Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Links being Hijacked


  • Please log in to reply
3 replies to this topic

#1 CDorsey

CDorsey

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 08 December 2008 - 08:32 PM

Hello All-

I am new to this forum and very happy to have found a place that might could help me with this problem that I am having! First of all, I'm using Windows XP.

I first realized that I had a problem when I noticed that once clicking on a Google link after doing a search I would be redirected to various other search engines or just random websites. I could actually copy and paste the link from the google results page and put it in the address box and it would be fine. But if I clicked directly on the link from the Google results page, I would be redirected. I downloaded and installed Dr. Spyware after doing some research and finding that it came highly recommended. By who...I'm not sure. Dr. Spyware did find a few malware files, but didn't solve the problem. I then downloaded Hijackthis. Obviously, I've done enough research to be dangerous. Reading the hijackthis report was no help at all considering my level of expertise on the subject (i.e. picture a monkey reading directions on how to set the clock on a VCR.) I then got even more dangerous and downloaded Malwarebytes Anti-malware. This software found and removed 3 files; a tinyproxy folder, tinyproxy.exe and fmark2.dat. After rebooting my computer and trying to log onto the internet, I would get a message saying that Windows Cannot open the internet site, or on other websites it would say "not a valid website". I was unable to view any website. So I then restored the tinyproxy folder and tinyproxy.exe. Now the internet works, but I still have the same problem with the links being hijacked when I click on them. I hope I included all the info you may need. Any help would be greatly appreciated.

Thank you,

C Dorsey

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:55 AM

Posted 09 December 2008 - 06:53 AM

Try this. Allow MBAM to remove the malware. On the Tools menu in Internet Explorer, click Internet Options, click the Connections tab, and then click LAN Settings. Remove the check next to "use a proxy server..."

Post MBAM's log for further review.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 CDorsey

CDorsey
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 09 December 2008 - 04:32 PM

Thanks for the reply. It worked, I'm up and running with no google links being hijacked. Really, I appreciate the help. I do have one question. As you can see by the below MBAM log. I have 3 files that are associated with McAfee that I chose no to delete. My question, is this the right thing to do. All the research I've done on the web says that these are valid files. Once again thanks for the help. Here is the latest MBAM Log.

Malwarebytes' Anti-Malware 1.31
Database version: 1467
Windows 5.1.2600 Service Pack 3

12/9/2008 2:55:42 PM
mbam-log-2008-12-09 (14-55-42).txt

Scan type: Quick Scan
Objects scanned: 60590
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcafee anti-spam service (msk80service) (Trojan.Proxy) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mcafee anti-spam service (msk80service) (Trojan.Proxy) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafee anti-spam service (msk80service) (Trojan.Proxy) -> Not selected for removal.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\TinyProxy (Trojan.Proxy) -> Delete on reboot.

Files Infected:
C:\Program Files\TinyProxy\tinyproxy.exe (Trojan.Proxy) -> Delete on reboot.Malwarebytes' Anti-Malware 1.31

#4 buddy215

buddy215

  • Moderator
  • 13,121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:55 AM

Posted 09 December 2008 - 04:51 PM

Yes, delete those.

Use Ccleaner to remove temporary files, logs, etc. During install you will be offered the Yahoo Toolbar. UNcheck if not wanted.
http://www.ccleaner.com/

Allow Secunia to scan your computer for programs that need security updates to prevent their being exploited.
http://secunia.com/vulnerability_scanning/online/

To be sure (as one can be with commercial programs) that no other malware is presently on your computer, do a scan using Kaspersky online scanner. http://www.kaspersky.com/virusscanner
Post back if it finds malware other than cookies.

Some of your restore points are infected and the way to remove them is by deleting ALL restore points. Here are links to BC's
tutorials for doing do that if needed.
Vista---http://www.bleepingcomputer.com/tutorials/windows-vista-system-restore-guide/
XP------http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users