PhreeZone 20 #26 June 24, 2010 I'll put my bet on the source of the issue is a rootkit that is installed on the system if its redirecting you to really random sites and if its also doing a pop-up to the Newsday-11news.com or something similar website.. Most AV is having issues detecting it right now since its extremely complex and it was specifically designed to hide from most AV detection designs. Download this file onto the system: http://support.kaspersky.com/downloads/utils/tdsskiller.zip Run it and see if it identifies anything as being infected. If so it will repair it and then a reboot will resolve the issue. If the system is clean it will not harm the computer so its an easy choice to run it. The design behind TDSS is really nothing short of brilliant from a design concept.Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites
theonlyski 8 #27 June 24, 2010 Quote Quote Quote am sooooo bummed......... I never get any of this kind of shit on my computer..... What kinda shit DO ya get? None.... thats the problem... duuuude my computer is boring....no crap that I can go dig thru the registry for... no downloading special tools.. to remove crp off the puter... I mean shit... it really sucks... everything works all the time [pretentious voice]That can't possibly be a Windows machine, you must be on a Mac. [/pretentious voice] Im about to just get a mac and brush up on my mac coding skills just so you mac lovers will start bitching about the ads and porn shit popping up and you will have NO support... Shoulda thought about that one apple... shoulda thought about it!"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly DPH -7, TDS 578, Muff 5153, SCR 14890 I'm an asshole, and I approve this message Quote Share this post Link to post Share on other sites
Gene03 0 #28 June 24, 2010 QuoteI have IE 8 and it was working fine until a couple days ago when like I said above some weird websites were visited and no these redirects keep happening. Ran ad-ware , malbytes, AOL fix programs, cleared everything out I can find but every time I search something off I go to some BS search engine...every-time a different one. I think I see your problem... Two words Jim. LINUX MINT“The only fool bigger than the person who knows it all is the person who argues with him. Stanislaw Jerzy Lec quotes (Polish writer, poet and satirist 1906-1966) Quote Share this post Link to post Share on other sites
BillyVance 35 #29 June 24, 2010 Quote Bet I could muck it up for ya! Dude, don't be taking Walt Appel's job. "Mediocre people don't like high achievers, and high achievers don't like mediocre people." - SIX TIME National Champion coach Nick Saban Quote Share this post Link to post Share on other sites
Amazon 7 #30 June 24, 2010 Quote Quote Quote am sooooo bummed......... I never get any of this kind of shit on my computer..... What kinda shit DO ya get? None.... thats the problem... duuuude my computer is boring....no crap that I can go dig thru the registry for... no downloading special tools.. to remove crp off the puter... I mean shit... it really sucks... everything works all the time [pretentious voice]That can't possibly be a Windows machine, you must be on a Mac. [/pretentious voice] Windows 7 Ultimate my dear and I used Longhorn on them for years before Vista came out. My workstation in the lab... is Windows 2008 R2 SP0 and nope..... have not had it "catch" anything either. Then again.. I run the latest mandated patches... as they come out... and before they release them to all of youOh I might add that the 700 or so Test and DEV servers WIN2008S2 mostly with a few WIN2008 R2 that I am the Lab Manager and OPM for.... nope.. not a single thing has gotten to them either.......no matter how much the idiots TRY to screw them up Quote Share this post Link to post Share on other sites
mnealtx 0 #31 June 24, 2010 Quote no matter how much the idiots TRY to screw them up And it sure seems like they deliberately try sometimes, doesn't it? Mike I love you, Shannon and Jim. POPS 9708 , SCR 14706 Quote Share this post Link to post Share on other sites
Guest #32 June 24, 2010 Quote Quote I have IE 8 and it was working fine until a couple days ago when like I said above some weird websites were visited and no these redirects keep happening. Ran ad-ware , malbytes, AOL fix programs, cleared everything out I can find but every time I search something off I go to some BS search engine...every-time a different one. You problem is that there is a program lighting off when you boot. It checks for the existence of the malware and then reloads it. That is why you can clean your system and then the browser redirect reappears. CCleaner is a pretty good product. A friend recommends Avast! (the free version) to find such problems. Also, I have used HijackThis with some success. If you download and run all three, that should solve your problem. I use Firefox as my browser most of the time, but that won't stop everything. It is available as a free download from Mozilla and will import your bookmarks. My favorite thing about Firefox is that it has a great pop-up blocker. It also blocks reported attack sites and pops up a warning. Some are pretty innocent looking. Not going there is better than fixing it later. There is a Firefox add-on called "NoScript" that blocks all server-side scripts from executing - Active X, Java, etc. It's like another layer of firewall, and will prevent drive-bys, browser hijacks and redirects from occurring in the first place, which is a lot easier than trying to clean that sh** out after it gets in... mh ."The mouse does not know life until it is in the mouth of the cat." Quote Share this post Link to post Share on other sites
