Help
recently I have been getting web redirects while signing into or watching You tube, the redirect takes me to http://onlinetasksca...dee9e271084eb2/ during which it immediately starts a fake virus scan that resembles Microsoft essentials scan page, after about 7-10 secs it says I have several viruses and Trojans and other misc infections and prompts you to download or buy their anti virus scanner. My question: is their a way to block or report this page to stop this malicious occurrence? I'm using Microsoft essentials and windows firewall, every thing is up to date, my OS is windows 7 pro 64 bit. Are their other anti virus / firewalls that can block or prevent this malicious web redirect? I couldn't use "report this site" or copy and paste the URL, all IE normal functions are blocked until you completely exit the web page.
Page 1 of 1
You Tube Redirect
#1
Eyebitethenrunaway 
- Newbie
-
- Group: New Member
- Posts: 2
- Joined: 27-June 12
Posted 27 June 2012 - 07:40 AM
#2
Rommel
- Expert
-
- Group: Members
- Posts: 2,184
- Joined: 22-March 09
Posted 27 June 2012 - 10:06 AM
Eyebitethenrunaway, on 27 June 2012 - 07:40 AM, said:
recently I have been getting web redirects while signing into or watching You tube, the redirect takes me to http://onlinetasksca...dee9e271084eb2/ during which it immediately starts a fake virus scan that resembles Microsoft essentials scan page, after about 7-10 secs it says I have several viruses and Trojans and other misc infections and prompts you to download or buy their anti virus scanner. My question: is their a way to block or report this page to stop this malicious occurrence? I'm using Microsoft essentials and windows firewall, every thing is up to date, my OS is windows 7 pro 64 bit. Are their other anti virus / firewalls that can block or prevent this malicious web redirect? I couldn't use "report this site" or copy and paste the URL, all IE normal functions are blocked until you completely exit the web page.
Malware slipped past MSE.
Try,
http://www.superantispyware.com/
Another freebie,
http://www.malwarebytes.org/
Both are great free on demand scanners.
If this malware prevents these downloads try booting in safe mode with internet.
Also try using a friends pc and download the portable scanner of superantispyware following it's instructions.
This post has been edited by Rommel: 27 June 2012 - 10:13 AM
#3
LiveBrianD
- Elite
-
- Group: Members
- Posts: 11,187
- Joined: 31-December 09
- Location:Right behind you... made you look! :D
Posted 27 June 2012 - 04:59 PM
Malwarebytes seems to be pretty good in my experience. Another thing to try: run notepad as an admin, and open %systemroot%\system32\drivers\etc\hosts
Look for any odd lines. (lines preceded by # are comments, which are ignored by the system and thus are fine) The only line you should have in there, if any, is "127.0.0.1 localhost" (no quotes). If there are any others, delete them. For instance, here's my hosts file:
Finally, are there any odd processes running? A lot of legitimate processes have seemingly cryptic names, so if you aren't sure, just post a screenshot of the processes here and I'll take a look at it.
Look for any odd lines. (lines preceded by # are comments, which are ignored by the system and thus are fine) The only line you should have in there, if any, is "127.0.0.1 localhost" (no quotes). If there are any others, delete them. For instance, here's my hosts file:
# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost
Finally, are there any odd processes running? A lot of legitimate processes have seemingly cryptic names, so if you aren't sure, just post a screenshot of the processes here and I'll take a look at it.
Spoiler
"The Internet will be used for all kinds of spurious things, including fake quotes from smart people." -Albert EinsteinNeed a Windows ISO image?
