dacy lu_dacy
Guild: ForielUnion, OurStory
Default

I recommend backing up your data before you start
Unclean removal may cause BSODs

Help with Searchbif.net Virus! - Windows 7 Forums

Manual Removal
Searchbif.net Redirect Virus – How to Remove Searchbif.net from Google_How to Speed Up Computer Instantly? (Seems legit)

It is a rootkit
Some other scanners
Anti-rootkit utility TDSSKiller
GMER - Rootkit Detector and Remover

LAST RESORT
Use Combofix (It can break things)

To prevent it from occurring next time use Chrome/Firefox/Opera if you haven't
__________________

Fanart Anime/Manga Tees at http://www.facebook.com/metronomist
 
03-10-2012   #4 (permalink)
ggFTW Stalker
evilxshadow's Avatar
 
Join Date: Oct 2008
Posts: 1,075
iTrader: (0)
evilxshadow has a spectacular aura aboutevilxshadow has a spectacular aura about
Default

it happens on firefox, if I type in the link not on google, it goes through fine. It says searchbif.exe//cc.php.

Also I use windows XP not windows 7.

Are those sites safe? I hate getting more viruses...
 
03-10-2012   #5 (permalink)
ggFTW Stalker
evilxshadow's Avatar
 
Join Date: Oct 2008
Posts: 1,075
iTrader: (0)
evilxshadow has a spectacular aura aboutevilxshadow has a spectacular aura about
Default

Ii think I don't have the actual malware itself since my antivirus doesn't let me go into the site.

It seems to be a redirecting problem that goes to that site.

I tried the site "fixing redirection/hijacking problem" but that seems to be for windows 7 so I tried some of those stuff anyways. Still doesn't help.


probably wrong place to post the info from combofix but hoping if someone's good with computers can help:

ComboFix 12-03-10.02 - Administrator 03/10/2012 12:13:42.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1458 [GMT -8:00]
Running from: c:\documents and settings\Administrator.BLACKWING.001\My Documents\Downloads\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 19:51 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-03-08 01:33 . 2012-03-08 01:33 -------- d-----w- c:\program files\Common Files\Software Update Utility
2012-03-06 03:12 . 2012-03-06 03:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-17 01:19 . 2012-02-17 01:19 -------- d-----w- c:\documents and settings\black_wing\Local Settings\Application Data\PCHealth
2012-02-16 23:16 . 2012-02-16 23:16 -------- d-----w- C:\09ccb4e3a877ce745c72
2012-02-16 06:33 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-02-16 06:33 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-02-16 06:32 . 2012-02-16 06:32 -------- d-----w- c:\windows\system32\RsFx
2012-02-16 06:26 . 2012-02-16 06:32 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-16 06:26 . 2012-02-16 06:26 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-02-16 06:26 . 2012-02-16 06:26 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-02-16 06:26 . 2012-02-16 06:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-16 06:23 . 2012-02-16 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2012-02-16 06:20 . 2012-02-17 01:13 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-16 06:17 . 2012-02-16 06:17 -------- d-----w- c:\program files\IIS
2012-02-16 06:16 . 2012-02-16 06:16 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2012-02-16 06:16 . 2012-02-17 01:06 2377696 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCach e.dll
2012-02-16 06:08 . 2012-02-16 06:08 -------- d-----w- c:\windows\symbols
2012-02-16 06:08 . 2012-02-17 00:42 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-02-16 06:08 . 2012-02-16 06:21 -------- d-----w- c:\program files\Microsoft SDKs
2012-02-16 06:08 . 2012-02-16 06:12 -------- d-----w- c:\program files\Microsoft F#
2012-02-16 06:08 . 2012-02-16 06:10 -------- d-----w- c:\program files\HTML Help Workshop
2012-02-16 06:08 . 2012-02-16 06:23 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-02-16 06:04 . 2012-02-16 06:04 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-02-16 04:49 . 2012-02-16 05:41 -------- d-----w- c:\documents and settings\black_wing\Downloads
2012-02-16 04:49 . 2012-02-16 04:49 -------- d-----w- c:\documents and settings\black_wing\Local Settings\Application Data\e-academy Inc
2012-02-16 01:31 . 2012-02-16 01:31 -------- d-sh--w- c:\documents and settings\UpdatusUser\IETldCache
2012-02-15 02:00 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 02:00 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 02:48 . 2012-02-14 02:48 -------- d-----w- C:\Riot Games
2012-02-14 02:48 . 2012-02-14 02:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-02-12 22:07 . 2012-02-14 00:27 -------- d-----w- C:\9a71b4711fd0e284a52f78
2012-02-12 22:06 . 2012-02-14 00:27 -------- d-----w- C:\58a3aa072741eb8ad8
2012-02-12 22:06 . 2012-02-14 00:27 -------- d-----w- C:\c712fb4626654ee6b7fa2313911d1ce8
2012-02-12 22:02 . 2012-02-14 00:28 -------- d-----w- C:\5da627d5fa560abc16c0f92c9fb3
2012-02-12 09:45 . 2012-02-14 00:28 -------- d-----w- C:\8dc0c76329453d7e09e82241c942
2012-02-11 05:27 . 2012-02-11 05:27 -------- d-----w- c:\program files\Microsoft ASP.NET
2012-02-11 05:23 . 2012-02-11 05:23 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-02-11 05:09 . 2012-02-16 06:08 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-03-06 03:22 . 2011-07-11 07:16 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe
2012-02-19 00:45 . 2011-07-11 07:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2008-04-14 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-17 07:44 . 2011-07-11 06:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2008-04-14 455168]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-08-14 2532576]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-07-11 494616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\DragonNest\\DragonNest.exe"=
"c:\\Program Files\\LOLReplay\\LOLReplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bu s.sys [7/10/2011 11:22 PM 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347 scsi.sys [7/10/2011 11:22 PM 5248]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [7/10/2011 11:11 PM 99864]
S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\s ystem32\drivers\savonaccesscontrol.sys [7/10/2011 11:10 PM 153728]
S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\sys tem32\drivers\savonaccessfilter.sys [7/10/2011 11:08 PM 24192]
S1 SKMScan;SKMScan;c:\windows\system32\drivers\skmsca n.sys [7/10/2011 11:03 PM 31736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1/15/2012 1:35 PM 2253120]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/5/2011 3:34 PM 167960]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [10/5/2011 3:33 PM 1543704]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [7/10/2011 10:46 PM 1287296]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\ EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sd cfilter.sys [7/10/2011 11:04 PM 24312]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sy s --> c:\windows\system32\XDva390.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 7:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SophosBootDriver;SophosBootDriver;c:\windows\syste m32\drivers\SophosBootDriver.sys [7/10/2011 11:05 PM 14976]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1229272821-1177238915-1004Core.job
- c:\documents and settings\black_wing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-25 06:04]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1229272821-1177238915-1004UA.job
- c:\documents and settings\black_wing\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-25 06:04]
.
.
------- Supplementary Scan -------
.
LSP: c:\documents and settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator.BLACKWING.001\Application Data\Mozilla\Firefox\Profiles\oaf2fv9a.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 12:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\v sdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-1229272821-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,48,e8 ,6f,19,a6,d5,4d,87,76,96,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,48,e8 ,6f,19,a6,d5,4d,87,76,96,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1700)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
Completion time: 2012-03-10 12:27:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 20:27
.
Pre-Run: 166,321,385,472 bytes free
Post-Run: 166,425,309,184 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0A0201443BC5D12B9D5F3DFE5E98AD62

