Jump to content

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


"googleads.g.doubleclick.net" added to every search link web address

  • Please log in to reply
3 replies to this topic

#1 dora2


  • Members
  • 3 posts
  • Local time:02:35 PM

Posted 19 September 2010 - 06:23 PM

Hi, I'm new and have searched your "infected" forum but haven't found a problem quite like mine. I'm using Windows XP, Firefox (upgraded to 3.6.10 today).
When I run a Yahoo or Goggle search and click on one of the links, about half the time I can't connect, get the Firefox message "problem loading page/server not found", or get re-directed to other pages. The key here is that I noticed that "google.ad.sgdoubleclick.net" is added to every one of my intended web pages.

I've run Hitman pro 3.5, and it told me that I might have been infected with TDL3/Alureon (rootkit detected), and about 8 problems were detected (sorry for being vague here). It "deleted" the problems (no more warning about the TDL3/Alureon), except for 2 tracking cookies. I manually deleted those 2 files in my cookies folder and I re-booted the computer (just in case), ran Hitman pro again, and this time the only thing that comes up is the same 2 tracking cookies (listed below)

C:\Documents and settings\Compaq_Owner\cookies\System@doubleclick[1].txt
C:\Documents and settings\Compaq_Owner\cookies\[email protected][2].txt

Hitman pro is still unable to delete them.

I ran Malwarebytes anti-malware 1.46 full scan, and 3 hours later nothing was found. Everything was "0".

After some reading on your forum, I also deleted older versions of Java, and installed the most current one.

I also run Symantec endpoint protection, and last night, before all of this began, I got a warning that "Trojan.FakeAV!gen39" was detected and successfully cleaned.

I'm not sure if this is relevant or not, but this morning, before all of this started, when I first turned on the computer, Firefox warned me that a new add-on had been added (turned out to be an older Java 6.0.12), and I disabled it.

Any help would be very appreciated.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 61,902 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:03:35 PM

Posted 19 September 2010 - 08:26 PM

Those two are just cookies and should be deleted. You will always get cookies when you visit sites unless you set your browsers to not accept any.

What version of JAVA is running?
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).

Please run the tool here How to remove Google Redirects

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 dora2

  • Topic Starter

  • Members
  • 3 posts
  • Local time:02:35 PM

Posted 19 September 2010 - 10:26 PM

I'm running Java 6 update 21. I think I solved my problem, although it's odd. I use Mozilla Firefox, under Tools, Options, Content, if I uncheck the "Enable Javascript" box, search links work fine. As soon as I check box to enable Javascript, I start getting the "googleads.g.doubleclick.net" added to every search link web address again.

#4 dora2

  • Topic Starter

  • Members
  • 3 posts
  • Local time:02:35 PM

Posted 19 September 2010 - 11:16 PM

Boopme, thanks for your help. I ran the tdsskiller, and no infections were found. I don't think I'm infected. I enabled "Java quick-starter 1.0"under my add-ons, and searches on Google are working fine even with Javascript enabled. Searches on Yahoo are a different story, though. Oh well, I'll just stick with Google and Bing for now. Thanks again.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users