Is it me or Yahoo ?

[AMUN]

I'm a bit stumped if my machine picked up some malware infection, or is
Yahoo and a few other sites pulling something new ?

For the last week or so, I do a search at Yahoo.com, and pages
intermittently get re-directed to strange link pages or sales sites.

Noticed when I try to go back (using the back button), there are often
several strange pages in the history after the page I was at.
Some actually do say "re-direct."
Yet ran several scans on my system using several anti-mal/spyware's and no
malware is being found.
Also often noticing the same thing at Amazon.com.
Yet other websites show no problems at all.

So is my system infected with some rare redirection trojan, or, are some
sites getting really ignorant with the ad's ?

[Max Wachtel]

AMUN wrote:
> I'm a bit stumped if my machine picked up some malware infection, or is
> Yahoo and a few other sites pulling something new ?
>
> For the last week or so, I do a search at Yahoo.com, and pages
> intermittently get re-directed to strange link pages or sales sites.
>
> Noticed when I try to go back (using the back button), there are often
> several strange pages in the history after the page I was at.
> Some actually do say "re-direct."
> Yet ran several scans on my system using several anti-mal/spyware's and no
> malware is being found.
> Also often noticing the same thing at Amazon.com.
> Yet other websites show no problems at all.
>
> So is my system infected with some rare redirection trojan, or, are some
> sites getting really ignorant with the ad's ?
>
>
Sounds like your system has been compromised. Are there any other
strange goings-on? What scanners have you run? (please be specific) What
browser do you use? Have you installed any toolbars lately? I see by
your posting headers, you are running XP. Is it up-to-date?
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is for use in USENET-feel free to use it yourself.

[AMUN]

"Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
news:gd2j41$g23$1@registered.motzarella.org...
> AMUN wrote:
>> I'm a bit stumped if my machine picked up some malware infection, or is
>> Yahoo and a few other sites pulling something new ?
>>
>> For the last week or so, I do a search at Yahoo.com, and pages
>> intermittently get re-directed to strange link pages or sales sites.
>>
>> Noticed when I try to go back (using the back button), there are often
>> several strange pages in the history after the page I was at.
>> Some actually do say "re-direct."
>> Yet ran several scans on my system using several anti-mal/spyware's and
>> no malware is being found.
>> Also often noticing the same thing at Amazon.com.
>> Yet other websites show no problems at all.
>>
>> So is my system infected with some rare redirection trojan, or, are some
>> sites getting really ignorant with the ad's ?
> Sounds like your system has been compromised. Are there any other strange
> goings-on? What scanners have you run? (please be specific) What browser
> do you use? Have you installed any toolbars lately? I see by your posting
> headers, you are running XP. Is it up-to-date?
> --
> Virus Removal http://max.shplink.com/removal.html
> Keep Clean http://max.shplink.com/keepingclean.html
> Change nomail.afraid.org to gmail.com to reply by email.
> nomail.afraid.org is for use in USENET-feel free to use it yourself.



First thing I thought was something infiltrated the system.
Classic MO of a redirect trojan.
No changes have been made (to my knowledge) and no new IE helper apps, or
toolbars are installed.
And IE (version 6) security settings are higher than most,

Only change that was tried, was to update the winamp player (see my post
about that choking AVG)
But even that was removed and an older version restored.

Spybot and AVG always show 100% clean (with latest updates)

Yet results from yahoo & Amazon often lead to completely wrong web pages.
Not all the time though. and IE home page is normal.
System does not seem to be showing ANY other problems.
Router logs don't show any suspicious activity either, all unauthorized
access seems to be blocked

It is XP but a HP ******* version that quit allowing Microsoft updates
months ago.
(last HP/Compaq I ever #*^%$## buy.)

Perhaps tonight I'll look into it further.
We do run the MVP Hosts files, but had not updated in a while, so I'll try
that too.

