Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Once again Google Redirect prob

  • This topic is locked This topic is locked
2 replies to this topic

#1 advapr


  • Members
  • 2 posts
  • Local time:04:53 AM

Posted 05 February 2010 - 07:29 PM


I am having the classic prob of Google redirection. It happens in IE7 and also in Mozilla Firefox (FF) 3.6. In FF it only happens when I do a google search, get the results, and then open some results in other tabs (use open in a new tab option). It goes to all kinds of sites.

If I simply click on a Google result in FF then I get the correct page. So it is only when I choose to open in a new tab. Of crs I want to be able to do this!

Other search engines do not give me this problem.

I have run Combofix and I have tried to replace the files declared in the log as having 'rootkit hooks' such as classpnp.sys, atapi.sys, acpi.sys by expnading from the winXP SP3 CD RENAMING THE SYS FILES IN WINDOWS/SYSTEMS32/DRIVERS and copying the files from the CD in that location. I am not sure if this has worked, most likely I do not know what i am doing. Iastor.sys coudl not be replaced as it was in use.

I ran ComboFix again now, and I attach the log. It seems the same hooks are present so prolly i an barking at the wrong tree.

I have used Combofix before albeit in a careless manner and had to reinstall Win and all the apps. So I am very weary and wanetd to do a fix 'by hand' instead.

Many thanks

EDIT I uploaded a new combofix log using the latest combofix (the log is very similar tho). I also attach a Hijack This 2.0.2 log

Attached Files

Edited by advapr, 06 February 2010 - 07:29 PM.
Moved from Windows XP Home and Pro, as there is a CF log included ~Pandy

BC AdBot (Login to Remove)


#2 advapr

  • Topic Starter

  • Members
  • 2 posts
  • Local time:04:53 AM

Posted 07 February 2010 - 05:57 PM

Apparently i cannot edit my own message !!

Anyway i foudn the solution by myself - just lucky i guess

I ran TDSSKiller and it found and removed a rootkit


As I suspected the infection was in IAStor.sys. As I had replaced the others that Combofix found buyt could not replace iastor.sys for 'being in use'

Anyway clean now

Hope this helps someone.

Thank you

PS Can you change the title to SOLVED pls?

#3 Elise


    Bleepin' Blonde

  • Malware Study Hall Admin
  • 61,313 posts
  • Gender:Female
  • Location:Romania
  • Local time:09:53 PM

Posted 13 February 2010 - 03:38 AM

Since the issue seems to be resolved, this topic is now closed.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users