Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • Please log in to reply
7 replies to this topic

#1 Alldelete

Alldelete

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 02 March 2009 - 12:53 PM

Here's the situation. Occasionally when I search on Google I'm redirected to a completely different site: toseeka, findstuff, beautyschoolsdirectory.com, and mountainminiatures. At first I thought that it was just Google but I searched around found that this might be malware.

I also found that zfsearch appears in my progress par when I searching on Google and on Yahoo. This also seems to be malware.

I've run a Trend Micro Internet Security scan and an Ad-Aware scan. Both found Trojans which I deleted but the problem hasn't gone away.

Any solutions?

I'm running Firefox on Windows XP SP2

Edit: It just happened again. But before I was redirected to another site this appeared: http://googleads.gdoubleclick.net/pagead/i...com%2Findex.php
Any significance?

Edited by Alldelete, 02 March 2009 - 01:19 PM.


BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:09 PM

Posted 02 March 2009 - 01:39 PM

Hi :thumbsup:

Give this a go.

Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 Alldelete

Alldelete
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 02 March 2009 - 03:34 PM

Thank You!

It seems to have worked.

GooredFix v1.91 by jpshortstuff
Log created at 15:31 on 02/03/2009 running Option #2 (Kev)
Firefox version 2.0.0.20 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{E69AC482-A3A8-4F94-AB37-76CEF95CE30C}"="C:\Documents and Settings\Kev\Local Settings\Application Data\{E69AC482-A3A8-4F94-AB37-76CEF95CE30C}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Kev\Local Settings\Application Data\{E69AC482-A3A8-4F94-AB37-76CEF95CE30C}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.20\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.20\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

Edited by Alldelete, 02 March 2009 - 03:37 PM.


#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:09 PM

Posted 02 March 2009 - 03:36 PM

Glad to hear it helped :thumbsup:

Any other problems?

Edited by jpshortstuff, 02 March 2009 - 03:43 PM.

Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 Alldelete

Alldelete
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 02 March 2009 - 05:55 PM

Nope. Everything seems fine.

#6 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:09 PM

Posted 03 March 2009 - 04:16 AM

Glad to hear it :thumbsup:
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#7 Kshitij Parajuli

Kshitij Parajuli

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 10 March 2009 - 05:19 PM

@jpshortstuff

Thank You Very Much! That Indeed was some kind of adware!

#8 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:09 PM

Posted 11 March 2009 - 06:09 AM

No worries, glad I could help :thumbsup:
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users