Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google hijack?


  • Please log in to reply
5 replies to this topic

#1 Pirahnya

Pirahnya

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 14 February 2012 - 03:39 PM

This just started happening: Running Firefox 10 (started in 9 before updating), doing a search in Google (either from the Google.com website or the search engine box in the upper right corner of Firefox). With me so far? I do a search (used Bleepingcomputer). The Google search results look fine, but the search link is messed up. Bleeping computer should be "http://www.bleepingcomputer.com". Instead it is "http://www.bleepingcomputer.com/&sa=U&ei=IMI6T7ruFeXs2QXv5oCyCg&ved=0CBEQFjAA&usg=AFQjCNFnCpAywSTLxpxpGDkZuCprOY5nxg".

This is on every search result. The characters are different, but the result is the same when you click on it... a lot of 404's, can't find file, url, etc.

Tried wife's PC and my notebook, search is normal.

Running new HP i5 Quadcore, 8GB RAM, 1TB drive, 2GB Video card, 64 bit, Windows 7. Plenty of space, cache, cookies, temp files, etc. is cleared (using ccleaner from Piriform). Have run Malwarebytes, Avast, TDSSkiller. System appears to be clean. Hosts file has not been altered. Nothing ordinary that just jumps out and slaps you in a hijackthis report.

I'm hesitant to remove and reinstall Firefox because of all the plugins I've got. Besides, the same thing happens in IE. This seemed to start happening after upgrading a Silverlight request. (Which I've removed, but hasn't made a difference.)

Ideas? Questions? FIXES?

dA Fish

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:18 AM

Posted 14 February 2012 - 03:47 PM

Hello, there's a good cahnce it is one of those plugins. Let;s try these 2 first as they are faster.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



>>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


>>>>

Last try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 Pirahnya

Pirahnya
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 14 February 2012 - 09:01 PM

As mentioned, already ran TDSkiller and it found nothing. I will run the other program. I did find out that combofix reset a lot of the customizations I had for Windows 7 (UAC off, updates off, action center icon off, etc.). Now I have to set everything back up. And it killed my CS5. Apparently it thought my LEGAL app was a hacked version. Now I have to uninstall it and do it over. Yay! What a fun... FUN... day!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:18 AM

Posted 14 February 2012 - 09:29 PM

Ok, I actually wanted to run Killer like this.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 Pirahnya

Pirahnya
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 14 February 2012 - 09:47 PM

Okay. But nevermind. I found the offending culprit. Seems that for some reason my "GoogleEnhancer" became "incompatible" with Firefox. It worked fine even before I updated to 10, but go figure. And it wasn't the whole add-on, it was the "Use Google Classic" radio button turned on. I got this add-on after Google started making their search engine so... oh, what's the word I'm looking for... umm... oh, yeah... crappy!

Anyway. thanks for the help. Now I have to find out how to close this issue.

da Fish

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:18 AM

Posted 14 February 2012 - 10:05 PM

Da Fish,even though it wasn't an infection now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users