carnine9 38 Report post Posted April 24, 2012 Salam, saya nak tanya. Sebab nih 1st time jadi, dan bermacam2 cara saya buat , tapi tak ok jugak. Sekarang browser FF n Chrome saya, jadi macam nih, bila click link jer, kekadang dia terus ke website lain ( Rocketnews.com ), tapi sebelum tu, page tu jadi macam source code dulu. Kena click & back links banyak kali, baru mau ke website yang kita nak gi. Clear cache hari2, guna ccleaner, MBAM dah guna, KAV 2012 full scan, Spybot full scan, Tssdkiller dah scan. Google tgk browser hijack, tapi jadi jugak. Ni contoh saya click link kat google carnine9. dia akan ke rocketnews pastu ke website nih. Ingatkan FF jer, tapi Chrome pun jadi ? adakah masalah KAV saya ? [center][img]http://www.pixelshack.us/images/qp62jdi7597zi41myjvg.png[/img][/center] Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted April 24, 2012 check file host try restart firefox with addon disabled still redirect ke?? MBAM tu version latest ke lme nye?? Quote Share this post Link to post Share on other sites
carnine9 38 Report post Posted April 25, 2012 (edited) [quote name='dvdbane' timestamp='1335303856' post='1081410'] check file host try restart firefox with addon disabled still redirect ke?? MBAM tu version latest ke lme nye?? [/quote] cantik, bro dvdbane tolong, Host kat system32 betul bro, FF uninstall ngan revo, then install balik, jadi gak, pastu try guna chrome, jadi gak, bermakna bukan salah browser, MBAM mmg update latest version ( quick scan, full scan & flash scan = [biskut tawar] ). tak nah jadi lagi cam nih sebelum2 nih, try google pasal browser hijack, ikut step2 diorang pun tak ok gak, agak2 pasal KAV 2012 nih tak DNS modem kena reset lain ? Host : [quote]# Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost [/quote] Saya duk isau kut dns modem kena reset, sebab jadi nih rasanya lepas guna open dns setting kat FF tu rasanya lah. Edited April 25, 2012 by carnine9 Quote Share this post Link to post Share on other sites
khorback 11 Report post Posted April 25, 2012 huyu.....browser dah kena rampas merampas!!!! Quote Share this post Link to post Share on other sites
meerforall 7 Report post Posted April 25, 2012 (edited) buat mcm dvdbane tu pastu tambah lagi satu run regedit.exe pastu tkan (ctrl+f) tulis kat situ (travelindonesia) tkan find next...dh kuar yg die mark delete tros... buat satu2.... selamat mencuba (jgn salah delete kat regedit tu BAHAYA!) Edited April 25, 2012 by meerforall Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted April 25, 2012 (edited) make sure sume software da ttop 1st run software ni dlu [url="http://majorgeeks.com/OTL_OldTimers_List-It_d7074.html"]OTL (OldTimer's List-It)[/url] post OTL.txt dan Extras.txt try gne spoiler...klu xle,upload kat mediafire lepas habis scan,gne software ni plak [url="http://majorgeeks.com/GooredFix_d7057.html"]GooredFix[/url] post gak [b]Goored.txt [/b] pastu check problem still ad ke x? rsenye ni lbih kpd browser re-direction bleh gak klu nk try tkr DNS tu kpd Google DNS Primary 8.8.8.8 Secondary 8.8.4.4 Edited April 25, 2012 by dvdbane Quote Share this post Link to post Share on other sites
carnine9 38 Report post Posted April 25, 2012 (edited) [quote name='meerforall' timestamp='1335357660' post='1081445'] buat mcm dvdbane tu pastu tambah lagi satu run regedit.exe pastu tkan (ctrl+f) tulis kat situ (travelindonesia) tkan find next...dh kuar yg die mark delete tros... buat satu2.... selamat mencuba (jgn salah delete kat regedit tu BAHAYA!) [/quote] Owh ok tq Meer dah try . [quote name='dvdbane' timestamp='1335361035' post='1081448'] make sure sume software da ttop 1st run software ni dlu [url="http://majorgeeks.com/OTL_OldTimers_List-It_d7074.html"]OTL (OldTimer's List-It)[/url] post OTL.txt dan Extras.txt try gne spoiler...klu xle,upload kat mediafire lepas habis scan,gne software ni plak [url="http://majorgeeks.com/GooredFix_d7057.html"]GooredFix[/url] post gak [b]Goored.txt [/b] pastu check problem still ad ke x? rsenye ni lbih kpd browser re-direction bleh gak klu nk try tkr DNS tu kpd Google DNS Primary 8.8.8.8 Secondary 8.8.4.4 [/quote] Orait bro. Nih baru test. Mmg tgh guna google DNS skrg, tapi yang lappy ok, yg jadi nih kat pc, modem password yg sama. Kira bermakna bukan masalah modem mcm thread browser Hijacker suruh test. OTL.txt : [url="http://www.mediafire.com/?2kvzhkz604znyav"]http://www.mediafire...2kvzhkz604znyav[/url] Extras.txt : [url="http://www.mediafire.com/?dk3e6629a9j05l5"]http://www.mediafire...dk3e6629a9j05l5[/url] [b]Goored.txt :[/b] [url="http://www.mediafire.com/?8lv2gklbb6xjjc1"]http://www.mediafire...8lv2gklbb6xjjc1[/url] Edited April 25, 2012 by carnine9 Quote Share this post Link to post Share on other sites
