Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

***Hijacked Google Results***


  • Please log in to reply
3 replies to this topic

#1 221b

221b

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 09 January 2011 - 01:05 AM

So after having a corporate XP laptop with a bad infection of the Google hijack browser and not being able to fix it (see my previous posts), I am once again experiencing the issue on a brand new laptop.

Here's what's happening:

-I bought a brand new laptop (Lenovo x201, Win7) and installed both Avast and Malware bytes. I've barely used it and it's less than a month old.
-Connected to a friend's network tonight, I googled "AT Kearney" from Chrome and the first link, one to their corporate site, redirected me to a .PL location which Malwarebytes blocked.
-That was the only search that redirected me, and I have had no problems since. However, I tried google the same site from IE8 and also had the issue.
-***ODD BIT*** I asked my friend to try the same thing, googling "AT Kearney" from Chrome (she's running Vista) and clicking the first result and she also had the issue!

So, since we were on the same network, I checked her Cisco/Linksys router settings for anything odd. Nothing.

A Malwarebytes scan of both laptops is clean.

THOUGHTS?!?

It's highly unlikely that AT Kearney's site has been hijacked...

Edited by Orange Blossom, 09 January 2011 - 05:57 PM.
Move to AII for initial assistance. ~ OB


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:19 AM

Posted 17 January 2011 - 03:52 PM

Hello.

Let's see what we're dealing with here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Blade


In your next reply, please include the following:
TDSSKiller Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 221b

221b
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 17 January 2011 - 03:57 PM

Their site was attacked and hijacked - nothing local to be solved. Thank you, though!

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:19 AM

Posted 17 January 2011 - 05:30 PM

Glad everything is working! Surf safe!

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users