Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flippin' Google redirects...


  • This topic is locked This topic is locked
16 replies to this topic

#1 ghunt

ghunt

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 12 October 2010 - 10:16 AM

I don't know how but I swear this seems to pop up every couple months. This morning I was doing nothing out of the ordinary, browsing a few (well known) car message boards that I frequent and checking my email and Firefox crashed.

When I opened it back up, I was getting redirected on Google when I click on links in search results.

Now, usually when this happens I can find the cause fairly easily- but this time I'm not having such an easy time.

Ran Malwarebytes, it found one thing, fixed that, no change.

Ran HijackThis, only saw one thing in there that was suspicious (something that looked like a domain redirect), fixed that, no change.

I have the HijackThis log, wasn't sure if I was supposed to put it up in my first post or not.

Edited by hamluis, 12 October 2010 - 01:42 PM.
Moved to AII from XP forum ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,553 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:51 PM

Posted 12 October 2010 - 01:42 PM

Do not post your log...unless a BC Staff Member tells you to do so.

I'm moving this post to Am I Infected.

Louis

#3 ghunt

ghunt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 15 October 2010 - 08:38 AM

So, I have a couple other things to add to this...

Still getting the google redirects. When I search, the first result works fine, all the rest redirect me.

Sometimes, a random new window will pop up and try to take me to a similar page as the redirects.

Additionally, my Win32 Generic Host Processes always crashes at some point after I restart the computer, and after it does my sound stops working and I have to restart to get the sound working again, until it crashes, again.

I've run AdAware, Spybot, and Malwarebytes and while all three have found some things, none have fixed the problem! Plus I'm not seeing ANYTHING suspicious on my HJT log.

I've got an extremely suspicious looking section in my registry called "Xsagoxodokakejup", within which are a bunch of gibberish named binary files. Could this be the source of my problem, and why are none of my spyware programs finding it?

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:51 PM

Posted 15 October 2010 - 08:42 AM

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Good luck, this is quite nasty as you have already found out.
Chewy

No. Try not. Do... or do not. There is no try.

#5 ghunt

ghunt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 15 October 2010 - 09:14 AM

Well...I tried that, and it doesn't seem to be helping.

TDSSKiller told me that C:\Windows\System32\drivers\afd.sys was the problem. I told it to "cure" and restarted the computer and ran it again.

afd.sys is still there. Additionally, I went into the drivers folder to find that file, and it says it's been on my computer since April 2008.

???

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,109 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:51 PM

Posted 15 October 2010 - 11:04 AM

Hello,

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a link to this topic, a description of your computer issues, and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#7 ghunt

ghunt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 18 October 2010 - 11:55 AM

Hmmm...Did I screw something up?

I followed the guide, downloaded DDS and GMER to my desktop.

When I ran DDS it immediately brought up a notepad file showing nothing but gibberish. The only thing I could make out was at the very top where it said "This program cannot be run in DOS mode."

I then tried to run GMER. It ran for about a minute and then my computer restarted out of nowhere. When it rebooted, Explorer wouldn't load properly (I could see my desktop wallpaper but no icons or start bar), and I had to restart and do a "last known good" boot....

???

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:51 PM

Posted 18 October 2010 - 12:19 PM

Post the top part only of your HJT log, I just want to see the OS and running processes

There maybe an easy fix to getting DDS to run or another comprable scanner
Chewy

No. Try not. Do... or do not. There is no try.

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,109 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:51 PM

Posted 18 October 2010 - 01:25 PM

Hello,

Actually, don't bother about doing that. I suspect something well hidden is responsible for what's happening. As I stated in my previous post, if you cannot produce any of the logs, then still post the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,068 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:51 PM

Posted 19 October 2010 - 09:18 PM

ghunt I closed the other topic you created in this forum. Your instructions were to create a new topic in the in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.


If you cannot get DDS to work, please try this instead.

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Read the disclaimer and click Continue.
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Another text file named info.txt will open minimized.
  • Save the log files to your desktop and copy/paste the contents of log.txt by highlighting everthing and pressing Ctrl+C.
  • After highlighting, right-click, choose Copy and then paste the contents into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.
  • Copies of both log files are automatically saved in the C:\RSIT folder which the tool creates during the scan.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS or GMER to run. If RSIT did not work, then go ahead and post the HijackThis log you already created and noted in your first reply (Post #1).

Reply back here when you have done that.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 ghunt

ghunt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 20 October 2010 - 10:35 AM

It keeps telling me the connection was reset when I try to post a new topic over in that forum...uggghhh

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,068 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:51 PM

Posted 20 October 2010 - 11:15 AM

Post your log in your next reply here and we can split (move) it to that forum for you.

We normally do not allow those logs in this forum but since you are having issues we will do what we can to help you.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 ghunt

ghunt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 21 October 2010 - 08:40 AM

Hmmm...when I try to post my log, that's when it doesn't seem to work. Maybe it's too long or something, I don't know.

I tried to edit this reply and add it here and that won't work either.

Edited by ghunt, 21 October 2010 - 08:41 AM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,068 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:51 PM

Posted 21 October 2010 - 09:07 AM

Yes the logs can be long but in most cases users are able to post them. RSIT creates two logs (log.txt and info.txt). Did you try to post both of them. If so, try only posting log.txt.

Another thing you can do is copy your log to a usb stick, transfer it to another computer and try from there. In fact, if you do that you may be able to start a new topic in the proper forum and post your log without having to put it here for the staff to move.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 ghunt

ghunt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 21 October 2010 - 11:03 AM

I guess I'll try it from my home computer later tonight.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users