[Max Wachtel]

AMUN wrote:
> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
> news:gd2j41$g23$1@registered.motzarella.org...
>> AMUN wrote:
>>> I'm a bit stumped if my machine picked up some malware infection, or is
>>> Yahoo and a few other sites pulling something new ?
>>>
>>> For the last week or so, I do a search at Yahoo.com, and pages
>>> intermittently get re-directed to strange link pages or sales sites.
>>>
>>> Noticed when I try to go back (using the back button), there are often
>>> several strange pages in the history after the page I was at.
>>> Some actually do say "re-direct."
>>> Yet ran several scans on my system using several anti-mal/spyware's and
>>> no malware is being found.
>>> Also often noticing the same thing at Amazon.com.
>>> Yet other websites show no problems at all.
>>>
>>> So is my system infected with some rare redirection trojan, or, are some
>>> sites getting really ignorant with the ad's ?
>> Sounds like your system has been compromised. Are there any other strange
>> goings-on? What scanners have you run? (please be specific) What browser
>> do you use? Have you installed any toolbars lately? I see by your posting
>> headers, you are running XP. Is it up-to-date?
>
> First thing I thought was something infiltrated the system.
> Classic MO of a redirect trojan.
> No changes have been made (to my knowledge) and no new IE helper apps, or
> toolbars are installed.
> And IE (version 6) security settings are higher than most,
>
> Only change that was tried, was to update the winamp player (see my post
> about that choking AVG)
> But even that was removed and an older version restored.
>
> Spybot and AVG always show 100% clean (with latest updates)

You should scan your system with SUPERAntiSpyware and malwarebytes' mbam
scanners.
>
> Yet results from yahoo & Amazon often lead to completely wrong web pages.
> Not all the time though. and IE home page is normal.
> System does not seem to be showing ANY other problems.
> Router logs don't show any suspicious activity either, all unauthorized
> access seems to be blocked

Have you tried those sites with another browser?
>
> It is XP but a HP ******* version that quit allowing Microsoft updates
> months ago.
> (last HP/Compaq I ever #*^%$## buy.)

This issue must be fixed! (I am using an older compaq laptop)
Have you looked into if the update service is running?
Administrative Tools/Services
>
> Perhaps tonight I'll look into it further.
> We do run the MVP Hosts files, but had not updated in a while, so I'll try
> that too.
>
MVP hosts file should not be causing your problem(I use it also)

As a last resort, do you still have the install disk that came with your
system? It might be a good idea to make copies of all important files
(docs,pics,music,etc) on removable media, today.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is for use in USENET-feel free to use it yourself.

[AMUN]

"Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
news:gd3201$gjn$1@registered.motzarella.org...
> AMUN wrote:
>> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
>> news:gd2j41$g23$1@registered.motzarella.org...
>>> AMUN wrote:
>>>> I'm a bit stumped if my machine picked up some malware infection, or is
>>>> Yahoo and a few other sites pulling something new ?
>>>>
>>>> For the last week or so, I do a search at Yahoo.com, and pages
>>>> intermittently get re-directed to strange link pages or sales sites.
>>>>
>>>> Noticed when I try to go back (using the back button), there are often
>>>> several strange pages in the history after the page I was at.
>>>> Some actually do say "re-direct."
>>>> Yet ran several scans on my system using several anti-mal/spyware's and
>>>> no malware is being found.
>>>> Also often noticing the same thing at Amazon.com.
>>>> Yet other websites show no problems at all.
>>>>
>>>> So is my system infected with some rare redirection trojan, or, are
>>>> some sites getting really ignorant with the ad's ?
>>> Sounds like your system has been compromised. Are there any other
>>> strange goings-on? What scanners have you run? (please be specific) What
>>> browser do you use? Have you installed any toolbars lately? I see by
>>> your posting headers, you are running XP. Is it up-to-date?
>>
>> First thing I thought was something infiltrated the system.
>> Classic MO of a redirect trojan.
>> No changes have been made (to my knowledge) and no new IE helper apps, or
>> toolbars are installed.
>> And IE (version 6) security settings are higher than most,
>>
>> Only change that was tried, was to update the winamp player (see my post
>> about that choking AVG)
>> But even that was removed and an older version restored.
>>
>> Spybot and AVG always show 100% clean (with latest updates)
>
> You should scan your system with SUPERAntiSpyware and malwarebytes' mbam
> scanners.
>>
>> Yet results from yahoo & Amazon often lead to completely wrong web pages.
>> Not all the time though. and IE home page is normal.
>> System does not seem to be showing ANY other problems.
>> Router logs don't show any suspicious activity either, all unauthorized
>> access seems to be blocked
>
> Have you tried those sites with another browser?
>>
>> It is XP but a HP ******* version that quit allowing Microsoft updates
>> months ago.
>> (last HP/Compaq I ever #*^%$## buy.)
>
> This issue must be fixed! (I am using an older compaq laptop)
> Have you looked into if the update service is running?
> Administrative Tools/Services
>>
>> Perhaps tonight I'll look into it further.
>> We do run the MVP Hosts files, but had not updated in a while, so I'll
>> try that too.
>>
> MVP hosts file should not be causing your problem(I use it also)
>
> As a last resort, do you still have the install disk that came with your
> system? It might be a good idea to make copies of all important files
> (docs,pics,music,etc) on removable media, today.
> --
> Virus Removal http://max.shplink.com/removal.html
> Keep Clean http://max.shplink.com/keepingclean.html
> Change nomail.afraid.org to gmail.com to reply by email.
> nomail.afraid.org is for use in USENET-feel free to use it yourself.


We backup religiously here, so no real chance of losing much of importance.

But yes, I do have the HP Install disks, but they only get your system back
to what HP sold you "loaded" in the first place. So they really are more
"restore" disks, than "installation"
As it was full of trial programs and outright malware that took weeks to
clean out, it's hardly an option I want to repeat.

If it came to that I have a "hacked" version of XP, I'd install first, as a
CLEAN INSTALL.

Just running Trend micro (second try)on it now.
First try found a few "questionable" files, but not much info about them.

Strangely the first run of Trend micro seemed to have zeroed in on my hosts
file, and listed hosts\127.0.0.1 as a bad link/file
(and why I'm running it a second time before letting it fix anything)


And it did show a dozen or so "windows security flaws", so perhaps tomorrow
I'll phone HP again and rip them a new one over why their XP won't update
from Microsoft.
Of course Microsoft will offer no help/support on the "XP" that HP sells
installed in their systems.

And why I'd never buy another HP "preloaded" computer again.
(unless they throw in a full version operating system)
But I suppose all the others like Dell etc, are the same too.

Still a bit strange that after a week of updates both Spybot AND AVG still
didn't find any problems at all.
Yet something IS clearly wrong.

[AMUN]