Amazon 7 #33 June 24, 2010 Quote Quote no matter how much the idiots TRY to screw them up And it sure seems like they deliberately try sometimes, doesn't it? OH Hell Yeah... one way is to be VERY selective of who goes into the Administrators group... so that they have to ASK when anything that I dont find as approved by policies in place does NOT get installed. The quickest way to mess up a test box or dev box is to let testers and devs have administrative rights.....fuckers will do some REALLLLY screwed up shit for sure. I make sure that everything they test is on servers tht have the same things loaded as they will find in the Production data centers. If they cant make it work right in test with the servers set up the same way the Prod boxes are.... back to the drawing board and find a fix. Loosening up security to make something work... is not a fix to a bug. Quote Share this post Link to post Share on other sites
theonlyski 8 #34 June 24, 2010 Quote Quote Quote no matter how much the idiots TRY to screw them up And it sure seems like they deliberately try sometimes, doesn't it? OH Hell Yeah... one way is to be VERY selective of who goes into the Administrators group... so that they have to ASK when anything that I dont find as approved by policies in place does NOT get installed. The quickest way to mess up a test box or dev box is to let testers and devs have administrative rights.....fuckers will do some REALLLLY screwed up shit for sure. I make sure that everything they test is on servers tht have the same things loaded as they will find in the Production data centers. If they cant make it work right in test with the servers set up the same way the Prod boxes are.... back to the drawing board and find a fix. Loosening up security to make something work... is not a fix to a bug. I write all of my own scripts, its much nicer to know exactly what the program is doing. Some patches we wait for the requirement to come out, and I'll automate it (not so easy to push some of these thru active directory/SMS) AutoIT is really easy to use if you've ever done any OOP, and it can do just about anything you can imagine."I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly DPH -7, TDS 578, Muff 5153, SCR 14890 I'm an asshole, and I approve this message Quote Share this post Link to post Share on other sites
airtwardo 7 #35 June 24, 2010 Quote I'll put my bet on the source of the issue is a rootkit that is installed on the system if its redirecting you to really random sites and if its also doing a pop-up to the Newsday-11news.com or something similar website.. Most AV is having issues detecting it right now since its extremely complex and it was specifically designed to hide from most AV detection designs. Download this file onto the system: http://support.kaspersky.com/downloads/utils/tdsskiller.zip Run it and see if it identifies anything as being infected. If so it will repair it and then a reboot will resolve the issue. If the system is clean it will not harm the computer so its an easy choice to run it. The design behind TDSS is really nothing short of brilliant from a design concept. I think that did it...Thanks Phree! ~ If you choke a Smurf, what color does it turn? ~ Quote Share this post Link to post Share on other sites
theonlyski 8 #36 June 24, 2010 Quote Quote I'll put my bet on the source of the issue is a rootkit that is installed on the system if its redirecting you to really random sites and if its also doing a pop-up to the Newsday-11news.com or something similar website.. Most AV is having issues detecting it right now since its extremely complex and it was specifically designed to hide from most AV detection designs. Download this file onto the system: http://support.kaspersky.com/downloads/utils/tdsskiller.zip Run it and see if it identifies anything as being infected. If so it will repair it and then a reboot will resolve the issue. If the system is clean it will not harm the computer so its an easy choice to run it. The design behind TDSS is really nothing short of brilliant from a design concept. I think that did it...Thanks Phree! Psh, yeah, give HIM all the credit...I softened it up for ya, Phree"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly DPH -7, TDS 578, Muff 5153, SCR 14890 I'm an asshole, and I approve this message Quote Share this post Link to post Share on other sites
