|
atdmt.com problem mozilla
|
|
|
neo842
Member
|
29. April 2009 @ 08:03 |
Link to this message
|
Hey folks Ive noticed this problem the last few day with mozilla. never had a problem with mozilla. I click on my engadget and joystick rss feeds and the pages keep clickin off and goin to this site. Ive blocked the cookie. I have spybot and nod 32 virus guard and they are not picking it up. is it spyware or a virus ? atdmt.com
NEO OUT BABY
|
|
Advertisement
|
 |
|
|
AfterDawn Addict
|
29. April 2009 @ 21:15 |
Link to this message
|
atdmt.com is an adware server and may have hooked your browser to redirect you.
post a HJT Log and I'll look it over.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
neo842
Member
|
30. April 2009 @ 06:58 |
Link to this message
|
it was happening for a few days only when I clicked on the joystick and engadget rss feeds. it would show the page and then try to redirect to that site but never totally redirected to it.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:33 AM, on 4/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MercuryText\jre\bin\javaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4C479A-6A91-4DAE-AE8C-A27C651BB552}: NameServer = 62.40.32.33 62.40.32.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4C479A-6A91-4DAE-AE8C-A27C651BB552}: NameServer = 62.40.32.33 62.40.32.34
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - Unknown owner - C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe (file missing)
--
End of file - 1452 bytes
NEO OUT BABY
|
|
swolfcg
Newbie
|
11. May 2009 @ 22:03 |
Link to this message
|
I've been having the same problem w/ Mozilla the last few days. At first I didn't know what was up. It was like my cookies were disabled, but they weren't. I would be logged off to yahoo mail, just by closing my browser briefly.
I finally figured it was that tracking cookie running havoc though my computer. After deleting those cookies and Mozilla in Safe Mode, the problem didn't return. I added a few cookies protection programs just to be safe, then reinstalled Mozilla.
Again tracking started again after browing a few minutes in Mozilla. It might be also my addon. I only added one, Black gloss browser theme.
Not sure what is happeing right now, but I'm having to revert back to IE, which makes me very sad. All my favorites I use were arranged in FF. Uhh!
|
|
neo842
Member
|
12. May 2009 @ 04:25 |
Link to this message
|
|
hey buddy I found it out its working perfectly ever since I went into options privary show cookies and deleted them. its called a trace cookie. its not a virus its a checks what sites youve been viewing. marketing like. well ever since I deleted them cookies he hasnt happened since. hope this helps kevin
NEO OUT BABY
|
|
swolfcg
Newbie
|
12. May 2009 @ 10:14 |
Link to this message
|
|
I've deleted them so many times, but my problem still persists.
I'm still being automatically logged off of every site I go to, even though I deinstalled the newest version of FF. I tried 3.0.8 & 3.0.9.
It just might be my computer.
|
|
neo842
Member
|
13. May 2009 @ 05:11 |
Link to this message
|
and your sure all the sites are tryin to forward you to amdt.com ? www.oldversions.com get older version of mozilla and delete the cookies download spybot and cc cleaner and hijack this run them all send the hijack this log here on this page maybe its a virus. the only sites yhis happened on it for me was joystick and egagdet.
NEO OUT BABY
|
AfterDawn Addict
|
18. May 2009 @ 09:29 |
Link to this message
|
neo842, Sorry I lost contact with you : ( I just got your message in my shout box.
Have been flipping back and forth between Windows 7 and XP and lost the link to some of the posts I was watching.
I will try my best to post a possible fix for you either today or tomorrow. From first impressions you may have a nasty blocking some things, that HJT Log does not look complete and the necessary information may be missing?.. we?ll see : )
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
swolfcg
Newbie
|
18. May 2009 @ 10:05 |
Link to this message
|
I went back to 3 different old versions of FF, deleted my cookies, cleaned my registry and countless other things.
It might my AVG anti-virus software that is incorrectly attacking my vital cookies. There was AVG update yesterday and that seemed to correct a few problems, such as keeping me logged into yahoo mail for more than an hour. However when I rebooted the other sites I frequent did not have my passwords already loaded like it usually does.
Maybe this is a security update, that doesn't allow me to be always logged on. In any case it's better. I'm on 3.0.9 because every time I load .10, my internet runs really slow.
This message has been edited since posting. Last time this message was edited on 18. May 2009 @ 10:08
|
AfterDawn Addict
|
18. May 2009 @ 11:01 |
Link to this message
|
neo842 and swolfcg,
Your problems may differ somewhat but if you both follow these instructions we can find out more and I will help each of you guys clean it up : )
Using a clean computer download and burn a rescue disk from here:
http://www.free-av.com/en/products/12/av...cue_system.html
Then use this guide to clean your machine:
http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163
After that, you should be able to do the following:
Download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
? Please post the MBAM Log and a fresh HJT log in your next reply.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
swolfcg
Newbie
|
18. May 2009 @ 11:08 |
Link to this message
|
|
I already have the software to reimage my computer. Frankly that is a last resort for me. I tend to start over whenever I see an inkling of a problem. At this point it's just too big of a pain for something that isn't catastrophic.
I think I've used that program that you linked previously, but I'll try it again.
Thanks
|
|
swolfcg
Newbie
|
18. May 2009 @ 13:54 |
Link to this message
|
|
This product is not free to use or try. Just to let you know.
My B, I have to close it and reopen to get the Scan feature to work.
This message has been edited since posting. Last time this message was edited on 18. May 2009 @ 13:58
|
|
swolfcg
Newbie
|
18. May 2009 @ 14:56 |
Link to this message
|
Malwarebytes' Anti-Malware 1.36
Database version: 2147
Windows 5.1.2600 Service Pack 3
5/18/2009 11:43:36 AM
mbam-log-2009-05-18 (11-43-36).txt
Scan type: Full Scan (C:\|J:\|)
Objects scanned: 146703
Time elapsed: 35 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:46 AM, on 5/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB002" /M "Stylus CX6400"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8621 bytes
This message has been edited since posting. Last time this message was edited on 18. May 2009 @ 14:58
|
AfterDawn Addict
|
18. May 2009 @ 21:26 |
Link to this message
|
|
swolfcg,
well that shows nothing, the logs show up clean.
You got me..
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Advertisement
|
|
|
AfterDawn Addict
|
19. May 2009 @ 08:57 |
Link to this message
|
Hey, swolfcg,
Since the Logs here do not show any signs of infection, and if you are still having the same problems the next step would be to dig deeper into the registry to look for any hidden lurks?.
To do this:
1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
Quote:
"%userprofile%\desktop\combofix.exe" /killall
3. Combo will begin to run DO NOTHING while this is happening.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
? This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
If when it's completed you can not get on the internet just reboot the computer
Post the log from comboFix for me located in
c:\comboFix.txt
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