"AMUN" <antispam@sparmmstop.net> wrote in message
news:gd3pr3$p99$1@aioe.org...
>
> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
> news:gd3201$gjn$1@registered.motzarella.org...
>> AMUN wrote:
>>> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
>>> news:gd2j41$g23$1@registered.motzarella.org...
>>>> AMUN wrote:
>>>>> I'm a bit stumped if my machine picked up some malware infection, or
>>>>> is Yahoo and a few other sites pulling something new ?
>>>>>
>>>>> For the last week or so, I do a search at Yahoo.com, and pages
>>>>> intermittently get re-directed to strange link pages or sales sites.
>>>>>
>>>>> Noticed when I try to go back (using the back button), there are often
>>>>> several strange pages in the history after the page I was at.
>>>>> Some actually do say "re-direct."
>>>>> Yet ran several scans on my system using several anti-mal/spyware's
>>>>> and no malware is being found.
>>>>> Also often noticing the same thing at Amazon.com.
>>>>> Yet other websites show no problems at all.
>>>>>
>>>>> So is my system infected with some rare redirection trojan, or, are
>>>>> some sites getting really ignorant with the ad's ?
>>>> Sounds like your system has been compromised. Are there any other
>>>> strange goings-on? What scanners have you run? (please be specific)
>>>> What browser do you use? Have you installed any toolbars lately? I see
>>>> by your posting headers, you are running XP. Is it up-to-date?
>>>
>>> First thing I thought was something infiltrated the system.
>>> Classic MO of a redirect trojan.
>>> No changes have been made (to my knowledge) and no new IE helper apps,
>>> or toolbars are installed.
>>> And IE (version 6) security settings are higher than most,
>>>
>>> Only change that was tried, was to update the winamp player (see my post
>>> about that choking AVG)
>>> But even that was removed and an older version restored.
>>>
>>> Spybot and AVG always show 100% clean (with latest updates)
>>
>> You should scan your system with SUPERAntiSpyware and malwarebytes' mbam
>> scanners.
>>>
>>> Yet results from yahoo & Amazon often lead to completely wrong web
>>> pages.
>>> Not all the time though. and IE home page is normal.
>>> System does not seem to be showing ANY other problems.
>>> Router logs don't show any suspicious activity either, all unauthorized
>>> access seems to be blocked
>>
>> Have you tried those sites with another browser?
>>>
>>> It is XP but a HP ******* version that quit allowing Microsoft updates
>>> months ago.
>>> (last HP/Compaq I ever #*^%$## buy.)
>>
>> This issue must be fixed! (I am using an older compaq laptop)
>> Have you looked into if the update service is running?
>> Administrative Tools/Services
>>>
>>> Perhaps tonight I'll look into it further.
>>> We do run the MVP Hosts files, but had not updated in a while, so I'll
>>> try that too.
>>>
>> MVP hosts file should not be causing your problem(I use it also)
>>
>> As a last resort, do you still have the install disk that came with your
>> system? It might be a good idea to make copies of all important files
>> (docs,pics,music,etc) on removable media, today.
>> --
>> Virus Removal http://max.shplink.com/removal.html
>> Keep Clean http://max.shplink.com/keepingclean.html
>> Change nomail.afraid.org to gmail.com to reply by email.
>> nomail.afraid.org is for use in USENET-feel free to use it yourself.
>
>
> We backup religiously here, so no real chance of losing much of
> importance.
>
> But yes, I do have the HP Install disks, but they only get your system
> back to what HP sold you "loaded" in the first place. So they really are
> more "restore" disks, than "installation"
> As it was full of trial programs and outright malware that took weeks to
> clean out, it's hardly an option I want to repeat.
>
> If it came to that I have a "hacked" version of XP, I'd install first, as
> a CLEAN INSTALL.
>
> Just running Trend micro (second try)on it now.
> First try found a few "questionable" files, but not much info about them.
>
> Strangely the first run of Trend micro seemed to have zeroed in on my
> hosts file, and listed hosts\127.0.0.1 as a bad link/file
> (and why I'm running it a second time before letting it fix anything)
>
>
> And it did show a dozen or so "windows security flaws", so perhaps
> tomorrow I'll phone HP again and rip them a new one over why their XP
> won't update from Microsoft.
> Of course Microsoft will offer no help/support on the "XP" that HP sells
> installed in their systems.
>
> And why I'd never buy another HP "preloaded" computer again.
> (unless they throw in a full version operating system)
> But I suppose all the others like Dell etc, are the same too.
>
> Still a bit strange that after a week of updates both Spybot AND AVG still
> didn't find any problems at all.
> Yet something IS clearly wrong.
>


Still waiting to see what Trend Micro scan will turn up.
But so far it's showing a strange entry in "application data" \
lobqjkvc\lwrkruxm.exe
And I just don't remember installing "lobqjkvc" at all, either the full or
trial versions <g>

But decided to also try your suggestions "SUPERAntiSpyware and malwarebytes'
mbam" before I let anything get fixed.

I'll post the results tomorrow here of what each found.
And which could actually get rid of problems.