Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting google redirects? CHECK YOUR ROUTER!!


  • Please log in to reply
21 replies to this topic

#1 jdbaker82

jdbaker82

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 08 June 2010 - 09:22 PM

So I remove malware and viruses for a living and ran into something today I have never seen before.... After removing a rogue virus from a customers computer that was locking it down I noticed anytime I did a google search and click on a link it would redirect me to some random site and the customer had a laptop and a desktop both were doing the exact same thing... I searched both PCs for an hour or two beating my head against the wall looking for infected host files, services, rootkits etc..... Both computers were coming up clean and then I stumbled into their Netgears router page and noticed the DNS server has been set to a manual address instead of automatic DNS for the ISP turns out this is exactly what was causing the redirects and infecting their machines with the rogue virus I was amazed to find that someone figured out how to write a script etc to modify the routers settings (I would recommend everyone set a password to access your router as this may prevent the code/bot from being able to run its routine on your router) I can remember exactly what the redirects were called but I think it was redirect5.google or something similar anyway just a heads up!

BC AdBot (Login to Remove)

 


#2 mityman50

mityman50

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 08 June 2010 - 09:25 PM

Wow... this is the exact problem I'm having. I would change it now, but I'm already getting help from someone and don't want to change anything without his permission.

This is really lucky, I just signed in randomly (for no real reason) and saw this. I'll definitely keep this in mind.

This could help a lot of people, because, for some reason, this problem seems to be very prevalent lately.

Thanks a ton!!

#3 jdbaker82

jdbaker82
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 08 June 2010 - 09:29 PM

Wow... this is the exact problem I'm having. I would change it now, but I'm already getting help from someone and don't want to change anything without his permission.

This is really lucky, I just signed in randomly (for no real reason) and saw this. I'll definitely keep this in mind.

This could help a lot of people, because, for some reason, this problem seems to be very prevalent lately.

Thanks a ton!!


The problem is simply a setting in your router, login to your routers config page with 192.168.1.1 or 192.168.2.1 etc... If you are not sure start/run/CMD type ipconfig and look for default gateway whatever that # is type it into a browser window and the password for your router if in its default should be

username= admin
password = password , blank, or admin

Look for the DNS setting and make sure its set to get DNS automatically.

#4 mityman50

mityman50

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 08 June 2010 - 09:35 PM

Wow... this is the exact problem I'm having. I would change it now, but I'm already getting help from someone and don't want to change anything without his permission.

This is really lucky, I just signed in randomly (for no real reason) and saw this. I'll definitely keep this in mind.

This could help a lot of people, because, for some reason, this problem seems to be very prevalent lately.

Thanks a ton!!


The problem is simply a setting in your router, login to your routers config page with 192.168.1.1 or 192.168.2.1 etc... If you are not sure start/run/CMD type ipconfig and look for default gateway whatever that # is type it into a browser window and the password for your router if in its default should be

username= admin
password = password , blank, or admin

Look for the DNS setting and make sure its set to get DNS automatically.

Well I really hate to do something without my helper's permission, but I found the setting and, yup, it was changed from automatic. It's such a simple fix, I had to do it. And yup, it worked. So far, so good. I'm sure the virus is still here, lurking, but this stopped the redirects.

How long until the setting changes back, I wonder?

#5 jdbaker82

jdbaker82
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 08 June 2010 - 09:38 PM

Wow... this is the exact problem I'm having. I would change it now, but I'm already getting help from someone and don't want to change anything without his permission.

This is really lucky, I just signed in randomly (for no real reason) and saw this. I'll definitely keep this in mind.

This could help a lot of people, because, for some reason, this problem seems to be very prevalent lately.

Thanks a ton!!


The problem is simply a setting in your router, login to your routers config page with 192.168.1.1 or 192.168.2.1 etc... If you are not sure start/run/CMD type ipconfig and look for default gateway whatever that # is type it into a browser window and the password for your router if in its default should be

username= admin
password = password , blank, or admin

Look for the DNS setting and make sure its set to get DNS automatically.

Well I really hate to do something without my helper's permission, but I found the setting and, yup, it was changed from automatic. It's such a simple fix, I had to do it. And yup, it worked. So far, so good. I'm sure the virus is still here, lurking, but this stopped the redirects.

How long until the setting changes back, I wonder?


