Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirection


  • This topic is locked This topic is locked
61 replies to this topic

#1 pauliewaffle

pauliewaffle

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newcastle, Australia
  • Local time:05:54 AM

Posted 21 September 2010 - 03:49 AM

Hello there,

I have a problem when browsing the internet on Google. I search for something, and click on the link. There is about a 90% chance of the link, redirecting me to another website, usually some small search engine, Bing, or even back to the Google homepage. The only way to get around this fault is by pasting the link into the search bar, which sometimes still doesnt work, or by clicking the link until, eventually, the website i want appears.

I have tried every thing, including Spybot, Malwarebytes' Anti-Malware ect. but to no avail.

Hopefully my problem can be resolved, thanks in advance. thumbup2.gif

Edited by pauliewaffle, 21 September 2010 - 04:50 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:54 PM

Posted 21 September 2010 - 08:05 AM

Hi, since no logs were posted, I am moving this to the Am I Infected forum.

Please see if this guide helps.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 troublesh00ter

troublesh00ter

  • Members
  • 561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Deep South
  • Local time:02:54 PM

Posted 21 September 2010 - 08:25 AM

It sounds like malware to me!
Often, malware will hijack your browser settings and send you to places you don't want to go (what your'e experiencing) or they can completely block you from going anywhere!

The internet is a resource for help & support material and most malware coders don't want you to have access to those resources. You're computer may be receiving the signal just fine but the browser is what has been screwed up.

I would suggest trying to rename (yes, rename it) your browser. Just call it WEB.

Let me know what happens.
for3ver,
goose90proof

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:54 PM

Posted 21 September 2010 - 08:46 AM

Hi goose90proof, while you are not incorrect, renaming the browser will not make any difference. Today's malware is more advanced than that.

Pauliewaffle, please follow the guide I linked you to in my previous post.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 pauliewaffle

pauliewaffle
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newcastle, Australia
  • Local time:05:54 AM

Posted 21 September 2010 - 04:21 PM

Hi Elise

I forgot to add that I've also ran tdsskiller a number of times aswell, the results show 198 items scanned, but nothing found.
I'll give you a better explanation to what is happening.

I type in for eg. 'Half Life' into Google.
I then choose a link and click on it eg. 'half-life2.com/'
The page goes blank with this website, 'http://www.goingonearth.com/search.php?q=half%2Blife&n=1285103060' for about 0.5 to 1 seconds
Then, in this instance, this redirected me to another website called booktopia, having already done a random search on the website, showing results for 'V. Naipaul' if I had typed it into their website

This is the after math of a an even bigger virus that i had, but its gone now, only leaving this redirection virus behing, which nothing can pick up

Edited by pauliewaffle, 21 September 2010 - 04:22 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:54 PM

Posted 22 September 2010 - 02:35 AM

Please click Start > Control Panel > Internet Options. On the Connections tab, click the Advanced button and make sure "use a proxy server..." is UNchecked.

If you connect through a router, you may want to reset it.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 pauliewaffle

pauliewaffle
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newcastle, Australia
  • Local time:05:54 AM

Posted 22 September 2010 - 03:24 AM

There is no 'Advanced' button under the connections tab, but i do have an advanced tab, if thats what you mean??

I run Windows XP sp3

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:54 PM

Posted 22 September 2010 - 03:33 AM

Sorry, my bad, its the LAN settings button on the Connections tab. ohmy.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 pauliewaffle

pauliewaffle
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newcastle, Australia
  • Local time:05:54 AM

Posted 22 September 2010 - 04:07 PM

Thats ok laugh.gif , I found the checkbox you were talking about, but it appears if it is already unchecked?

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:54 PM

Posted 23 September 2010 - 01:43 AM

Please navigate to the following file and post its contents here (you can open it by doubleclicking, in Notepad).

c:\windows\system32\drivers\etc\hosts <-- the file should look like this, no extension, just hosts.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 pauliewaffle

pauliewaffle
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newcastle, Australia
  • Local time:05:54 AM

Posted 23 September 2010 - 06:35 AM

Hosts file contents:

127.0.0.1 localhost



Thats all?? I remember it being longer than that a while back, probably because of what Spybot S&D put into it, but having tried all sorts of things to resolve this problem, it could've resulted in this.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:54 PM

Posted 23 September 2010 - 06:46 AM

What browser is redirecting you?

How are you connecting to the internet?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 pauliewaffle

pauliewaffle
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newcastle, Australia
  • Local time:05:54 AM

Posted 23 September 2010 - 07:14 AM

I'm using firefox
Google is my home page

I'm connected straight to an ADSL+2 modem

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:54 PM

Posted 23 September 2010 - 07:18 AM

Can you please verify if internet is redirecting you also?

If not please run the following:

Please read and follow all these instructions very carefully.
  1. Please download GooredFix and save it to your Desktop.
  2. Double-click GooredFix.exe to run it.
  3. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 pauliewaffle

pauliewaffle
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newcastle, Australia
  • Local time:05:54 AM

Posted 23 September 2010 - 07:23 AM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:22 on 23/09/2010 (Paul)
Firefox version 3.6.10 (en-GB)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [07:33 31/08/2010]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [07:01 29/12/2009]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [11:43 05/09/2010]

C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\s3od9pef.default\extensions\
toolbar@ask.com [12:01 12/04/2010]
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} [13:11 25/08/2010]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [08:33 23/08/2010]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [08:21 09/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker" [11:10 19/03/2010]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:25 15/05/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [11:42 05/09/2010]

-=E.O.F=-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users