Last edited by evilxshadow; 03-10-2012 at 12:29 PM.
 
03-10-2012   #6 (permalink)
kag
meow
kag's Avatar
Games
Asda StoryLunia
Awards MoM Award
 
Join Date: Aug 2007
Location: Rodesia
Posts: 2,900
iTrader: (0)
kag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond reputekag has a reputation beyond repute
Class: Dacy lu_dacy
Guild: ForielUnion, OurStory
Default

Read Through this
Fixing Google Redirection/hijacking and other redirection problems - MajorGeeks Support Forums <-- definitely legit

The guide for combofix (Majorgeeks guide should work)
A guide and tutorial on using ComboFix

If you have sandboxie i recommend running chrome/firefox through sandboxie to read the guides and download the files.
After which you can delete the sandbox.
__________________

Fanart Anime/Manga Tees at http://www.facebook.com/metronomist

Last edited by kag; 03-10-2012 at 09:47 PM.
 
03-10-2012   #7 (permalink)
ggFTW Stalker
evilxshadow's Avatar
 
Join Date: Oct 2008
Posts: 1,075
iTrader: (0)
evilxshadow has a spectacular aura aboutevilxshadow has a spectacular aura about
Default

Quote:
Originally Posted by kag
Read Through this
Fixing Google Redirection/hijacking and other redirection problems - MajorGeeks Support Forums <-- definitely legit

The guide for combofix (Majorgeeks guide should work)
A guide and tutorial on using ComboFix

If you have sandboxie i recommend running chrome/firefox through sandboxie to read the guides and download the files.
After which you can delete the sandbox.
already did those, im not sure if i removed it cuz i've been clicking and i dont seem to get the problem. so im hoping it is gone
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Pockie Ninja
Need a new browser game?

Try 

Pockie Ninja

Rating:  

8.3
Hide this banner by registering for our community.