Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Problem On Explorer


  • Please log in to reply
20 replies to this topic

#1 major14

major14

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 19 February 2008 - 04:31 AM

Hi All,

I am having trouble with Internet Explorer. When I try to get to a link that Google brings back, the browser goes to some other location.

I've downloaded and run AVG, spybot, and ad-aware. AVG found CoolWebSearch, but after deleting those entries, the problem still exists.

Can anyone help me solve this one?

Thanks!

major

Edit: Moved topic to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:11:52 PM

Posted 19 February 2008 - 05:00 AM

Hi major14, Welcome to BC,

Can't say as I've ever had that problem, however I did a bit of Googling on your behalf and found this --> http://www.pcstats.com/articleview.cfm?articleID=1579 <-- give it a read and see if it'll do you any good but I would caution you about #7 at the bottom of that page... don't go mucking round in your registry unless you know what you're doing.

If that page isn't enough here's a whole gang of others that you can check out --> http://www.google.com/search?sourceid=navc...rowser+hijacker

Good Luck.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#3 major14

major14
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 19 February 2008 - 10:06 AM

update
I have just discovered that the redirect begins by going to a site called http: // v3.m-feed.com This call is sent the parameters of my google search, and then brings up a generic window with links that have keywords related to my search, but in no way reflect the url that I selected.

Wendy,

Thanks for the welcome and the links. Just as an FYI, I found this site by a google search, and each thread is very specific to the particular poster and their system. Most start with a printout of hijackthis results.

Perhaps I posted in the wrong forum. My operating system is officially called Windows 2000 professional. I made the assumption that this is where it belongs, so if it needs to be moved, mods please move it.

I will post back after reading through your first link.

Edited by major14, 19 February 2008 - 08:04 PM.


#4 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:11:52 PM

Posted 19 February 2008 - 05:05 PM

Hi major14,

I hope you find something at one of those links that helps you overcome your problem. I don't know anything about Windows 2000 so I cant tell you anything specific about it. I use Windows XP Home Edition.

Do you have any Anti AdWare or Anti SpyWare programs installed on your computer... say like AdAware SE, SpyBot Search & Destroy, SuperAntiSpyware or AVG Anti-Spyware? All of those have FREE editions that you can use for as long as you want to.

Just in case you don't have any of those things installed here's a link to one that's FREE --> http://www.pctools.com/spyware-doctor/?ref...CFR3aXgodz12y0A <-- That should take you straight to the download page. Just select the Home & Home Office Free Download button to download it.

I just installed it, updated it and let it run an initial scan... as soon as I post this reply I'll be off to the 'Am I Infected' forum to post a thread there because that sucker showed that I had TWO TROJANS present :flowers: and I need to find out if that is true or if it's a false positive before I go any farther with it.

I think that you ought to edit your last reply and KILL that link so that no one else will just click on it and possibly get infected with something. You can kill it by deleting it and typing it back in like this --> http:// v3.M - feed . com <-- putting blank spaces in it like that will kill it.

Perhaps I posted in the wrong forum. My operating system is officially called Windows 2000 professional.

Yeah you kind of did put it in the wrong forum but that's no big deal... just DON'T go taking any advice that anyone gives you in this forum that requires you to make any changes to your system UNLESS they are like a Moderator or Admin.

Knowing that you have something nasty in your system you might want to get your butt over to this page --> http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ <-- and follow all of the instructions, starting at the top and working your way down the page.

Most of the time just doing that will fix whatever is ailing your PC but if you're still having the same or other problems after you do all of that then go to this page --> http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/ <-- and start a thread there.

Be sure that you say what your operating system is, and give as detailed account of the problems that you're having and tell everything that you've already done to try to fix it.

Then one of the security people... like a HJT Trainee, HJT Team Member, BC Moderator, or an Admin will start working with you on your problem. If they think its bad enough then they will tell you to post some logs in the HJT forum... but DON'T do that unless they tell you to.

Hope you get your problem straightened out real quick. Now I'm off to post a thread in 'Am I Infected'. :thumbsup:


Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#5 dark messenger

dark messenger

  • Members
  • 1,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland NZ
  • Local time:11:52 AM

Posted 19 February 2008 - 05:14 PM

you could always download CWShredder and see if that fixes the problem :thumbsup:

#6 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:11:52 PM

Posted 20 February 2008 - 01:53 AM

Hi major14,

You can get CWShredder from here --> http://filehippo.com/download_cwshredder/

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#7 major14

major14
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 20 February 2008 - 03:07 AM

Wendy and Dark,

Thank you for your responses. Wendy, thanks for the tip to edit that link. I never thought of that, I hope no one picked up this nasty bug.

For the record, I have already tried CWShredder. No help.

Here are the programs I have used thus far, and I'm still experiencing the problem:

1) AVG Anti-Spyware 7.5
2) avast!
3) Spybot
4) Spyware Blaster
5) Ad-Aware
6) CCleaner
7) CWShredder

I've done a google on this problem, and it appears that there is something that has changed in my registry. Although I have used regedit, I don't like digging around in there unless I have to. Right now, I think I have to.

A few other things I've noticed... the ip address that receives the redirect is 216.161.121.115. There also is a call to go.php, whatever that does. It is now working sporatically, meaning some google links work and some don't. Finally, the website that it is redirected to also changes. The latest one is dns4error . com.

WTF!

Thanks again for any and all suggestions. This one is busting my behind.

Edited by major14, 20 February 2008 - 03:08 AM.


