Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links redirect to generic search sites(ads)


  • Please log in to reply
7 replies to this topic

#1 hivecomp

hivecomp

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 31 July 2010 - 06:17 AM

Hello, I have spent the last two day trying to rid myself of this problem. When I click a link on google, most of the time it loads a random ad-filled website that looks like a search engine searching for a keyword I used in a google search.
I have ran (both in safe mode and regular boot) AVG free, Malwarebytes, Spybot search and destroy, SUPERantispyware and possibly some other things I've forgotten about. I've always been able to solve spyware/virus issues in the past but this one is quite difficult to figure out. I've done some searches and found people with similar problems, often calling it a "Google redirect virus" but I never find any information that seems to help my infection. I have also reinstalled Firefox(newest version), uninstalled Java, deleted the cache, ran JavaRA to remove old versions, checked the Hosts file(it's fine), ran Regcure(didn't find anything relevant). Some of the antispyware/anitvirus stuff found random virus's, either in files I had before this issue(like a dll file in my playstation emulator that's been there for years) or in temp folders. I think they were mainly false positives but removed them all anyways. I am about to the point where I'm considering just doing a clean install of windows xp, as I do not want to have this machine insecure. Oh yeah, my operating system is Windows Xp home edition, I have all the updates and service packs. I would appreciate any assistance someone can offer. Thanks for reading this.

edit: If needed, I can post some specific links to the websites it's redirecting me to, just let me know.

Edited by hivecomp, 31 July 2010 - 06:18 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:27 AM

Posted 31 July 2010 - 07:56 PM

The problem is actually based in your router and that in turn is infecting all the other computers on your network 9if networked).
Here is the entire fix(from the beginning) that you will need to run on each PC.

Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hivecomp

hivecomp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 01 August 2010 - 04:27 PM

Okay, I have three computers using this router. I'm downloading/updating malwarebytes on each one right now, then I'll run them while disconnected from the router and than reset the router. I don't have the redirect issue on the other two computers though, I'll post the mbam log from the computer that is having the problem once I finish scanning. Thanks so much for the help!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:27 AM

Posted 01 August 2010 - 09:21 PM

You're welcome, please post any infected logs.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 hivecomp

hivecomp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 01 August 2010 - 11:03 PM

Okay, sorry for the delay, I only get a chance to work on this part of the day. I didn't get any infections to show up on the computer with the problem, one of the other computers on the router had this:

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b6d223f6-c185-49a2-ba7e-a03e84744702} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

But I decided to disconnect it from the router and keep it that way as I plan on reformatting it anyways.
I reset the router and reconnected it after disconnecting it and running mbam on the other computers(which showed no infections), the problem still exists.

Edit: I just bypassed my router completely to check, the problem is still here. I downloaded Noscript for Firefox and it blocks the redirects. Instead it just goes to a page that says: advanced-media.in/kv34pzMx8i4my2O93...3f9f0e000cbd08Z or something similar, with the little noscript Icon next to it. It always says advanced-media.in as the script though, despite going to different ad sites. On a sidenote, looking through this forum, it appears there are other people with the exact same issue, like this guy http://www.bleepingcomputer.com/forums/t/329695/asklots-redirect/ that asklot url is one I see in my redirects too.

Edit2: I seem to have solved the problem. Sorry for not waiting for instruction, I was reading other peoples instructions and decided to run TDSSkiller, it found an infection and cured it. I do not have the redirect issue anymore. Is there anything I should do now that I've solved it? Run anything to make sure there is nothing lingering, change passwords?

Edited by hivecomp, 01 August 2010 - 11:36 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:27 AM

Posted 02 August 2010 - 01:40 PM

I would update and run MBAM again as that would be where we went next so we should finish.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read: {credit quietman}
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 hivecomp

hivecomp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 02 August 2010 - 05:56 PM

Alright, created a new restore point and ran disk cleanup. I will look through the other information and hopefully avoid having this problem again anytime soon. I really appreciate you taking time to help me with this. As I was reading more on the forum I see warnings about following the instructions given to other people. assuming one has a similar problem, or running removal programs without assistance, guess I should of spent a little more time reading forum guidelines. I'm glad I didn't mess up my computer. Well, Cheers!

Edited by hivecomp, 02 August 2010 - 06:05 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:27 AM

Posted 02 August 2010 - 08:10 PM

You're welcome. itmay take longer to wait for help. But you know the old saying ... all good things....
Many people are on here just running this and that having no idea what they found and taking another step and many times running tools like ComboFix ,HJT or TDDS and then they have a borked PC to deal with.

Happy Computing.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users