Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting


  • This topic is locked This topic is locked
25 replies to this topic

#1 Takara

Takara

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 20 June 2010 - 07:00 PM

Google is redirecting to various ads. Tried Malware Antibytes and it found like 8 files. Removed and it came back. Tried it in safe mode and it did the same thing. So what's next here? Thanks. ._.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 20 June 2010 - 07:02 PM

Try this:

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Takara

Takara
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 20 June 2010 - 07:38 PM

That doesn't seem to have worked.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 20 June 2010 - 07:47 PM

Please download HostsXpert 4.3
  • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Restore MS Hosts File".
  • Click OK at the confirmation box.
  • Click "Make ReadOnly?".
  • Click the X to exit the program.
-- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Also, can you please post your Malwarebytes log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Takara

Takara
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 20 June 2010 - 07:59 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4219

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/20/2010 8:57:44 PM
mbam-log-2010-06-20 (20-57-44).txt

Scan type: Quick scan
Objects scanned: 124462
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.58,93.188.161.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.58,93.188.161.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{655c8d86-3aa7-41cf-8877-dea9f20334d5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.58,93.188.161.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{655c8d86-3aa7-41cf-8877-dea9f20334d5}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.58,93.188.161.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d781cad8-7010-450c-a3e3-ee3f47f3c423}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.58,93.188.161.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d781cad8-7010-450c-a3e3-ee3f47f3c423}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.58,93.188.161.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d7d29b5f-7b61-464a-999d-7c610cd8efb2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.58,93.188.161.188 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d7d29b5f-7b61-464a-999d-7c610cd8efb2}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.58,93.188.161.188 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 20 June 2010 - 08:18 PM

Still getting redirected?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Takara

Takara
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 20 June 2010 - 08:32 PM

Yes, but now the redirects just time out.

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 20 June 2010 - 08:36 PM

Do you use a router? If so try resetting it and see if that helps.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 Takara

Takara
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 20 June 2010 - 08:36 PM

The router isn't in my control.

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 20 June 2010 - 08:39 PM

Try resetting your Internet Explorer settings:

http://support.microsoft.com/kb/923737
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 Takara

Takara
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 20 June 2010 - 08:43 PM

xD I'll help out a little here. I'm using Windows 7 Ultimate and have IE turned off. AND "Note: This fix does not work in Windows 7. Instead, you can use the Internet Explorer troubleshooters to achieve this automatically."

Edited by Takara, 20 June 2010 - 08:43 PM.


#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 20 June 2010 - 08:48 PM

Which browser do you use?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 Takara

Takara
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 20 June 2010 - 08:51 PM

Firefox of course. :D

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 20 June 2010 - 08:53 PM

Try this:

http://forums.majorgeeks.com/showthread.php?t=182559
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 Takara

Takara
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 20 June 2010 - 09:05 PM

I keep getting: Oops! Firefox could not find forums.majorgeeks.com

*EDIT* Worked around it using the cached pages on Google. Downloading the program.

Annnnd not sure what's going on. Malwarebytes.­org and majorgeeks.com refuse to load. Just keeps saying Oops! Firefox could not find "site". Most major antivirus sites load fine from Google. The redirects SEEM to be gone.

Edited by Takara, 20 June 2010 - 09:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users