New threat

-www.tomshardware.com/forums- gets hijacked and redirected to a Security Warning site.

I am running ESS4 (.0.314.0) database 4854 (20100210) on Vista 64 SP2

Windows and ESS4 don't respond in any way, my only response so far has been to start task manager and kill the application(s) (two IE windows are opened with the same name)

So far tomshardware is the only site that hijacks my IE ... Firefox doesn't seem to have a problem.

Just FYI

 

Nothing amiss here.

??

 

my apologies ... I took a closer look at my bookmark and the link is acutally http://www.tomshardware.com/us/

sorry about that

 

hmm ... seems that the bookmark itself was causing the redirect ... ?

any ideas how that happened? I have now deleted said bookmark

 

The forum seems to be just fine, they may have gone offline for a bit for a server backup.

Best best is that it's not the site, you likely have another undetected issue.

Run an on-demand scan and post back your findings.

 

Yeah, is right, my eyes would hurt as well if I didn't have the ads blocked.
All Boards and so on, these days need the third-party revenue to keep going, save a few, you just need to run a HOSTS File for IE or NoScript, etc for FF.

 

looks like my system definately had an issue ... I backed up and removed all of my favs and did a full ATF clean for IE and Firefox. Unloaded a bunch of crap from starting with windows and also found ESET firewall was posting an Incorrect IP Packet Length message about once every second, only shows the time, the event name and the Protocol as 0. I checked out programs that had been installed lately, looks like my wife has been watching movies online with DivX ... hmmmm. Deep sixed the DivX browser program just to be safe. Things seem ok now.

Anyone have an idea what the firewall was squawking about?

in the process of doing a on-demand full scan, will report findings

thanks all

 

here is the log from the On-Demand scan. Sorry about the smilies at the beginning of the log, lol ... is there a way to disable smilies?

Scan Log
Version of virus signature database: 4854 (20100210)
Date: 10/02/2010 Time: 3:39:14 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\; D:\Boot sector; D:\;E:\Boot sector;E:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Boot\BCD - error opening [4]
C:\Boot\BCD.LOG - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_f740e06a-2f38-494c-ba92-8ac890f30b63 - error opening [4]
C:\ProgramData\Microsoft\Search Enhancement Pack\SeaPort\SeaNote.cab - error opening [4]
C:\ProgramData\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.cab - error opening [4]
C:\ProgramData\Microsoft\Search Enhancement Pack\SeaPort\SearchBoxExt.cab - error opening [4]
C:\ProgramData\Microsoft\Search Enhancement Pack\SeaPort\SHelper.cab - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_f740e06a-2f38-494c-ba92-8ac890f30b63 - error opening [4]
C:\Users\All Users\Microsoft\Search Enhancement Pack\SeaPort\SeaNote.cab - error opening [4]
C:\Users\All Users\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.cab - error opening [4]
C:\Users\All Users\Microsoft\Search Enhancement Pack\SeaPort\SearchBoxExt.cab - error opening [4]
C:\Users\All Users\Microsoft\Search Enhancement Pack\SeaPort\SHelper.cab - error opening [4]
C:\Users\Trudy\NTUSER.DAT - error opening [4]
C:\Users\Trudy\ntuser.dat.LOG1 - error opening [4]
C:\Users\Trudy\ntuser.dat.LOG2 - error opening [4]
C:\Users\Trudy\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9FB88167-1682-11DF-A84A-001D92B692C0}.dat - error opening [4]
C:\Users\Trudy\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9FB88168-1682-11DF-A84A-001D92B692C0}.dat - error opening [4]
C:\Users\Trudy\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A6C2B895-1682-11DF-A84A-001D92B692C0}.dat - error opening [4]
C:\Users\Trudy\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\Trudy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\Trudy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\Trudy\AppData\Local\Microsoft\Windows Defender\FileTracker\{00666A20-D5E1-4739-B136-46767E9C98EA} - error opening [4]
C:\Users\Trudy\Downloads\Daniel\esv.logos.3284cfc4.zip » ZIP » Setup/Installs/IESetup/EN/IE_S1.CAB » CAB » IE_1.CAB » CAB » MSHTML.TLB - next archive volume not found
C:\Users\Trudy\Downloads\Daniel\esv.logos.3284cfc4.zip » ZIP » Setup/Installs/IESetup/EN/IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTML.DLL - next archive volume not found
C:\Users\Trudy\Downloads\Daniel\tademo99b2.exe » NSIS - bad archive
C:\Windows\MEMORY.DMP - error opening [4]
C:\Windows\Logs\CBS\CBS.log - error opening [4]
C:\Windows\Logs\CBS\CBS.persist.log - error opening [4]
C:\Windows\Logs\DPX\setupact.log - error opening [4]
C:\Windows\Logs\DPX\setuperr.log - error opening [4]
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]
C:\Windows\Panther\UnattendGC\diagerr.xml - error opening [4]
C:\Windows\Panther\UnattendGC\diagwrn.xml - error opening [4]
C:\Windows\Panther\UnattendGC\setupact.log - error opening [4]
C:\Windows\Panther\UnattendGC\setuperr.log - error opening [4]
C:\Windows\security\database\secedit.sdb - error opening [4]
C:\Windows\System32\LogFiles\Firewall\pfirewall.log - error opening [4]
C:\Windows\System32\LogFiles\Firewall\pfirewall.log.old - error opening [4]
C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_2d4d2c2fee5d2889\dnary.xsd - error opening [4]
C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_2d3d91dfee67f2c3\dnary.xsd - error opening [4]
C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_2d89500107b38638\dnary.xsd - error opening [4]
C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6002.18005_none_2f38a53beb7ef3d5\dnary.xsd - error opening [4]
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd - error opening [4]
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\dnary.xsd - error opening [4]
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\dnary.xsd - error opening [4]
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6002.18005_none_d31a09b83321829f\dnary.xsd - error opening [4]
D:\ - error opening [4]
E:\NGC\omg\Downloads\winamp5572_pro_all.exe » NSIS - incorrect CRC checksum, the file may be damaged
E:\NGC\omg\Downloads\Winamp_Essentials_6_7_8.exe » NSIS - archive damaged - the file could not be extracted.
Number of scanned objects: 518491
Number of threats found: 0
Time of completion: 4:36:15 PM Total scanning time: 3421 sec (00:57:01)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.

 

I have asked ESET to examine your follow-up scan log since it has firewall components that I am not familiar with.

There will be a slight delay.

 

We are going to need a Sysinspector from you. Follow the link below to submit a case to us, and give me the case number once you create it to review the log.

Create a case.

http://www.eset.com/support/contact.php#

How to create a Sysinspector Log

http://kb.eset.com/esetkb/index?page=content&id=SOLN2219

 

Thanks for handling this one