Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects via www.cs102175.com


  • Please log in to reply
5 replies to this topic

#1 Peter H

Peter H

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 02 May 2009 - 05:47 AM

Dear All

I know there are thousands of folk who get infected with similar things but despite searching the Net (not with Google!) I've not found much help regarding my Google redirect malware I seem to have acquired.

My google searches are being hijacked via www.cs102175.com and then to various other sites. I don't get popups though. I've tried a whole range of things to fix it - including booting from a CD (Ultimate boot CD) and running (with updates) the various anti-malware progs on it, as well as downloading others. These include Malwarebytes, SuperAntispyware, PC Tools spyware doctor, Spybot and Panda online scan. I've run these whilst either being in safe mode or when booted from the CD. I've also trawled through loads of forums etc.

I've spent five days on this so far and am at my wits end, but still have the redirects going on from Google, although not from Yahoo it seems.

I'm running Win XP MC and Firefox.

I can post HJT logs if it helps (to the correct section of the forum of course)

Please help.

Thanks in advance.

Peter

BC AdBot (Login to Remove)

 


#2 Pie Paradox

Pie Paradox

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 02 May 2009 - 08:30 AM

I am having these same problems, and I also have Malwarebytes, Spybot, Avira Antivirus, and SuperAntiSpyware.
Just posting here because my own question had not been answered...

#3 Peter H

Peter H
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 02 May 2009 - 08:45 AM

Hi Pie

Good to know it's not just me then!

I'm sure there's a file somewhere that has been modified by the malware that tells firefox to redirect Google searches, but i don't know what's doing it.

I've tried uninstalling Firefox and reinstalling it from a fresh download but the problem is still there, so whatever is wrong is not getting corrected by doing that. I therefore assume it's a service/process/file that is running that accesses another file or something and intercepts Firefox's normal link following function.

Hopefully someone here can come up with a solution.

Cheers

Peter

#4 Peter H

Peter H
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 02 May 2009 - 09:42 AM

I THINK I'VE FOUND IT

I noticed that although when I searched for 'Malware' in google and clicked a link such as the Malwarebytes one it went somewhere else via the www.cs102175.com site, I also found that if I searched for 'News' and clicked the BBC news link it took me to www.approvedchoices.com . So I searched using yahoo for that and found another forum where someone had a similar problem and the solution turned out to be to delete a particular file.

The file is called overlay.xul and it's in C:/program files/mozilla firefox/extensions under a subfolder with lots of characters as its name. Do a search in the extensions folder and find overlay.xul file.

I shut down firefox, deleted that file, ran Malwarebytes to make sure there was nothing else on the system, made sure Windows firewall was on and restarted Firefox.

So far Google searches are back to normal!!

I'll let you know if there are any other problems.

Am very pleased!!

P

#5 Pie Paradox

Pie Paradox

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 02 May 2009 - 07:16 PM

Haha thanks, I think it solved my problem as well!
Thanks for the help Peter! Guess it's technically not a virus after all!

Edit: Nope I still have problems. Oh well...

Edited by Pie Paradox, 02 May 2009 - 07:19 PM.


#6 Peter H

Peter H
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 03 May 2009 - 01:17 AM

Hi

Well mine seems completely fine now. The searches I was doing before that got redirected are all now going to the right places.

Have you tried searching for all instances of files called overlay.xul? There may be others.

The above fix will only affect Firefox - I have no idea about similar problems with IE.

I hope you get it sorted out anyway.

Pete




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users