- 11th March 2011, 02:03 #1New Member
- Join Date
- Nov 2010
Keep getting redirected to random sites...
Lately, I have been running into issues whenevr i use google search engine to visit any site. The search works, but when i click on the link i keep getting redirected to other sites, such as bing search engine, or some random website. Sometimes i even get a 'Malware' warning message... shows that my system is being scanned and eventually the scan finds tons of viruses etc. Then I'm forced to click 'OK' to insall an application. I don't install the app, and usually at this point I quit the browser (via Task Manager) and start again. After a couple of similar failed attempts, I do finally manage to get into the proper site. Can someone help me rectify this issue?? I have followed your steps outlined in the "How to Start Removing ... your computer" and installed and ran the SuperAntiSpyware and Malwarebytes. Any viruses/malicious items were removed (Not sure if this causes any problems) I also ran the Hijack This application. I have NOT attempted to "FIX" anything yet. The logs from the respective appliactions are printed below:
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Generated 03/06/2011 at 05:50 PM
Core Rules Database Version : 6539
Trace Rules Database Version: 4351
Scan type : Complete Scan
Total Scan Time : 00:44:28
Memory items scanned : 558
Registry threats detected : 4
File items scanned : 15309
File threats detected : 1029
- 11th March 2011, 07:55 #2
Please refer to Strange pop-ups and other malware : Suspicious results and strange behavior - Web Search Help as its posted there on how to use HijackThis.
If you also wanted to try bootable anti-virus CD, this guide is helpful:
How To Build A Bootable Anti-Malware Disc – Videos
Let us know what you have done.
- 11th March 2011, 14:51 #3Sometimes i even get a 'Malware' warning message... shows that my system is being scanned and eventually the scan finds tons of viruses etc. Then I'm forced to click 'OK' to insall an application. I don't install the app, and usually at this point I quit the browser (via Task Manager) and start again. After a couple of similar failed attempts, I do finally manage to get into the proper site.
Those malware warnings are from rogues. I suggest you start with MBAM.
Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, be sure Quick scan is selected, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
- Click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Please post contents of that file in your next reply.
** Note **
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
- 13th March 2011, 16:19 #4
- 14th March 2011, 01:36 #5
I definitely recommend TFC. The developer is well known in the security community and took great care in creating the tool. As you can see, I posted information about it here: Registry Cleaner: Repair or destroy registry?
- 11th January 2013, 12:49 #6New Member
- Join Date
- Jan 2013
I have tried everything to rid my computer of this malware, all to no avail. Then I stumbled across Malwarebytes Anti-Root kit (available here: http www malwarebytes org/products/mbar/ . (Sorry, I am not permitted by this site to attach the proper url so just fill in the dots where they need to go)) This is what it found:
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceam godcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkiceno llcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (PUP.FunMoods) -> Bad: (http searchfunmoods com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0 Ezzzy0Azz0Fzz0FtBtA0FyCyEtDyE0BtN0D0Tzu0CtAtAtCtN1 L2XzutBtFtBtFtDtFtAyEyE&cr=684549384) Good: (http www google com) -> Delete on reboot.
I removed the entries, rebooted and everything was great.
I don't know if it will work for everyone, but if you have tried everything else, what have you got to lose?!!
- 13th January 2013, 14:21 #7
Bumping a two year old thread? Anyway, FunMoods isn't a rootkit. It is a third-party "present" included with downloads from the likes of Download.com and other sites and can be removed with the right tools. However, I'm glad you were able to get it off your computer. Be careful with the software you download. Go to the vendor site rather than third-party hosting sites. You'll have a better, safer experience.