Sign in with
Sign up | Sign in
Your question

Browser opens random tabs from google search

Last response: in Windows XP
Share
September 8, 2012 1:11:33 PM

Hi, a couple of days ago my firefox browser started opening random tabs to spam sites and then started redirecting google search results I clicked on to the same or to ebay. I have run ad-aware & malwarebytes and they have thrown up trojans in the system. I keep deleting them but it doesn't take long for them to return, so I guess the malware is deeper in my system. I could just reinstall, but if I don't have to I rather not. I have run a full malwarebytes scan in safe mode and the results are below. I also noted from a MB start log that my IP protection had "failed" - maybe this is the problem? I also don't know why the log says protection is not enabled, when the software says it is.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.05.10

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
[administrator]

Protection: Disabled

08/09/2012 11:26:58
mbam-log-2012-09-08 (11-26-58).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 459153
Time elapsed: 1 hour(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 46
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP49\A0025804.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP49\A0026804.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP49\A0027804.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP51\A0028804.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP51\A0028823.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP51\A0028948.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP52\A0029948.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP52\A0030948.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP53\A0032370.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP54\A0033370.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP54\A0034370.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP54\A0035370.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP54\A0036370.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037370.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037417.exe (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037421.exe (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037422.exe (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037423.exe (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037743.dll (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037744.dll (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037745.dll (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037746.dll (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037747.dll (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037749.dll (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037750.dll (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037751.dll (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037754.exe (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037758.sys (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037759.dll (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0037760.exe (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0040370.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0041370.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0041383.exe (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0041390.cty (Virus.Vampiro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0042370.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0043370.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP55\A0044370.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP56\A0044491.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP56\A0044541.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP56\A0045541.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP56\A0046541.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP56\A0047541.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP56\A0048541.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP57\A0048598.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP57\A0049598.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0086142-2AF1-4AC3-B2C7-5895738F58F5}\RP57\A0049613.sys (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


2012/09/08 13:30:46 +0100 IP-BLOCK 169.254.254.254 (Type: outgoing)
2012/09/08 13:38:27 +0100 MESSAGE Starting protection
2012/09/08 13:38:56 +0100 MESSAGE Protection started successfully
2012/09/08 13:38:59 +0100 MESSAGE Starting IP protection
2012/09/08 13:41:17 +0100 ERROR IP protection failed: PfBindInterfaceToIPAddress failed with error code 87
September 11, 2012 12:23:25 AM

Didn't work :(  downloaded the defender and ran it but got an error at the start-up. This is driving me crazy. I fear I'll just have to reinstall. Why do people write these malicious programs? :fou: 
!