What annoying Trojan is this?

Discussion in 'malware problems & news' started by xZippy, Jan 8, 2009.

Thread Status:
Not open for further replies.
  1. xZippy

    xZippy Registered Member

    Oct 25, 2007
    Everytime I try to visit the ESET or Spybot - Search & Destroy site, I get redirected to some adfarm search engine. My NOD32 won't even update. What the hell kind of trojan is this? How the hell do I track down where all this is coming from?

    Edit: Now every website I go to, I redirected to these dumb sites. The sites change each time. Good God, someone help me.
  2. JRViejo

    JRViejo Global Moderator

    Jul 9, 2008
    xZippy, try these programs, in the order listed:

    1. Dr.Web CureIt!
    2. Malwarebytes' Anti-Malware
    3. SUPERAntiSpyware

    If the Trojan does not allow you to visit these sites, ask a a friend with a non-infected PC, to download and burn these programs to a CD. The first is a standalone utility and will run from the CD, but 2 & 3 require installation, however, after running the first one, your PC should allow the install of the last 2. Run them all and let us know what they find. Good luck!
  3. Hermescomputers

    Hermescomputers Registered Member

    Jan 9, 2006
    Toronto, Ontario, Canada, eh?
    Your problem seems to be because your host table is over written with redirect addresses for security sites...

    To view the content of your host table: Type ipconfig /displaydns in command manager
    The Host For Windows NT/2000/XP/2003/Vista is located here: %SystemRoot%\system32\drivers\etc\ is the default location, which may be changed.
    The actual directory is determined by the Registry key \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath.

    Here is info on the host table: http://en.wikipedia.org/wiki/Hosts_file

    The important bits are here: http://en.wikipedia.org/wiki/Hosts_file#Redirecting

    If the bug is too recent for anti spyware to find, you need to download Runscanner or Autoruns and clear up the host file table and whatever hostile executable you have loading up. Just choose reset the table to default settings with Runscanner... This should allow you to regain access to all the sites you can no longer access...

    If you still cant route to proper url's then look for a suspicious executable process in memory with runscanner and kill it then reset the host table again and it should work... If not repeat until it does...

    Good luck!

    Here is a pic:

    Attached Files:

    Last edited: Jan 9, 2009
Thread Status:
Not open for further replies.