Hey folks Ive noticed this problem the last few day with mozilla. never had a problem with mozilla. I click on my engadget and joystick rss feeds and the pages keep clickin off and goin to this site. Ive blocked the cookie. I have spybot and nod 32 virus guard and they are not picking it up. is it spyware or a virus ? atdmt.com
atdmt.com is an adware server and may have hooked your browser to redirect you. post a HJT Log and I'll look it over. 2oG
it was happening for a few days only when I clicked on the joystick and engadget rss feeds. it would show the page and then try to redirect to that site but never totally redirected to it. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:56:33 AM, on 4/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\Explorer.EXE C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\MercuryText\jre\bin\javaw.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4C479A-6A91-4DAE-AE8C-A27C651BB552}: NameServer = 62.40.32.33 62.40.32.34 O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4C479A-6A91-4DAE-AE8C-A27C651BB552}: NameServer = 62.40.32.33 62.40.32.34 O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - Unknown owner - C:\Program Files\FBM Software\ZeroSpyware\FileDeleter.exe (file missing) -- End of file - 1452 bytes
I've been having the same problem w/ Mozilla the last few days. At first I didn't know what was up. It was like my cookies were disabled, but they weren't. I would be logged off to yahoo mail, just by closing my browser briefly. I finally figured it was that tracking cookie running havoc though my computer. After deleting those cookies and Mozilla in Safe Mode, the problem didn't return. I added a few cookies protection programs just to be safe, then reinstalled Mozilla. Again tracking started again after browing a few minutes in Mozilla. It might be also my addon. I only added one, Black gloss browser theme. Not sure what is happeing right now, but I'm having to revert back to IE, which makes me very sad. All my favorites I use were arranged in FF. Uhh!
hey buddy I found it out its working perfectly ever since I went into options privary show cookies and deleted them. its called a trace cookie. its not a virus its a checks what sites youve been viewing. marketing like. well ever since I deleted them cookies he hasnt happened since. hope this helps kevin
I've deleted them so many times, but my problem still persists. I'm still being automatically logged off of every site I go to, even though I deinstalled the newest version of FF. I tried 3.0.8 & 3.0.9. It just might be my computer.
and your sure all the sites are tryin to forward you to amdt.com ? www.oldversions.com get older version of mozilla and delete the cookies download spybot and cc cleaner and hijack this run them all send the hijack this log here on this page maybe its a virus. the only sites yhis happened on it for me was joystick and egagdet.
neo842, Sorry I lost contact with you : ( I just got your message in my shout box. Have been flipping back and forth between Windows 7 and XP and lost the link to some of the posts I was watching. I will try my best to post a possible fix for you either today or tomorrow. From first impressions you may have a nasty blocking some things, that HJT Log does not look complete and the necessary information may be missing….. we’ll see : ) 2oG
I went back to 3 different old versions of FF, deleted my cookies, cleaned my registry and countless other things. It might my AVG anti-virus software that is incorrectly attacking my vital cookies. There was AVG update yesterday and that seemed to correct a few problems, such as keeping me logged into yahoo mail for more than an hour. However when I rebooted the other sites I frequent did not have my passwords already loaded like it usually does. Maybe this is a security update, that doesn't allow me to be always logged on. In any case it's better. I'm on 3.0.9 because every time I load .10, my internet runs really slow.
neo842 and swolfcg, Your problems may differ somewhat but if you both follow these instructions we can find out more and I will help each of you guys clean it up : ) Using a clean computer download and burn a rescue disk from here: http://www.free-av.com/en/products/12/av...cue_system.html Then use this guide to clean your machine: http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163 After that, you should be able to do the following: Download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. • If an update is found, it will download and install the latest version. • Once the program has loaded, select Perform full scan, then click Scan. • When the scan is complete, click OK, then Show Results to view the results. • Make sure that everything is checked, and click Remove Selected. <-- Don't forget this. • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt • Please post the MBAM Log and a fresh HJT log in your next reply. 2oG
I already have the software to reimage my computer. Frankly that is a last resort for me. I tend to start over whenever I see an inkling of a problem. At this point it's just too big of a pain for something that isn't catastrophic. I think I've used that program that you linked previously, but I'll try it again. Thanks
This product is not free to use or try. Just to let you know. My B, I have to close it and reopen to get the Scan feature to work.
Malwarebytes' Anti-Malware 1.36 Database version: 2147 Windows 5.1.2600 Service Pack 3 5/18/2009 11:43:36 AM mbam-log-2009-05-18 (11-43-36).txt Scan type: Full Scan (C:\|J:\|) Objects scanned: 146703 Time elapsed: 35 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:57:46 AM, on 5/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\SpywareBlaster\spywareblaster.exe C:\Program Files\SpywareBlaster\spywareblaster.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB002" /M "Stylus CX6400" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 8621 bytes
Hey, swolfcg, Since the Logs here do not show any signs of infection, and if you are still having the same problems the next step would be to dig deeper into the registry to look for any hidden lurks…. To do this: 1. Download Combo fix from one of these locations. * IMPORTANT !!! Place combofix.exe on your Desktop http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe 2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK. 3. Combo will begin to run DO NOTHING while this is happening. • It will kill a few processes and disconnect you from the internet. • If by chance it stops prematurely you can re-establish your internet connection by restarting your computer. • This needs to be done so the program can work most efficiently for you. Do not attempt to use the internet or anything else while it's doing its job for you. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. If when it's completed you can not get on the internet just reboot the computer Post the log from comboFix for me located in c:\comboFix.txt 2oG