#4
Eyebitethenrunaway
- Newbie
-
- Group: New Member
- Posts: 2
- Joined: 27-June 12
Posted 28 June 2012 - 06:48 PM
[quote name='LiveBrianD' timestamp='1340845157' post='627762']
Malwarebytes seems to be pretty good in my experience. Another thing to try: run notepad as an admin, and open %systemroot%\system32\drivers\etc\hosts
Look for any odd lines. (lines preceded by # are comments, which are ignored by the system and thus are fine) The only line you should have in there, if any, is "127.0.0.1 localhost" (no quotes). If there are any others, delete them. For instance, here's my hosts file:
Finally, are there any odd processes running? A lot of legitimate processes have seemingly cryptic names, so if you aren't sure, just post a screenshot of the processes here and I'll take a look at itresponses]
Thx for the fast responces, but superantispyware and malwarebytes didn't detect anything odd, I tried running hyjackthis but I can't get it to run right atm, but I did get some screen shots, hopefully I'll be able to upload them for you to look at. Now picture 1 is what I get after the first security warning, its a little rectangle box, I didn't take a screen shot of it for I thought it wasn't relevant, now about the square blue windows security alert you can't x out of or cancel, if I do try that, I get screen shot a2 results, what do you want to do with setup.zip? the only way to get out of that is upper right windows exit and thatfortunately to screen shot a3 fortuntly it does allow me to leave that page, which brings me back to my desktop, but I can't get rid of that awful feeling oftheir lingering question is thier some setc of virus/spyware/trojan ect ... in my computer. I hope this helped.
Malwarebytes seems to be pretty good in my experience. Another thing to try: run notepad as an admin, and open %systemroot%\system32\drivers\etc\hosts
Look for any odd lines. (lines preceded by # are comments, which are ignored by the system and thus are fine) The only line you should have in there, if any, is "127.0.0.1 localhost" (no quotes). If there are any others, delete them. For instance, here's my hosts file:
# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost
Finally, are there any odd processes running? A lot of legitimate processes have seemingly cryptic names, so if you aren't sure, just post a screenshot of the processes here and I'll take a look at itresponses]
Thx for the fast responces, but superantispyware and malwarebytes didn't detect anything odd, I tried running hyjackthis but I can't get it to run right atm, but I did get some screen shots, hopefully I'll be able to upload them for you to look at. Now picture 1 is what I get after the first security warning, its a little rectangle box, I didn't take a screen shot of it for I thought it wasn't relevant, now about the square blue windows security alert you can't x out of or cancel, if I do try that, I get screen shot a2 results, what do you want to do with setup.zip? the only way to get out of that is upper right windows exit and thatfortunately to screen shot a3 fortuntly it does allow me to leave that page, which brings me back to my desktop, but I can't get rid of that awful feeling oftheir lingering question is thier some setc of virus/spyware/trojan ect ... in my computer. I hope this helped.
Attached thumbnail(s)
#5
Rommel
- Expert
-
- Group: Members
- Posts: 2,184
- Joined: 22-March 09
Posted 28 June 2012 - 07:16 PM
Yes, you have malware.
Have you tried running the scanners in safe mode?
I also would try the antispyware portable scanner if you haven't yet.
The portable scanner installs under a different name to fool the malware from compromising the install and effectiveness of the scanner.
Have you tried running the scanners in safe mode?
I also would try the antispyware portable scanner if you haven't yet.
The portable scanner installs under a different name to fool the malware from compromising the install and effectiveness of the scanner.
This post has been edited by Rommel: 28 June 2012 - 07:17 PM
#6
LiveBrianD
- Elite
-
- Group: Members
- Posts: 11,187
- Joined: 31-December 09
- Location:Right behind you... made you look! :D
Posted 28 June 2012 - 07:56 PM
Try Rommel's suggestions. Again, check your hosts file and the task manager too.
Spoiler
"The Internet will be used for all kinds of spurious things, including fake quotes from smart people." -Albert EinsteinNeed a Windows ISO image?
#7
smax013
- Member
-
- Group: Members
- Posts: 12,962
- Joined: 28-January 07
Posted 29 June 2012 - 07:16 AM
You may have a rootkit that is redirecting your Internet traffic.
Try the suggestions from the following page and see if that helps: http://www.bleepingc...sing-tdsskiller
Try the suggestions from the following page and see if that helps: http://www.bleepingc...sing-tdsskiller
Share this topic:
Page 1 of 1