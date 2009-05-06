Spyware, Viruses, & Security forum

General discussion

I have some sort of page injection going on.

by ehwot / May 6, 2009 10:59 PM PDT

Hi, I think I've picked up a virus that AVG 8.5 (or any of my anti-spyware software) can't detect as every time I search in uTorrent a page on my browser opens up as usual but the page shown seems fake, or at least the entire bottom 3/4 of the it does.

The 'click-on-link' symbol (the pointing hand thing) stays on where ever the cursor is on the bottom 3/4 of the page. This was today, yesterday when I tried searching the page showed a list of sites with torrents which seemed normal but the McAfee SiteAdvisor symbols seemed to be overlaid (for instance the question mark symbol - meaning the site was untested - had a green 'site is good' symbol over it). It only ever happens when I select BitTorrent in the search bar, the URL is;-

http://www.ask.com/web?q=bruce%2520lee&search=search&qsrc=0&o=101857&l=dis

I went onto the uTorrent forum and it was suggested it could be down to Phorm but apparently my ISP dropped them last year. I then, as suggested, changed my uTorrent settings (bear with me here I'm just giving a bit of background:) gui.bypass_search_redirect to True. One member said it sounded like I have some sort of page injection going on and I needed a trojan/rootkit detector.

So my question is (finally!); I am completely perplexed by the whole idea of rootkit detectors as they go far beyond my (very) limited computer knowledge. Could anybody give me a second opinion; do you think I need a detector and if so which one is best (I use Vista). Would HijackThis be better in this situation or would TCP View or Process Explorer help?

Any help and advice would be greatly appreciated - thanks for your time.

Discussion is locked
Flag
Permalink
You are posting a reply to: I have some sort of page injection going on.
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: I have some sort of page injection going on.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Track this discussion
Thread display: Collapse / Expand
6 total posts
Collapse -
You could try.....
by Marianna Schmudlach / May 7, 2009 12:16 AM PDT

Please download Malwarebytes Anti-Malware (v1.33) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.

* Make sure you are connected to the Internet.
* Double-click on mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware
* Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

* If an update is found, the program will automatically update itself.
* Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

* Make sure the "Perform Quick Scan" option is selected.
* Then click on the Scan button.
* If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

* Click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the contents of that report in your next reply and exit MBAM.

Notes: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes. Click this link to see a list of programs that should be disabled.


You also could run an on-line scan:

Run the F-Secure Online Scanner

http://support.f-secure.com/enu/home/ols.shtml

Note: This Scanner is for Internet Explorer Only!

*Click on Online Services and then Online Scanner
*Accept the License Agreement.
*Once the ActiveX installs, click Full System Scan
*Once the download completes,the scan will begin automatically.
* The scan will take some time to finish,so please be patient.
*When the scan completes, click the Automatic cleaning (recommended) button.

Pls. let us know how you are doing.

Flag
Permalink
This was helpful (0)
Collapse -
It Would Seem That You Have
by tobeach / May 7, 2009 3:58 PM PDT

the "Ask.com Toolbar" installed on your machine so that you're using the Ask search engine. This likely came on as part of a LEGIT Program like
Zone Alarm, Comodo Security etc. One should de-select the box for this during the initial install of the program. many in security are up in arms about this. Always check for toolbars in download programs install settings and AVOID their install. IF auto installed (without option to prevent it), I'd find some other program to use!!

You don't say anything re your machines programs like what browser & version you're using. IF I.E., while OFFLINE, open IE and find at top the Plug-ins/Toolbars item and de-activate or un-install any "Toolbars" there. Possible, depending, may also be in Control Panel> Plugins or Add/Delete Programs.
Suggest you then re-enter Google as your default search engine. Close and re-boot. Same for Firefox & other browsers.

Likely, the programs suggested above will find & identify the toolbar & hopefully be able to remove, but it may have to be manually un-installed. Good Luck! Happy

Flag
Permalink
This was helpful (0)
Collapse -
Thanks guys.
by ehwot / May 7, 2009 4:58 PM PDT

Hi, thanks for the replies. Carried out the scans yesterday as recommend but they didn't pick up anything.

Yeah, I've noticed alot of companies, particularly security companies, trying to push toolbars and I try not to accept them - I'm going to set google as my default as you suggest, thanks tobeach. Interestingly though, yesterday when I set IE to my default browser (which I had to do in order to run F-Secure Online Scanner) I didn't get the same problem with the page injection thing. It only happens with Firefox and only when searching in BitTorrent via uTorrent.

Do you think Firefox has been hijacked? I'm a bit concerned about there being something lurking in the background that could cause problems at a later date. Thanks again for replying, I'm now going to change my search-engine default and I'll get back with the results, cheers.

Flag
Permalink
This was helpful (0)
Collapse -
What a noob!
by ehwot / May 7, 2009 5:45 PM PDT
In reply to: Thanks guys.

Problem solved! It was due to this NoScript thing I just installed - I forgot to "allow page"...er, sorry for wasting everybody's time.

Thanks for your help & have a good weekend:)

Flag
Permalink
This was helpful (0)
Collapse -
(NT) So Pleased You Solved It! Good Work! :D
by tobeach / May 8, 2009 4:16 PM PDT
In reply to: What a noob!
Flag
Permalink
This was helpful (0)
Back to Spyware, Viruses, & Security forum 6 total posts
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

A slim, stylish 2-in-1 with some graphics muscle

Asus packed a lot of value -- and discrete graphics -- into the slim ZenBook Flip 14, making it fine choice for more performance and portability in a two-in-one design.