Possible bug/virus
 

When doing an internet search with Google I keep getting the following page

http://67.201.36.16/nolink.html.Sorry, this page no longer available

I then get up to 6 tabs opening..headed "page error opening"

This started about a week ago.

Avast/ad-aware/malwarebytes/ccleaner fail to find any bugs/problems.

I seem to recall reading that VM had introduced a "search option" that defaulted to a "guess" if it did not recognise an address..is this connected:confused: this is an "opt-out", but cannot find anything further on it..

Running the latest Firefox..I have removed/reinstalled this and I have deleted all my add-ons

Any advice please :)

Re: Possible bug/virus
 

If you're using a 32-bit operating system, try an anti-root kit.

Re: Possible bug/virus
 

Can you still browse to www.google.co.uk? Is it just the search that then falls over?

If you have any doubts about your PC, go to one of the free online antivirus scanners - preferably a site that is not operated by your chosen a/v software - such as Kaspersky, Norton, Panda, to name just a few. See what that comes up with.

Re: Possible bug/virus
 

Yep, I had one recently and could I find it...NOPE!!!

Serves me right for trying to do something dodgy online ;)

Still it gave me an excuse to upgrade to Win7

Re: Possible bug/virus
 

Thanks....Yes , can still browse to Google..then the fun starts....:(

Kaspersky not online at the mo.

Panda found nothing

Esets found 3...Win 32/adware virtumonde neo application

which it has removed....

Time will tell.....

Thanks...:)

Re: Possible bug/virus
 

Problem still on the Computer :mad::mad:

Anyone any ideas, please..

Re: Possible bug/virus
 

Try scanning with a-squared free and Malware bytes, maybe one of them might find something.

Re: Possible bug/virus
 

Try GMER if you suspect you have a Rootkit http://www.gmer.net/

If you wan`t you can also try Combofix, allthough it is usually best to do this with in conjuction with someone at bleepingcomputer, it can permanantly damage your system if incorrectly used.
http://www.bleepingcomputer.com/comb...o-use-combofix

Re: Possible bug/virus
 

Thanks...have tried both of these...no luck..:)

---------- Post added at 19:23 ---------- Previous post was at 18:12 ----------

I have run GMER and have a page of "something" under rootkit/malware..:confused:

Not sure what to do next...nothing is highlighted,,,no sign of a delete this button..

Any further advice please...:)

Re: Possible bug/virus
 

Had something similar or the same on a friends computer. Tried a number of different things to clear it. I then thought I hadn't tried SuperAntispyware. I'd been messing about for three hours. That cleared it. Sadly I can't remember what it said it was.

Re: Possible bug/virus
 

Do you have a second computer, or is there a friend who can assist? You might need to create a CD boot disc on a clean computer, together with an antivirus / antimalware scanners and then boot from the CD to scan the affected computer.

Re: Possible bug/virus
 

Can you post the log from GMER?
Can you download HiJack This and post the log file?

Do you have recover CD's for this system (& data/picture backups)? Might be a quicker/safer option!

Re: Possible bug/virus
 

I think/hope this is the logfile you mean....from hijack this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:12, on 04/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 3934 bytes

Re: Possible bug/virus
 

Nothing dangerous in there, but how about the GMER rootkit log?

Re: Possible bug/virus
 

Deleted :dunce:..clicked the wrong button..:o:..

Can download again if needed..

Can I do a "system restore"...go back about a week...??

Thanks for your help..:)