shelldrake 11 Report post Posted April 26, 2012 kalau guna [url="http://portableapps.com/apps"]FF @ Chrome portable[/url] version jadi gak ke? Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted April 26, 2012 (edited) bleh tgk x fiile ni berkaitan dgn pe?? C:\Windows\tasks\Omcll.job download ni [url="https://support.kaspersky.com/downloads/utils/tdsskiller.zip"]TDSS Killer[/url] run > klu ad infection die akn reboot etc pastu post log kat sni utk double check,download [url="http://www2.gmer.net/gmer.zip"]Gmer[/url] run gmer.exe pastu tggu quick scan habis, tkan scan lps tu save log > post kat sni p/s : sori la bnyk sgt mntx log...hahaha ak mls lg nk sruh gne Combofix psl combofix ni die kdg2 bnyk prob yg jd lepas die buang infection make sure run software2 ni 1 by 1 lps abes scan sume baru run 1 lg Spybot da obsolete act...da bleh uninstall...hahahha Edited April 26, 2012 by dvdbane Quote Share this post Link to post Share on other sites
carnine9 38 Report post Posted April 26, 2012 (edited) [quote name='shelldrake' timestamp='1335440317' post='1081476'] kalau guna [url="http://portableapps.com/apps"]FF @ Chrome portable[/url] version jadi gak ke? [/quote] Dah try portable FF 12, jadi gak bro even tak install add-on. [quote name='dvdbane' timestamp='1335474680' post='1081481'] bleh tgk x fiile ni berkaitan dgn pe?? C:\Windows\tasks\Omcll.job download ni [url="https://support.kaspersky.com/downloads/utils/tdsskiller.zip"]TDSS Killer[/url] run > klu ad infection die akn reboot etc pastu post log kat sni utk double check,download [url="http://www2.gmer.net/gmer.zip"]Gmer[/url] run gmer.exe pastu tggu quick scan habis, tkan scan lps tu save log > post kat sni p/s : sori la bnyk sgt mntx log...hahaha ak mls lg nk sruh gne Combofix psl combofix ni die kdg2 bnyk prob yg jd lepas die buang infection make sure run software2 ni 1 by 1 lps abes scan sume baru run 1 lg Spybot da obsolete act...da bleh uninstall...hahahha [/quote] C:\Windows\tasks\Omcll.job <- yang nih bro aku try bukak ngan notepad, dia kosong jer. ntah betul ke tak aku buat.Aku printscreen. [img]http://www.pixelshack.us/images/b64zq2ukr1ky9h9w7lwh.png[/img] download ni [url="https://support.kaspersky.com/downloads/utils/tdsskiller.zip"]TDSS Killer[/url] < yg nih aku dah guna masa mula2 dulu pas jadi prob nih, tak detect. Tadi buat sekali lagi, tak detect gak. [url="http://www2.gmer.net/gmer.zip"]Gmer[/url] < - dah scan tak detect gak. Log : [url="http://www.mediafire.com/?jqgw6r1mq3wj4pp"]http://www.mediafire...jqgw6r1mq3wj4pp[/url] Combofix banyak bab. Biar yang tu. Lagipun, aku tak pandai nak buat. Haha. Takpe biar dulu, spy bot aku dah uninstall tadi. Aku nak try uninstall KAV then install balik, sebab 1st jadi dulu, member aku cakap kemungkinan KAV. Dia agak2 jer, sebab yg leh jadi nih, aku rasa dekat2 time lepas aku key serial number beli rm20 jer, online. Pastu aku pakai open dns ( 208.67.222.222 . 208.67.220.220 ). Lepas pada tu baru jadi sampai skrg. Tak pasti betul ke tak pasal KAV ngan open dns. Aku cuba dulu uninstall. Edited April 26, 2012 by carnine9 Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted April 27, 2012 (edited) try update CCleaner > run > make sure DNS Cache da select > analyze > run cleaner copy n paste code ni dlm notepad save as IPRenewer.bat [spoiler]@echo off echo Dynamic IP Renew pause echo About to flush DNS Resolver Cache... pause echo Now flushing DNS. netsh interface ip delete arpcache ipconfig /flushdns echo About to release and renew IP. Please exit any games or programs echo that need a dedicated internet connection. Once the IP renewal is echo finished, restart them. You may leave browsers open, and IMers... echo Note: YOU WILL BE DISCONNECTED FROM THE INTERNET FOR ABOUT 5-10 SECONDS... pause echo Now releasing IP address. ipconfig /release echo Now renewing IP address. Please wait until your IP is shown again. ipconfig /renew echo Done... pause exit[/spoiler] ok klu xjd gak lps ko try sume tu,try download [url="http://download.runscanner.net/runscanner.exe"]RunScanner[/url] upload log dgn file run [img]http://c1330282.cdn.cloudfiles.rackspacecloud.com/images/smalltuu.png[/img] p/s: klu xle gak,better format la...sng keje...hahaha klu dpt ke ak desktop ko tu,mmg mcm2 ak buat tp nk buat cane,xde dpn mate Edited April 27, 2012 by dvdbane Quote Share this post Link to post Share on other sites