Hello :-)
This is just a "really quick" hypothesis: It seems your system
might have been infected with a variant of Zlob.
http://www.malwaredomainlist.com/mdl.php
I did not have time to pin point the exact variant. You can read up more on
it
http://www.symantec.com/security_response/writeup.jsp?docid=2005-042316-2917-99
These guys might have a standalone zlob removal tool..I am not 100% sure
about this though.
Hope this was of some help,
-A
--
Anirban Banerjee
Co-Founder Jaalcheck.com
PhD Candidate [EMAIL PROTECTED] Riverside
On Fri, Sep 26, 2008 at 6:40 AM, chesar <[EMAIL PROTECTED]> wrote:
>
> Thanks both to Anirban & Steve for your quick responses. I hope to
> pursue your suggestions in the weekend. Meanwhile I have couple of
> questions? Why bookmarked sites, though gets redirected, returns
> finally to the bookmarked site and displays the corresponding site.
> It does take longertimethough to download, probaly beacuse it goes
> throgh other sites.
>
> I am also listing below the history whch firefox captured while
> getting directed. Starts from the bottom - Google serach
>
> Save on Cheapest Tickets All Airlines - Compare Prices, Find Discounts
> & Buy Online - Smarter.com ---se--qq-Cheapest+Tickets+All+Airlines--
> pt-0--tt-.html ---se--qq-Cheapest+Tickets+All+Airlines--pt-0--
> tt-.html /d/sr/?xargs=15KPjg1%2DBSmpamwr
> %2DocrjISeSAx1Yaxca58M5rDpR9HtVf8WQ8De15aqHImcF%2DReVu%2DF%2DNwPOQ
> %2DaIWK%5FL5nf%2DKEQqMQ1uBEOL3yt2awIo5MqakUNRAgvMa
> %5FrXkn4dPOHcOZWa01eOL3uPLIdbvbj%5Fjzr8tvkXa8PBqwc
> %2DyxOAcGL7bzgMp9g6LddISvPIkgLnCKJ56S8Ageq
> %2Dd4C6RdooRmNF1wN2UECETWyKk42192C6DMm9ypqrTepELvb3vm4abf7KpkYoGPhXTobcn
> %2DFrPmiXIjZwyY237uajBom9HXfq5d0btvRt
> %2D8eyD1ayOPlRTjiT5RMzPRib6NAooJQEkCvy1ZQGPbCJTsU
> %2DaJsspOZTylWDrUfPVVXJ4KkVQq968Lpde7gzen2AuPVjbS5fTvShPJLMt3BvmtTCL
> %2DmxJvg%2E%2E search.php klik.php click_my.php /?
> u=AKmm5AC8vg4J8PQLODnSQ-
>
> P7H5FToMitDkEmr3GH__IxDOTm9fr5Ejj7iMb3ImrQfU4DA3iIIL8PLLn8lDGZD4j7LWx5mxb30ng6AwuvSHAby2G2RgL3h4nAXszuf1LJFS7PNFGeB5qP6PDSdpndg3rG8ekF0pGS-
> jv8Me3T3gQZuh1YzpA3oJ-y5oG2lm6Ld3GXuXuGHaULtuzyZ1Q5VXkRyYs3tMPb-Fyl-
>
> kxk34w14zSyxGF4iWEBd30xU6tJzXU5iu4dVXce89b1QDLPWtNuaxrmj8I4vifqYOIWHyOgeaDlhJhM170cQljeI00Wbbuog-
> Zn-
>
> qzchXDl9pMQsNOZ81elLqR8efpYUZGx7TNcn5aU5eu0cta60S3HjyKxFtpY2Z1P9ShuqvXtybohYlgLqDRTbj1PfBltXLcgygQ_boT7h8mnJQoEW6MtLdWj9uUqbxLUcd6Bvya8Cge61m0fBzUIThMKALKmKz1eEjcyFXrru_Vh9q2rTmaCV_tyCogQpwiqIkHuCX1QHSgV9of8n7CTDSrta5odOf6JcW8iXuakPOj07zyD78ZH0FngQluE0xa2t0Sm6x5KNMD-
> CFQTX17TqaMfweJHv7Y4NqeQOe-lPsUgZhOyRG77SX0zgEituFgxd2_X1sQ1aWS-
> KDlO7nZSyJozXozjaLdIK2zfdvG-2aXgsrSs48BwotTg9X3db--
> d5psHtPUEyL6pg5u62WNqcet_GqTa0Jxuw6E588cm8Usi0azbYf-
>
> WssrxEmzszHftSv2CV5wLBx6H_odLneWXzLwjZ5WkKJnLWxN_Q18P5j2mgFSHUfvPxoTuhjqghibWsrHXt7FpP139GVZbJXYlD9JO7fXZjYdVBloQFEQUCVmFvqj9SMmSCj0dl7BxLexVo9TYvei603oyiCwaDpc3DlW1vbGb-
> Ef6G-VrNut7NPQ-
>
> ejcUXS1KAc59pBQNlypP0Ttg-5wajgNuyqBrK6vWvpyW0sKHNMpclU3_ovex_13OJz2jcqlgIfIQZIOd6ugkDH5dy1Oem6h0LzCmv4TKwOvVyenyQK4UDWRIixJOPwDl-
> uWr_6aLEz4GpoAkEk0E-
> X2A2XdxDtmkWxcmkkJD3QqHC9mgxc4zthrHW4q3iu7eyLMoP7Nui_wihgPbpck3aSqn-
> t9OUuQ3D9zFBs2MRjj-
>
> cAJLiZGvXocKlTABORzw5UIw5ZME8_moScmFiDwfQkSsEECGEEDSi4Inq8Ir1_k1UySXGmsef7FYh4zAAQhYGDBZYW_9PGxkdjf-8-
> mLDaxFTrZ51nZtZiGHPC8Oga-
> qYw_TG7TqKn-5RKQF1NujmEcOZuEAEQUBEm7AKaopkoHEehUokoSsL1toNe%3Ds%3Fphp.c
> %2F711.691.111.46&bid=0.084150&aid=61&said=v2test7&ppc=peak
> Redirecting... I36o2Y5CDkQUGM98.php out.php clickn.php c.php c.php air
> canada - Google Search
>
> Does these redirections make any sense?
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message through the Google Groups "stopbadware" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/stopbadware?hl=en
-~----------~----~----~----~------~----~------~--~---
