Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results get redirected when clicked on


  • Please log in to reply
6 replies to this topic

#1 JCTulsa

JCTulsa

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 14 February 2009 - 08:05 AM

Hello all. New member here needing some expert advice.
When I search using Google and click on a topic instead of going to the topic my browser gets redirect to an ad site. I'm running Windows XP and Firefox 2.0.0.20.

Thanks in advance for your help,

Jerry

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:37 AM

Posted 14 February 2009 - 09:47 AM

:thumbsup:

What security programs do you have installed?

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".



Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Edited by DaChew, 14 February 2009 - 09:48 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 NB123

NB123

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 14 February 2009 - 02:57 PM

I have the same problem and have performed all the steps above with no success, I still have redirect issue. This is only happening when using firefox and google, if I use google chrome the search redirects do not happen, or if I use IE8 and google it does not happen....

Sure looks like a Firefox issue. I have uninstalled Firefox and deleted all user info and the install directory plus cleaned my registry with tuneup utilities. Rebooted and reinstalled Firefox and the same thing happens, redirects of Google search results. Another thing that is curious is the the first result after a query works correctly, then when you hit the back button and select a second result then the redirect happens to a random site like yahoo jobs or yellow pages, totally unrelated to the search results.


~~~~~As a follow-up~~~~~~

Malwarebytes' Anti-Malware 1.34
Database version: 1762
Windows 5.1.2600 Service Pack 3

2/14/2009 7:37:15 PM
mbam-log-2009-02-14 (19-37-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 437932
Time elapsed: 1 hour(s), 56 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


~~~~~~~~Even more additional info~~~~~~~~~~~

I fixed it, here is how.....

First, export/backup your Firefox favorites.

Start Firefox in the safe mode and select the replace all settings when offered.

This will wipe out all favorites and personal settings you have made to firefox and return it to default settings.

See http://support.mozilla.com/en-US/kb/safe+mode

Then you will have to setup your FF to the previous look and feel and import your bookmarks.

Worked for me!

Much faster than the 3 days I have been searching for answers on this :thumbsup:

Edited by NB123, 15 February 2009 - 02:17 PM.


#4 JCTulsa

JCTulsa
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 14 February 2009 - 06:08 PM

Chewy,
I'm running the firewall in Windows XP, AVG 8.0.237, Spyware Doctor, Spybot Search & Destroy 1.6.0.30 and Systems Settings Protector 1.6.3.25, Super AntiSpyware 4.25.1012, Ad Aware, Trojan Killer, CWShredder and I think that's about it.

I'll run the programs you suggested and post again after that.

Thanks,

Jerry

#5 JCTulsa

JCTulsa
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 14 February 2009 - 06:37 PM

I completed the steps you outlined above. Tried a Google search and it hijacked again.

Here is the MBAM log:

Norman Malware Cleaner
Copyright 1990 - 2008, Norman ASA. Built 2009/02/04 03:28:39

Norman Scanner Engine Version: 6.00.02
Nvcbin.def Version: 6.00.00, Date: 2009/02/04 03:28:39, Variants: 2708006

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: BASE\Jerry Carroll


Scan started: 14/02/2009 06:15:06


Scanning running processes and process memory...

Number of processes/threads found: 2725
Number of processes/threads scanned: 2725
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 1m 11s


Scanning file system...

Scanning: C:\*.*

C:\!!!!!!!!!!!!!!!!!NEW FILES\SmitfraudFix\VACFix.exe (Infected with W32/Smalldrp.APNN)
Deleted file


Running post-scan cleanup routine:

Number of files found: 34546
Number of archives unpacked: 344
Number of files scanned: 34482
Number of files not scanned: 64
Number of files skipped due to exclude list: 0
Number of infected files found: 1
Number of infected files repaired/deleted: 1
Number of infections removed: 1
Total scanning time: 17m 55s

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:37 AM

Posted 14 February 2009 - 06:51 PM

Where did the norman scan come from?
Chewy

No. Try not. Do... or do not. There is no try.

#7 JCTulsa

JCTulsa
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 14 February 2009 - 06:58 PM

My fault. I selected the wrong log file.


Malwarebytes' Anti-Malware 1.34
Database version: 1762
Windows 5.1.2600 Service Pack 3

2/14/2009 5:27:18 PM
mbam-log-2009-02-14 (17-27-18).txt

Scan type: Quick Scan
Objects scanned: 81837
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users.WINDOWS\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\wpv541234083759.cpx (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msauc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv271234083698.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users