Results 1 to 9 of 9

Thread: From Google to "http://clickfraudmanager.com" wtfk is that?

  1. #1
    Senior Member
    Join Date
    Apr 2004
    Posts
    228

    From Google to "http://clickfraudmanager.com" wtfk is that?

    OK I've been having this problem for a week or so.

    When I click on some links going through Google, it takes me to "http://clickfraudmanager.com" page which then takes me to some weird places.

    I thought it might be some malware, so I ran AdAwara and Malwarebytes as well as Avast Antivirus in Windows safe mode, but the problem still persists.

    is there something wrong with my machiene, or has something gone drasticaly wrong with Google.

    I run WinXP with Avast antivirus and Firefox as a browser of choice.

    Any ideas?
    Don\'t post if you\'ve got nothing constructive to say. Flooding is annoying

  2. #2
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Smile

    Greetings NightCat

    I posted a "guide" if you would not that long ago.

    It would most likely have relevance to what you are experiencing.

    Quote Originally Posted by t34b4g5 View Post
    I recently had to fix a friends computer that was doing the same thing..

    here's the way that i was able to fix it.


    try going to my computer.
    Click the folder button and make sure view hidden files/folders is turned on and check your drives for "resycled" and "autorun.inf" files/folder
    They will appear in the root directory..

    If they are there then go to a command prompt and change the attrib settings to the "resycled" folder and the “autorun.inf” file

    attrib -r -s -h

    then while still in the command prompt just use the del command on both.

    then do a search for autorun.inf on your drives and after the scan just right click on each one and open with notepad or wordpad and check each one, and if any happen to have "boot.com" before a string of jumbled letters numbers then delete.
    the "boot.com hides in the “recycled” folder and when the “autorun.inf” files is loaded it loads the “boot.com” file and your browser will continually get redirected.

    restart computer and then go to my computer and click folder and check to make sure there both gone..

    this thing was not only not letting me access the computers drives it also decided that it would re-direct the browser to www{X}copy-book{X}com {Note don't click site got active malware} all the time a little and i did the above and it should solve the issue.


    Also
    Start Windows in safe mode, then click Start -> Run. Type in regedit and click okay.

    Now at the top of the registry editor,
    click Edit -> Find.
    Type boot.com and click Find Next. Every time it finds a new boot.com, press the delete key and then enter. It should find a dozen or so copies.

    Now, plug in any external drives or flash drives you have used with this computer.
    Open
    My Computer. Click Tools -> Folder Options -> View and select "Show Hidden Files and Folders" and click okay.

    For each drive, open it and delete the “recycled” folder and “autorun.inf”. Back up each “autorun.inf” before deleting them off external drives, because they might be important.

    Restart the computer and the problem should be gone.

    Any removable usb drives you've plugged into that computer will also be infected with the virus, so make sure you clean them out too (note if you clean your comp, then plug-in the usb drives it'll re-install itself)
    any computers you've plugged that usb drive into are also infected

    a summary of what this thing does - its installed itself as a windows driver with a random dll file name, you'll have to track down ALL instances of it and eradicate it completely. Booting in safe-mode will assist, the drivers wont show up in control panel or admin tools either as its hidden

    other things you will need to remove this damn virus
    malware-bytes anti malware
    SmitFruadFix Scan
    hijack this
    gmer

    this thread should help you: http://www.bleepingcomputer.com/forums/topic191577.html

    if you download and install the latest version of those programs they should work fine without and update, the virus re-directs the update URL's as well. You will find its system-wide not browser specific!


    Also i would suggest downloading and running ComboFix.exe

    It will help remove majority of the left overs.

    Disconnect your machine from the network/Internet and follow the instructions and disable your AV when running combofix.

    please report back if you need further assistance.

    Also apparently it has something to do with The nasty Conficker worm.
    Last edited by t34b4g5; February 26th, 2009 at 07:53 AM.

  3. #3
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    If it is a home computer, you may want to take a look at this:

    http://www.mvps.org/winhelp2002/hosts.htm

    It replaces your host file with one that redirects connection attempts to 127.0.0.1 [localhost]. It isn't an end all be all solution to malware problems, but adds an additional layer of security.

    It is current as of this month, and I think they update it pretty often. Anyone else using this?
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi,

    It is current as of this month, and I think they update it pretty often. Anyone else using this?
    No, but I use Spybot S&D which has something similar. You will probably have to activate it:

    Open (in advanced mode?)
    Tools
    Check the hosts file box
    Click hosts file button on left
    Select: "Add Spybot S&D hosts list"

    It will update when you update Spybot S&D

  5. #5
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Quote Originally Posted by nihil View Post
    Hi,



    No, but I use Spybot S&D which has something similar. You will probably have to activate it:

    Open (in advanced mode?)
    Tools
    Check the hosts file box
    Click hosts file button on left
    Select: "Add Spybot S&D hosts list"

    It will update when you update Spybot S&D
    Hey nihil thanks for the tip. I will have to check that out. I wonder what the overlap is between the two lists.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  6. #6
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    I just use The Proxomitron

    Although it is a old app it still seems to work fine. You can even get it to load up custom .txt files and use it as an adblock amongst other things.

  7. #7
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    Quote Originally Posted by nihil View Post
    No, but I use Spybot S&D which has something similar. You will probably have to activate it:
    I have tried both of these, and I've found the hosts from mpvs.org to be very much more complete, so I just moved to that. From that website you can get software called Hosts man, which automatically updates it. The Spybot hosts did seem to work alright though.

  8. #8
    Senior Member
    Join Date
    Apr 2004
    Posts
    228
    Hi Guys

    Sorry for not comming back for so long on this one, just been a bit rush lately

    The issue is resolved by deleting a file from one of the folders in
    "C:\Program Files\Mozilla Firefox\extensions\"

    For the life of mine can not remember which one it was. Once I have a minute I'll try to find it's name and post it here. None of the modern scanners seem to catch thus far
    Don\'t post if you\'ve got nothing constructive to say. Flooding is annoying

  9. #9
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    We have the same issue with updating Panda here.

    Conficker redirects all the DNS to some 85. IP 0_o

    What a headache to get out ...

    Microsoft malicious software remover apparently works wonders here.

    But I am not allowed to use 3rd party tools 0_o
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

Similar Threads

  1. Google vs eBay
    By Egaladeist in forum General Computer Discussions
    Replies: 1
    Last Post: October 28th, 2005, 04:49 AM
  2. Befriending Google
    By ch4r in forum Other Tutorials Forum
    Replies: 2
    Last Post: January 21st, 2005, 02:53 PM
  3. Google as a Hacking Tool
    By 3rr0r in forum The Security Tutorials Forum
    Replies: 26
    Last Post: December 1st, 2004, 06:31 AM
  4. Google is watching you...
    By MrLinus in forum Web Security
    Replies: 13
    Last Post: August 7th, 2004, 04:13 PM
  5. Article about our loved Google...
    By -DaRK-RaiDeR- in forum AntiOnline's General Chit Chat
    Replies: 0
    Last Post: December 22nd, 2002, 07:21 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •