Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect (again)


  • Please log in to reply
14 replies to this topic

#1 sirEgghead

sirEgghead

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 26 January 2011 - 03:54 PM

I've got another machine (XP) that I'm working on that has the same issue I mentioned in a different thread. When following a Google link, I get redirected to some random spam. If i click the link again, it usually works correctly. So far I've cleaned up all kinds of stuff with Malwarebytes Anti-Spyware, Spybot Search&Destroy, and Super AntiSpyware. Internet Explorer was also broken and I installed a copy of IE8 and it seems to work fine now, other than the redirect issue.

Thanks,
sirEgghead

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 26 January 2011 - 04:33 PM

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 sirEgghead

sirEgghead
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 27 January 2011 - 12:07 PM

TDSSKiller removed one TDSS item and Malwarebytes removed several. The problem still remains, however.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 27 January 2011 - 04:29 PM

Do you have a router?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 sirEgghead

sirEgghead
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 27 January 2011 - 04:35 PM

Yes. This is at work. We're working on these PCs for customers. These 2 PCs that I've posted about are new cases of redirect that I'm unable to solve. I double checked on other PCs here in the office, and these 2 are the only 2 doing it. It's definitely local to the PCs.

Edited by sirEgghead, 27 January 2011 - 04:37 PM.


#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 27 January 2011 - 04:37 PM

Some of these newer viruses change the DNS settings on your router. You might want to check if that is the case.

Also you might want to check the HOSTS files.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 sirEgghead

sirEgghead
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 27 January 2011 - 04:41 PM

Checked HOSTS file as well. All clear.

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 27 January 2011 - 04:55 PM

How about the router?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 sirEgghead

sirEgghead
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 27 January 2011 - 04:57 PM

Sorry, I edited the post as I forgot to mention it right off the bat. The rest of the computers here do not have a redirect issue. That eliminates the router. Also, this redirect issue is only local to Internet Exploder and FireFox. No redirects occur while using Chrome.

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 27 January 2011 - 05:14 PM

Maybe you want to check the default search engine in the registry.

http://www.online-tech-tips.com/internet-explorer-tips/change-default-search-engine-ie/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 sirEgghead

sirEgghead
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 27 January 2011 - 05:40 PM

I've already left work and am at home now. I will have a look at it tomorrow for sure.

I do remember removing a registry entry for a proxy pointing to 127.0.0.1. Can't remember the port number. But either way that's been removed and the issue remains.

Also, would the default search engine make a difference if we're not using it? I only get redirected when following a link from Google (haven't tried other search engines). I also get a popup ad when clicking to download anything (files listed here at BleepingComputer.com). It just doesn't seem to fit the criteria of default search engine. No offense, just thought I'd ask. :lol:

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 27 January 2011 - 06:00 PM

No offence taken. Actually I was clutching at straws a bit anyway. I think this needs a more in-depth look:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 sirEgghead

sirEgghead
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 27 January 2011 - 06:19 PM

No problem. I'll start up the new thread tomorrow. Right up next to the other thread that I put up 2 days ago for the 2nd machine with the same problem. Lol. Thanks!

#14 sirEgghead

sirEgghead
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 28 January 2011 - 03:41 PM

You were right about the routers. I did not realize that the employee PCs were getting different DNS information. I had another PC come in and do the same thing. It just didn't seem right. So I set a static DNS server for one of the customer PCs and forced a refresh on the google search results, and it all works fine. I'm having someone change the DHCP server now and disable PNP on the router.

Sorry for the confusion. I just started with this employer this week. Still trying to learn everything about their network.

Thanks for the help!

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 28 January 2011 - 03:59 PM

:thumbup2:
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users