Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects


  • Please log in to reply
2 replies to this topic

#1 ChrisAnd

ChrisAnd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:UK
  • Local time:09:41 AM

Posted 15 December 2009 - 04:46 PM

Hope this is the right place for my problem. Until today, I always regarded my PC as pretty secure!!!

I am using XP Home SP3 with all the latest updates; I use AVG 9 which runs a complete scan every day using the latest updates; I am using Zone Alarm 8; I am wired to a router which, I think, has is own firewall; I periodically run CCleaner, SpyBot S&D and Ad-Aware; I think Windows Defender runs in the background too.

A bit of background that may, or may not, be relevant here: my PC tends to be on 24/7 so I have not tended to reboot that often but, since AVG updated to Version 9, when I have rebooted the hard disk light stays on for about 40 - 50 minutes after I boot up. Very little CPU gets used during this time but everything becomes very, very slow. This may be coincidence and this may be a completely different problem but I thought I ought to mention it anyway.

But the real problem started today. When I use Google with Internet Explorer 8, the list of results appear as normal, but when I click on one the the results I do not get taken to the proper site. One of a number of things happens:
1. IE8 just takes forever and nothing happens; or
2. IE8 takes ages, and then takes me to something totally unconnected with the result listed; or
3. I get a message that looks like it is from my anti-virus (but may not be) saying "Accessed file infected. Filename: on-line software-scaner.net secure1/?". A long id number follows then "Threat name: Exploit Rogue spyware scanner (type 504)". [I can confirm that "scaner" (sic) is how it is spelt first time].

If I use Google in FireFox, it seems to work OK; similarly, if I use Yahoo search under IE8, that seems to be OK too - thought both are much slower than I would expect.

I have run a complete scan with AVG and, apart from the usual tracking cookies, it came up with nothing. Spybot S&D also found some tracking cookies, but nothing else. Ad-Aware seems to be "disabled" at the moment and won't run. I ran SuperAntiSpyWare which found and removed Trojan.Agent/GenNullo (Short) from one of the C:\SYSTEM VOLUME INFORMATION \_RESTORE files. And Malwarebytes AntiMalware found several references to Rogue.ErrorSmart, Trojan Dropper and Rootkit MBR - all of which it quarantined and deleted.

Any guidance on what to do next would be most welcome. Thanks.


BC AdBot (Login to Remove)

 


#2 usualsuspect123

usualsuspect123

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 15 December 2009 - 07:27 PM

Hi, I've no solution, but my situation is very similar. using vista with all the updates, defender, symantec, never had a problem, but I've got this rogue exploit scanner 504 hijacking my google search page. All the scans say I'm clean, but there's a bug in it. It's worrying.

#3 ChrisAnd

ChrisAnd
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:UK
  • Local time:09:41 AM

Posted 27 January 2010 - 07:32 PM

This is not a bump nor is it a criticism - I know you guys are volunteers and have lives outside these forums; I can also see that you have been inundated with people needing your help.

That said, after not hearing from anyone for over six weeks, I hope you will understand why, under the circumstances, I decided to go to one of your "competitors" for help instead.

Keep up the good work.

Regards

Chris. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users