#8 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:11:52 PM

Posted 20 February 2008 - 04:28 AM

Hi major14,

OK *feeling kinda blond right now* I just re-read your original post and saw that you had said that you had done the CWS thingy.

Hey, you might want to rush over here --> http://www.larshederer.homepage.t-online.de/erunt/ <-- and download both of those little buggers. I know it's like closing the stall door after the horse has already ran away but at least if you use that ERUNT thingy you'll always have a back up copy of your registary in case something like this goes wrong in the future.

I mean that System Recovery thingy in XP never seems to work when you really need it to.

As for 216.161.121.115 and dns4error . com, If you do a whois search you'll find out that they are somewhere in Prague, CZ and are most likely spammers.

I think that instead of driving yourself bonkers with this that you ought to dash over to --> http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/ <-- and post a thread there, shoot just copy your post from this thread and and post it there. I mean it has everything in it except for what browser and OS you are using.

Those guys are more up to date on finding malware and helping you get rid of it than I am, and they know where to tell you to look for it too.

Give that a try, it can't hurt.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#9 major14

major14
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 20 February 2008 - 01:37 PM

Thanks Wendy!

I'll copy this plea over to the right forum. And we'll go from there. Thanks for trying to work with me.

I thought I had this thing fixed last night, but after the 4th click in explorer, back to the redirect. Those bastages!

Major

#10 major14

major14
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 20 February 2008 - 04:29 PM

Still broken. Anyone have any ideas?

Anyone?

Bueller?

Bueller?

:D

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:52 PM

Posted 20 February 2008 - 06:29 PM

Hello lets do another scan and post back the log please.
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:11:52 PM

Posted 20 February 2008 - 09:19 PM

Hi major14,

Man... I've got to stop staying up past my bed time. I was just re-reading this whole thread and realized that I have left you at least two links that bring you right back to this "Am I Infected? What Do I Do?" forum along with the suggestion that you post a thread about this topic here... ummm, sorry about that.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#13 major14

major14
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 20 February 2008 - 10:17 PM

Boopme, here is the scan log you requested. Interestingly, it found a variant of CoolWebSearch, even though CWShredder didn't find it.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/20/2008 at 09:17 PM

Application Version : 3.9.1008

Core Rules Database Version : 3406
Trace Rules Database Version: 1398

Scan type : Complete Scan
Total Scan Time : 01:35:54

Memory items scanned : 458
Memory threats detected : 1
Registry items scanned : 4797
Registry threats detected : 1
File items scanned : 40090
File threats detected : 16

Spyware.Melkosoft (CoolWebSearch Variant)
C:\WINNT\INSTALLER\{91CA7553-E02C-4262-9A6F-A42628B9AF8D}\ZIP.DLL
C:\WINNT\INSTALLER\{91CA7553-E02C-4262-9A6F-A42628B9AF8D}\ZIP.DLL
C:\WINNT\INSTALLER\{5915C6DC-7C29-42CF-BF1B-D520E7390970}\ZIP.DLL
C:\WINNT\INSTALLER\{E21BB6DB-D33D-41F7-A077-9ED23245CF91}\ZIP.DLL

Adware.Tracking Cookie
C:\Documents and Settings\lynnk.LYNNK\Cookies\lynnk@ads.techguy[2].txt
C:\Documents and Settings\lynnk.LYNNK\Cookies\lynnk@3038.32277.clickshield[1].txt
C:\Documents and Settings\LynnK\Cookies\lynnk@goto.trafficmultiplier[2].txt
C:\Documents and Settings\LynnK\Cookies\lynnk@pathfinder[2].txt
C:\Documents and Settings\lynnk.LYNNK\Local Settings\Temp\Cookies\lynnk@ads.web.aol[1].txt
C:\Documents and Settings\lynnk.LYNNK\Local Settings\Temp\Cookies\lynnk@bizrate[1].txt
C:\Documents and Settings\lynnk.LYNNK\Local Settings\Temp\Cookies\lynnk@richmedia.yahoo[1].txt
C:\Documents and Settings\lynnk.LYNNK\Local Settings\Temp\Cookies\lynnk@stats.chooseyouritem[2].txt
C:\Documents and Settings\lynnk.LYNNK\Local Settings\Temp\Cookies\lynnk@Stats[2].txt
C:\Documents and Settings\lynnk.LYNNK\Local Settings\Temp\Cookies\lynnk@www.findarticles[2].txt
C:\Documents and Settings\lynnk.LYNNK\Local Settings\Temp\Cookies\lynnk@www.findrealestatenj[1].txt
C:\Documents and Settings\lynnk.LYNNK\Local Settings\Temp\Cookies\lynnk@www.mlsfinder[1].txt
C:\Documents and Settings\lynnk.LYNNK\Local Settings\Temp\Cookies\lynnk@zillow.adbureau[1].txt

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#zip [ {91ca7553-e02c-4262-9a6f-a42628b9af8d} ]


Any other surprises? The unclassified.unknown origin one is interesting to me.


Wendy, no worries. I wouldn't be in the right place without your help.

#14 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:11:52 PM

Posted 20 February 2008 - 10:47 PM

Hi major14,

Oh Lord! Your system was polluted... no wonder you couldn't get where you wanted to get to. I shall now leave you in the very capable hands of boopme so that you can get un-polluted. But before I go I'd like to ask "Did you run that scan in Safe Mode or Regular Windows?" If I read the instructions right boopme said to do it in Regular Windows... I'm off to run a scan now.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:52 PM

Posted 20 February 2008 - 11:08 PM

How is it working now,no more redirects?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users