Google redirects via www.cs102175.com

Dear All

I know there are thousands of folk who get infected with similar things but despite searching the Net (not with Google!) I've not found much help regarding my Google redirect malware I seem to have acquired.

My google searches are being hijacked via www.cs102175.com and then to various other sites. I don't get popups though. I've tried a whole range of things to fix it - including booting from a CD (Ultimate boot CD) and running (with updates) the various anti-malware progs on it, as well as downloading others. These include Malwarebytes, SuperAntispyware, PC Tools spyware doctor, Spybot and Panda online scan. I've run these whilst either being in safe mode or when booted from the CD. I've also trawled through loads of forums etc.

I've spent five days on this so far and am at my wits end, but still have the redirects going on from Google, although not from Yahoo it seems.

I'm running Win XP MC and Firefox.

I can post HJT logs if it helps (to the correct section of the forum of course)

Please help.

Thanks in advance.

Peter

I am having these same problems, and I also have Malwarebytes, Spybot, Avira Antivirus, and SuperAntiSpyware.
Just posting here because my own question had not been answered...

Hi Pie

Good to know it's not just me then!

I'm sure there's a file somewhere that has been modified by the malware that tells firefox to redirect Google searches, but i don't know what's doing it.

I've tried uninstalling Firefox and reinstalling it from a fresh download but the problem is still there, so whatever is wrong is not getting corrected by doing that. I therefore assume it's a service/process/file that is running that accesses another file or something and intercepts Firefox's normal link following function.

Hopefully someone here can come up with a solution.

Cheers

Peter

I THINK I'VE FOUND IT

I noticed that although when I searched for 'Malware' in google and clicked a link such as the Malwarebytes one it went somewhere else via the www.cs102175.com site, I also found that if I searched for 'News' and clicked the BBC news link it took me to www.approvedchoices.com . So I searched using yahoo for that and found another forum where someone had a similar problem and the solution turned out to be to delete a particular file.

The file is called overlay.xul and it's in C:/program files/mozilla firefox/extensions under a subfolder with lots of characters as its name. Do a search in the extensions folder and find overlay.xul file.

I shut down firefox, deleted that file, ran Malwarebytes to make sure there was nothing else on the system, made sure Windows firewall was on and restarted Firefox.

So far Google searches are back to normal!!

I'll let you know if there are any other problems.

Am very pleased!!

P

Haha thanks, I think it solved my problem as well!
Thanks for the help Peter! Guess it's technically not a virus after all!

Edit: Nope I still have problems. Oh well...

Edited by Pie Paradox, 02 May 2009 - 07:19 PM.

Hi

Well mine seems completely fine now. The searches I was doing before that got redirected are all now going to the right places.

Have you tried searching for all instances of files called overlay.xul? There may be others.

The above fix will only affect Firefox - I have no idea about similar problems with IE.

I hope you get it sorted out anyway.

Pete