View Full Version : search page pops up http://www.mrbloodhound.com/401.html
Jethroww
11-12-2005, 11:48 PM
Hi Guys. The problem I am having is everytime I do a Google search and hit
a web page this page pops up "http://www.mrbloodhound.com/401.html"
How do stop this from happening? Thanks
andyman
11-13-2005, 09:56 AM
I've seen this but with different related sites popping up
either it's a new spyware type (can't find it) or google got hacked with an old 302 redirect exploit.
clean your machine to be sure.
if you use the back button and click the link again (sometimes 3 times) do you get the real link ?
Jethroww
11-13-2005, 12:39 PM
Hi Andyman. I have ran Ad-Aware SE and CCleaner and nothing was found
that I'm aware of. What is happening when I click on a responce from Google
it starts to go to that internet address I see it in netscape (7.2) search window
but then mrbloodhound.com/401.html pops into the search window and I go to that address. I also have tried the same search with firefox and I get the same
with that. Javainstaller.jar-5ad1bcbe-2ade0456.zip was found a few days ago
and put into quaranteen if thats any help? Tkanks for the help.
Digiital
11-13-2005, 02:09 PM
You have two more choices, SPYBOT and also check out the MS one: http://www.microsoft.com/athome/security/spyware/software/default.mspx
Sure sounds to me like it's spyware. Try this test, if your running IE, download and install FireFox, then do the same search and see what happens
Jethroww
11-15-2005, 06:54 PM
Hi Digiital. I ran Spybot and it found 3 items. I fixed them but still have the same
problem. If it is an old 302 redirect exploit how could I fix it? Thanks
Jethroww
11-19-2005, 08:17 AM
Hi Guys. I ran a few more Virus tools last night and found the following.
Any help would be appreciated. Thanks
BitDefender Online Scanner
Scan report generated at: Fri, Nov 18, 2005 - 22:17:56
Scan path: A:\;C:\;M:\;N:\;
Statistics
Time
00:53:27
Files
141494
Folders
1895
Boot Sectors
2
Archives
5629
Packed Files
14085
Results
Identified Viruses
3
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
233910
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
38
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\Desktop\mIRC.lnk=>C:\Program Files\mIRC\mirc.exe
Infected with: Backdoor.IRC.Zapchast
C:\WINDOWS\Desktop\mIRC.lnk=>C:\Program Files\mIRC\mirc.exe
Disinfection failed
C:\WINDOWS\Desktop\mIRC.lnk=>C:\Program Files\mIRC\mirc.exe
Deleted
C:\WINDOWS\Desktop\mIRC.lnk
Update failed
C:\pop2.sympatico.ca\Inbox=>(message 494)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip=>price.html
Infected with: JS.Dword.dropper
C:\pop2.sympatico.ca\Inbox=>(message 494)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip=>price.html
Disinfection failed
C:\pop2.sympatico.ca\Inbox=>(message 494)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip=>price.html
Deleted
C:\pop2.sympatico.ca\Inbox=>(message 494)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip
Updated
C:\pop2.sympatico.ca\Inbox=>(message 494)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip=>price/price.exe
Infected with: Win32.Bagle.AL@mm
C:\pop2.sympatico.ca\Inbox=>(message 494)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip=>price/price.exe
Deleted
C:\pop2.sympatico.ca\Inbox=>(message 494)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip
Updated
C:\pop2.sympatico.ca\Inbox=>(message 494)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)
Updated
C:\pop2.sympatico.ca\Inbox=>(message 494)
Updated
C:\pop2.sympatico.ca\Inbox
Update failed
C:\pop2.sympatico.ca\Trash=>(message 452)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip=>price.html
Infected with: JS.Dword.dropper
C:\pop2.sympatico.ca\Trash=>(message 452)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip=>price.html
Disinfection failed
C:\pop2.sympatico.ca\Trash=>(message 452)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip=>price.html
Deleted
C:\pop2.sympatico.ca\Trash=>(message 452)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip
Updated
C:\pop2.sympatico.ca\Trash=>(message 452)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip=>price/price.exe
Infected with: Win32.Bagle.AL@mm
C:\pop2.sympatico.ca\Trash=>(message 452)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip=>price/price.exe
Deleted
C:\pop2.sympatico.ca\Trash=>(message 452)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)=>new_price.zip
Updated
C:\pop2.sympatico.ca\Trash=>(message 452)=>[Subject: ][Date: Mon, 09 Aug 2004 14:14:37 -0600]=>(MIME part)
Updated
C:\pop2.sympatico.ca\Trash=>(message 452)
Updated
C:\pop2.sympatico.ca\Trash
Update failed
vBulletin® v3.7.3, Copyright ©2000-2008, Jelsoft Enterprises Ltd.