Everytime i use a search engine and get the results, select the link i want, my browser gets redirected to some random page. I close the redirected window (multiple times), select the link again and get the page i want. I have tried McAfee Enterprise VirusScan and AntiSpyware 8.5.0i, Spybot Search and destroy, Spyware Blaster, CA Spyware Adaware, and they all say my computer is clean. Any help would be greatly appreciated. This web address displays prior to my being redirected www.directrdr.com…
WinXp Pro SP3 (All patches up to date)
McAfee Enterprise VirusScan and AntiSpyware 8.5.0i
Windows Firewall
C:\WINDOWS\system32\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hsslvpn.honeywell.com/dana-na/auth/url_default/welcome.cgi
O1 - Hosts: 127.0.1.11 MD61IS100.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.30 MD61NTVMTS109.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.30 MD61NTVMTS109.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.23 MD61NTVMTS101.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.23 MD61NTVMTS101.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.16 uswebmail.honeywell.com Must be fixed!
O1 - Hosts: 127.0.1.27 MD61NTVMTS103.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.27 MD61NTVMTS103.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.10.15 AeroAtlas.honeywell.com Must be fixed!
O1 - Hosts: 127.0.1.13 uspop.honeywell.com Must be fixed!
O1 - Hosts: 127.0.1.22 imap.honeywell.com Must be fixed!
O1 - Hosts: 127.0.1.20 AZ18NT288.Honeywell.com Must be fixed!
O1 - Hosts: 127.0.10.13 MD61NTVMTS200.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.10.13 MD61NTVMTS200.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.26 MD61NTVMTS102.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.26 MD61NTVMTS102.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.28 MD61NTVMTS104.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.28 MD61NTVMTS104.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.32 webmail.honeywell.com Must be fixed!
O1 - Hosts: 127.0.10.11 clmar002.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.25 dicitrix1.global.ds.honeywell.com Must be fixed!
O1 - Hosts: 127.0.1.25 dicitrix1.global.ds.honeywell.com Must be fixed!
O1 - Hosts: 127.0.1.29 MD61NTVMTS201.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.29 MD61NTVMTS201.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.21 pop.honeywell.com Must be fixed!
O1 - Hosts: 127.0.1.19 AZ18NT287.Honeywell.com Must be fixed!
O1 - Hosts: 127.0.1.24 MD61NTVMTS100.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.24 MD61NTVMTS100.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.12 smtp.honeywell.com Must be fixed!
O1 - Hosts: 127.0.1.10 dmweb.allied.com Must be fixed!
O1 - Hosts: 127.0.1.31 MD61NTVMTS105.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.1.31 MD61NTVMTS105.ad.honeywell-tsi.com Must be fixed!
O1 - Hosts: 127.0.10.18 AZ18IS101.honeywell.com Must be fixed!
O1 - Hosts: 127.0.1.14 usimap.honeywell.com Must be fixed!
O1 - Hosts: 127.0.10.12 az18nt004.honeywell.com Must be fixed!
O4 - HKLM\..\RunOnce: [DeleteScanner] C:\WINDOWS\system32\DeleteOcx.cmd
O18 - Filter hijack: text/html - {b794481b-9442-4949-af20-8b9a73789b81} - C:\WINDOWS\system32\mst120.dll
please fix those and post a new hijackthis log. also post if you’re still redirected or not.
Thanks for the quick response. The hosts below are the company i work for… Honeywell… Those have always been listed in my hosts file. Were there any others that jumped out at you that i should correct? Thanks in advance
Honeywell in the netherlands ? If so, alles goed ?
Please try What to do if you’re infected - eXPerience Rev.3.
After you are finished, please provide us with the A-Squared and Hijack This logs and the name(s) of the found virus(es).
This will give us the information we need to help you further, if needed.
I’ve attached the latest Hijackthis log and couple of A-squared logs…not suree if i posted the a2 logs correct. Also, a couple of Trojans were listed. I’ve also included the Malwarebytes AntiMalware log…
Trojan.Agent/Gen; Trojan.Agent/Gen-Nullo[Short]; Trojan.Hugipon; and Adware.Tracking Cookie…these have all been quarantined.
if you quarantined the files from MBAM, I sujest you only fix this one :
O18 - Filter hijack: text/html - {b794481b-9442-4949-af20-8b9a73789b81} - C:\WINDOWS\system32\mst120.dll
Unfortunately, yes. I’m still being redirected when i use any search engine. Along with the directrdr.com i’m getting pops with the url http://¦/ not sure what to make of this. I followed your suggestion and tried correcting:
they appear to be different…one is from MS and the other is unknown… is this something i can delete or replace by simply copying the one from the servicepack directory and replace the one in the system32\drivers directory…
There wasnt an atapi.sys file in the system32 directory…it was in the drivers directory