shropshire 0 #37 June 24, 2010 Quote Quote Quote am sooooo bummed......... I never get any of this kind of shit on my computer..... What kinda shit DO ya get? None.... thats the problem... duuuude my computer is boring....no crap that I can go dig thru the registry for... no downloading special tools.. to remove crp off the puter... I mean shit... it really sucks... everything works all the time [pretentious voice]That can't possibly be a Windows machine, you must be on a Mac. [/pretentious voice] .... or you're not connected to the the ..... intenet ........ DOH (.)Y(.) Chivalry is not dead; it only sleeps for want of work to do. - Jerome K Jerome Quote Share this post Link to post Share on other sites
theonlyski 8 #38 June 24, 2010 I told ya before and I'll say it infront of everyone here... We need to start marketing the BEST FIREWALL EVER Note: Only works on wired connections..."I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly DPH -7, TDS 578, Muff 5153, SCR 14890 I'm an asshole, and I approve this message Quote Share this post Link to post Share on other sites
airtwardo 7 #39 June 24, 2010 Quote Quote Quote I'll put my bet on the source of the issue is a rootkit that is installed on the system if its redirecting you to really random sites and if its also doing a pop-up to the Newsday-11news.com or something similar website.. Most AV is having issues detecting it right now since its extremely complex and it was specifically designed to hide from most AV detection designs. Download this file onto the system: http://support.kaspersky.com/downloads/utils/tdsskiller.zip Run it and see if it identifies anything as being infected. If so it will repair it and then a reboot will resolve the issue. If the system is clean it will not harm the computer so its an easy choice to run it. The design behind TDSS is really nothing short of brilliant from a design concept. I think that did it...Thanks Phree! Psh, yeah, give HIM all the credit...I softened it up for ya, Phree Yeah thanks Ski, ya knocked the giant down, Phree kicked him in the nuts! ~ If you choke a Smurf, what color does it turn? ~ Quote Share this post Link to post Share on other sites
Amazon 7 #40 June 24, 2010 Quote Quote Quote Quote am sooooo bummed......... I never get any of this kind of shit on my computer..... What kinda shit DO ya get? None.... thats the problem... duuuude my computer is boring....no crap that I can go dig thru the registry for... no downloading special tools.. to remove crp off the puter... I mean shit... it really sucks... everything works all the time [pretentious voice]That can't possibly be a Windows machine, you must be on a Mac. [/pretentious voice] .... or you're not connected to the the ..... intenet ........ DOHACTUALLY all of them are... except for the 50 or so WIN2008 SP2 or R2 tht are running SQL2008 SP1..... they are backend only connected by design. I was the senior analyst on duty in the operations center the night that SQL slammer hit...... we never did go down... but it took some major work to keep our network up internally and all the sites on the internet. A WHOLE lot of formerly well paid people left the company a few weeks after the post mortem on that one..... mainly for having SQL servers that had not been patched by mandate and were also connected to internet which was out of compliance with policies.... Quote Share this post Link to post Share on other sites
Bolas 5 #41 June 24, 2010 Quote I told ya before and I'll say it infront of everyone here... We need to start marketing the BEST FIREWALL EVER Note: Only works on wired connections... That's awesome!!! Stupidity if left untreated is self-correcting If ya can't be good, look good, if that fails, make 'em laugh. Quote Share this post Link to post Share on other sites
PhreeZone 20 #42 June 24, 2010 AutoIT is also a preferred choice for malware authors since its so easy to run. Tons of AV companies are adding in additional heuristic trigger values that if its a AutoIT built package then it adds to the bad score against the file. I've got pages worth of hash values fo files that are clean but multiple (15+ for each file) have tagged it as malware partially due to it being packaged via AutoIT. Glad you got the issue resolved in the end.Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites
theonlyski 8 #43 June 24, 2010 QuoteAutoIT is also a preferred choice for malware authors since its so easy to run. Tons of AV companies are adding in additional heuristic trigger values that if its a AutoIT built package then it adds to the bad score against the file. I've got pages worth of hash values fo files that are clean but multiple (15+ for each file) have tagged it as malware partially due to it being packaged via AutoIT. Glad you got the issue resolved in the end. AVG would hit on some (but not all) of my programs, but that hasnt happened to me in a good while now. It got pretty bad at one point though. I write the file, so I know whats in it... I will test it a few times then push it on one of the networks, make sure there are no issues and push it wherever else it needs to go."I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly DPH -7, TDS 578, Muff 5153, SCR 14890 I'm an asshole, and I approve this message Quote Share this post Link to post Share on other sites
