jjtroutbum Posted April 16, 2010 Posted April 16, 2010 So I get a email that has an address using the user name of an old high school buddy that I haven spoken to in a couple of years. That prompts me to download a file from a free hosting sight and despite my normally of cautious nature I get "something" that has decided to re rout links brought up by searches on google to be redirected to a bunch of other rather lacking search type pages. I am the first to admit I was stupid for getting my system corrupted by this crud but, I am also an idiot when it comes to fixing this stuff. I have ran Ad Aware, Spybot, Avg, Malaware bytes, Mc Afee, and Trojan remover. All to no avail. I did save the offending mail link intact but would not wish the BS on anyone the is not seriously skilled. I am not. :/ Jon Joy ___________ "A jerk at one end of the line is enough." unknown author The Second Amendment was written for hunting tyrants not ducks. "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." Benjamin Franklin, 1759
trizkid Posted April 16, 2010 Posted April 16, 2010 im a IT student at ranken tech here in st. louis......i just fixed this same problem on a home computer of mine.......like you said none of my virus software would pick it up. ......download combofix from http://combofix.net/ right click the download link at bottom of page and select save as.....once downloaded run the program.....it may seems a little scary with all the warnings it gives you but its ok....run it, it will take maybe 10 to 20 mins...it will restart you pc and create a log file....it will remove this redirecting problem you are having and maybe some other malware that you didnt know you had....let me know how it goes...any questions just ask. TrIzzout
Terry Beeson Posted April 16, 2010 Posted April 16, 2010 Stooooopid stooopid stooopid... Now that I've got that out of my system.... Did you go to Control Panel and to Add/Remove Programs and try to find the program there to uninstall it? Is it in your start menu? I'm assuming this is a PC and not a Mac... Of course if it was a Mac, you'd not have this problem... or so they say... What browser are you using? And of course... Did you lose your keys in the process? You KNOW I couldn't resist that one... Oh... and by the way... No it wasn't stupid... Even the best get caught sometimes with these things... TIGHT LINES, YA'LL "There he stands, draped in more equipment than a telephone lineman, trying to outwit an organism with a brain no bigger than a breadcrumb, and getting licked in the process." - Paul O’Neil
jjtroutbum Posted April 16, 2010 Author Posted April 16, 2010 Thanks for the suggestions fellas the combo fix seems to have sped back up and stabilized the vista pro home PCs performance. Thanks also for the heads up on the other two places to check Terry perfectly logical place to look but was not there either. So I am still being misdirected the download was 4you.exe if that means anything to anyone. Keys check!"Almost" never leave the truck with out em! PC registry/key like speaking mandarin to me, However. Jon Joy ___________ "A jerk at one end of the line is enough." unknown author The Second Amendment was written for hunting tyrants not ducks. "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." Benjamin Franklin, 1759
flytyer57 Posted April 16, 2010 Posted April 16, 2010 Thanks for the suggestions fellas the combo fix seems to have sped back up and stabilized the vista pro home PCs performance. Thanks also for the heads up on the other two places to check Terry perfectly logical place to look but was not there either. So I am still being misdirected the download was 4you.exe if that means anything to anyone. Keys check!"Almost" never leave the truck with out em! PC registry/key like speaking mandarin to me, However. Glad to hear ya got it fixed. I use Yahoo Mail, and today I got an e-mail that Yahoo listed as "Spam." It was about some undeliverable e-mail. I started wondering what mail was undeliverable, so I opened it. I still have no idea what it was about, since it appears to have been sent by someone named Nancy, and I sure ain't no Nancy. I'm just hoping now that it doesn't turn out to be some type of viral infection crap. Anybody have any info on these types of e-mails? There's a fine line between fishing and sitting there looking stupid.
jdmidwest Posted April 17, 2010 Posted April 17, 2010 Combofix is kinda like a magic wand, it does wonders if the system is not too screwed up. And the best part, it is free. It does come with warnings, it can do damage if you don't do it right. In order to tell if you are still infected, you would have to look at outgoing connections, startup items, processes, etc. Chances are Combofix zapped it. "Life has become immeasurably better since I have been forced to stop taking it seriously." — Hunter S. Thompson
jjtroutbum Posted April 17, 2010 Author Posted April 17, 2010 The original issue is still there. I google or yahoo stink bait it posts the related sights. I click on the manufactures link and get redirected to searchbait .com or some such. Now if I copy and past the link in the address bar it goes straight to were its supposed to. Jon Joy ___________ "A jerk at one end of the line is enough." unknown author The Second Amendment was written for hunting tyrants not ducks. "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." Benjamin Franklin, 1759
trizkid Posted April 17, 2010 Posted April 17, 2010 The original issue is still there. I google or yahoo stink bait it posts the related sights. I click on the manufactures link and get redirected to searchbait .com or some such. Now if I copy and past the link in the address bar it goes straight to were its supposed to. i thought combofix would have done it for ya.....have you checked ur host file?....c:/windows/system32/drivers/etc/host.......open host file with notepad...if there are any other entries beside the localhost...there might be two localhost entries, but ya if there are any others in there with some random ip's delete them out and resave host file.....make sure before editing the host file that you save a backup ccopy of it before you modify it. .......if that doesnt work...have you done a search on ur pc for the 4you.exe file.....try searching for it and delete it out if you find it. TrIzzout
flytyer57 Posted April 17, 2010 Posted April 17, 2010 The original issue is still there. I google or yahoo stink bait it posts the related sights. I click on the manufactures link and get redirected to searchbait .com or some such. Now if I copy and past the link in the address bar it goes straight to were its supposed to. I tried to Google that "4you.exe" and there may be something missing from that file extension name. You could try to Google it and see if there's any info out there on how to resolve the issue. You could also try to search your computer for it and try to delete it. I would do the Google thing first. I've had pretty good luck in the past finding out what certain file extensions were by typing the name into Google. If you have problems Googling, find the full name of the file and I'll try to help from this end. There's a fine line between fishing and sitting there looking stupid.
jdmidwest Posted April 17, 2010 Posted April 17, 2010 Try Norman Malware Cleaner, LinK . It does a good job too. Trouble with most stuff lately, you need an arsenal of software tools to get rid of it. Try rebooting to safe mode and run Combofix and Norman. It is not a nasty problem, just a security risk. Don't do anything sensitive like log on to a bank account till you get it fixed. "Life has become immeasurably better since I have been forced to stop taking it seriously." — Hunter S. Thompson
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now