Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine results redirect to random sites


  • Please log in to reply
10 replies to this topic

#1 sammy555666

sammy555666

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 21 February 2010 - 11:59 AM

Hello,All
When I search in IE8, or Firefox, using any search engine(bing, google, yahoo, ask), the links take me to random sites. I have Norton 360, the computer is running Windows XP -all up to date on patches.I have used Malwarebytes Anti-Malware.Nothing is found. What do I do now?

Okay, Now the machine is running painfully slow and rebooting automatically. I am writing this post from another computer..I ran GMer and it said it didn't find anything.

Attached DDS.txt, attach.txt and ark.txt as one zip file.

Merged 3 posts. ~ OB

Edited by sammy555666, 22 February 2010 - 11:45 AM.


BC AdBot (Login to Remove)

 


#2 sammy555666

sammy555666
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 22 February 2010 - 11:48 AM

I followed the instructions on this topic, and the search results are fine, and the computer seems to be okay too. Do I need to do more?

http://www.bleepingcomputer.com/forums/t/279883/google-search-engine-hijacker-atapisys-rootkit/

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,083 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:08 PM

Posted 22 February 2010 - 03:36 PM

As no logs have been posted, I am shifting this topic from the specialized Malware Removal forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Please describe the issues you are experiencing with your computer.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 sammy555666

sammy555666
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 22 February 2010 - 08:08 PM

First all search engine results were being redirected when I clicked on them. I followed the instructions and I ran defogger, DDS, and GMer. GMer didn't show anything. But when I ran GMer in the safe mode, then it showed a suspicious modification on the atapi.sys file(possible rootkit infection?). I searched and found the forum topic posted above, followed the instructions and replaced the ATAPI.sys file with one from my XP cd. Now everything seems to be working fine.

Now I just want to know if there is anything more I should be doing to avoid future infections. I had Norton 360 running, but still somehow got infected.


Thank you.

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,083 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:08 PM

Posted 23 February 2010 - 04:07 AM

Please read the following general advice. I think you should find all the information you need there. However, if you still have questions, please let me know.

Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :flowers:.
Some more links you might find of interest:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 sammy555666

sammy555666
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 23 February 2010 - 08:15 AM

Thank you so much for this information.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,083 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:08 PM

Posted 23 February 2010 - 08:16 AM

You are welcome :thumbsup:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 editor4800

editor4800

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 23 February 2010 - 09:55 AM

In a case such as this, if the pc is infected and the user goes through much removal of different files, wouldn't this effect the computer? You might delete some key registry files or important windows files? Would it be better to just repair windows xp?

If a user decides to repair windows xp using the recovery console, will it leave all the programs and documents in place? I cant imagine going through installing all the lost softwares on the pc again.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,083 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:08 PM

Posted 23 February 2010 - 10:00 AM

if the pc is infected and the user goes through much removal of different files, wouldn't this effect the computer? You might delete some key registry files or important windows files?

Usually you should not remove important windows files or registry key's. There is simply no point in this.
Therefore it is recommended you use standard scanning tools or ask help in places like this where people are trained to deal with malware, otherwise you might inadvertently delete something that should not be deleted.

If a user decides to repair windows xp using the recovery console, will it leave all the programs and documents in place? I cant imagine going through installing all the lost softwares on the pc again.

The recovery console is a command line interface that repairs nothing automatically. You can enter commands in order to copy files, delete files, stop services, start services, and so on. That way you can get a computer booting again, for example.

A repair installation is another thing. Generally speaking, you should ignore the "type R to repair windows using the Recovery Console" and continue with installation. Afterwards it will detect your Windows Installation and ask if you want to repair it.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 editor4800

editor4800

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 23 February 2010 - 02:09 PM

When would a user resort to repairing their windows installation as opposed to trying to remove a virus? Wouldnt it be better to just repair windows with the windows installation disk?

Just to make sure, if you repair it with the disk, then all the program files and your documents/folders will stay intact correct? You wont need to download all the softwares you had over again?

if the pc is infected and the user goes through much removal of different files, wouldn't this effect the computer?
A repair installation is another thing. Generally speaking, you should ignore the "type R to repair windows using the Recovery Console" and continue with installation. Afterwards it will detect your Windows Installation and ask if you want to repair it.



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,083 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:08 PM

Posted 23 February 2010 - 02:15 PM

When would a user resort to repairing their windows installation as opposed to trying to remove a virus? Wouldnt it be better to just repair windows with the windows installation disk?

editor4800, its not a good idea to do a repair installation to get rid of malware. Malware hides not only in the windows files, but in the non-system section (program files, documents and settings) as well. I only would recommend a repair installation in case the Operating System was severly compromised/unstable (but if such is caused by malware, better a complete reformat).

However, sometimes its the last option a user has. And indeed, as you say, you can just use your Windows installation disk for that. The disk gives you two repair options:
1. Repair windows using the Recovery Console. -> this is a command line interface that allows you to execute manual repairs.
2. Repair an existing Windows installation. -> this replaces all windows core components without affection personal data (Program Files, Documents and Settings).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users