That's a good question as I do not even know if anyone knows what type of virus/trojan is making these changes to people routers yet I think this thing is very new I was just lucky enough to stumble across it and find this today. Whatever it is I can assure you it wont be detected by any anti virus program yet as I went through both machines with every piece of software I have on my flash drive (which is a lot) you should be ok now.

#6 mityman50

mityman50

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 08 June 2010 - 09:49 PM

That's a good question as I do not even know if anyone knows what type of virus/trojan is making these changes to people routers yet I think this thing is very new I was just lucky enough to stumble across it and find this today. Whatever it is I can assure you it wont be detected by any anti virus program yet as I went through both machines with every piece of software I have on my flash drive (which is a lot) you should be ok now.

Yeah this is definitely a nasty thing. It already gave me another virus or maleware or something (I don't really understand all of it, I just know it sucks) which I managed to take care of pretty easily.

Hopefully this keeps it fixed long enough for me to completely get rid of it.

Thanks a ton, man. This makes my browsing so much easier and safer.

#7 jdbaker82

jdbaker82
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 08 June 2010 - 10:05 PM

I think we should get some sort of sticky on this... this appears like its going to catch fire I see tons of people having this issue looks like it just popped up sometime this week.

#8 ratner

ratner

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 08 June 2010 - 10:42 PM

Hello All,

I was having this same Google re-direct issue and seemed to have solved it using TDSSkiller. Everything seemed to be fine since last night, until I got a AV Secuirty Suite pop-up today.

I am not sure if these two issues are related, however, I would like to know if the issue with Google re-direct is caused by the resetting of the DNS server to a manual address on a wireless router, should it or does it have the potential to affect all computers connecting through the wireless network? I woudl apprecaiet it if you could please let me know. Thank you very much.

Sincerely,
Ratner

#9 compignoramus

compignoramus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 08 June 2010 - 10:45 PM

thanks for the msg jdbaker!!

I'm currently looking at my router config page but am not sure if I'm looking at the right settings that you're specifying. Under the 'setup' tab there's a 'DDNS' tab and on there, there's a drop down box for "DDNS service" with the folloing choices: Disable (which is what it was on), DynDNS.org, or TZO.com

I don't see anything about DNS being automatic or not...

#10 ratner

ratner

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 08 June 2010 - 11:00 PM

I just checked the Broadband DNS settings on my wireles router and it shows "Obtain DNS information automatically" as checked, and "Manually configure your DNS information" remains unchecked with no entires for Primary nor Secondary Server address, and Domain Name.

Perhaps this instance of the Google redirect issue was not being caused by a change in the router DNS information... or is it?

Thanks,
Ratner

Edited by ratner, 08 June 2010 - 11:44 PM.


#11 jdbaker82

jdbaker82
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 08 June 2010 - 11:03 PM

I just checked the Broadband DNS settings on my wireles router and it shows "Obtain DNS information automatically" as checked, and "Manually configure your DNS information" remains unchecked with no entires for Primary nor Secondary Server address, and Domain Name.

Perhaps this instance of the Google redirect issue was not being caused by a change in the router DNS information... or is it?

Thanks,
Passant


Sounds like a different issue so far I believe this is for redirects that begin with redirect5.google in the address bar.

#12 ratner

ratner

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 08 June 2010 - 11:12 PM

Thanks again for the advise, JDBaker. I will make sure I look for this if such an issue comes up again - with the luck I've been having with these isues in the last couple of days, I'm sure it wil :thumbsup:(

Now, I have to go an figure out how to battle the AV Security Suite issue that just popped up on my laptop earlier this evening.

Thanks,
Ratner

Edited by ratner, 08 June 2010 - 11:44 PM.


#13 Demand209

Demand209

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 09 June 2010 - 12:11 AM

So how would I fix the google redirects?

#14 mityman50

mityman50

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 03 July 2010 - 01:13 PM

I'm going to bump this because it worked for me, and it seems like it could be a fix, if not for everyone, than at least for a few. I think a mod should look at this, it should be tested with a few other people, and then become part of the standard procedure for fixing redirects.

The redirect problem seems to be the most popular problem on this part of the forum, so I wouldn't be surprised if this does manage to help a few people.

#15 jdbaker82

jdbaker82
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 05 July 2010 - 09:18 PM

Bump for Knowledge




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users