Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Searchbar (FF/IE) redirect to seek.mk


  • Please log in to reply
8 replies to this topic

#1 jtrundle

jtrundle

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 27 January 2011 - 12:09 PM

Hello friends!

I've suspected something was wrong with my google searchbar in Firefox for a while, but now I definitely know. When performing a search in searchbar (google provider only) results are shown from "Seek.mk". For example, a search for "Bleeping Computer" creates this URL:
http://www.google.com/cse?cx=partner-pub-3540673482024757%3Ac8hkjv-9xef&q=bleeping+computer&ie=utf-8&oe=utf-8&aq=t

I've done a scan on my computer with Windows Security Essentials, Avasti, and Malwarebytes and all turned up negative. I've also ran the Kaspersky TDSSKiller.exe app but it did not identify any issues.

Have I found a new strain of the dreaded google redirect virus? Note, if I go to www.google.com and use the search on the home page, the results are fine. But both in FF and IE the toolbars are bogus.

Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:42 PM

Posted 28 January 2011 - 01:51 PM

Hello,are you using XP or another system?

Please read and follow all these instructions.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jtrundle

jtrundle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 01 February 2011 - 11:22 PM

Thank you. Here is my "GooredScan" log:





GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:20 on 01/02/2011 (Owner)
Firefox version 3.6.13 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:30 27/09/2009]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [13:59 07/10/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [13:21 03/06/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [01:38 15/07/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [13:54 01/11/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [02:24 19/01/2011]

C:\Users\Owner\Application Data\Mozilla\Firefox\Profiles\hso6w6me.default\extensions\
ietab@ip.cn [14:58 24/11/2010]
LogMeInClient@logmein.com [13:34 21/12/2010]
{00bb6956-3a0a-449c-b0c6-a0b7f60dd84b} [17:27 27/01/2011]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [18:23 24/12/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [20:32 28/05/2010]

-=E.O.F=-

#4 jtrundle

jtrundle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 01 February 2011 - 11:25 PM

I'm using Windows 7, 32-bit

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:42 PM

Posted 01 February 2011 - 11:43 PM

We are going to need a DDDS log to fix this.
Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 dandan14

dandan14

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 02 February 2011 - 08:29 AM

Assuming this is the same thing I had last week, you likely have installed a program (for me it was EPS Viewer) that has changed your google.xml file in Firefox (and the similar action in IE) to redirect searches through seek.mk.

In IE, click Tools - Internet Options - Search Settings. Delete "Google Search." You should have another one that just says "Google" which is the real one.

In FF, navigate to your c:\program files\Mozilla Firefox\searchplugins directory. Find the Google.xml file and open it in an editor. You'll see the google search terms with "cse=" attached to the end. Delete cse= and everything after it.

Source: http://www.google.com/support/forum/p/Webmasters/thread?tid=46911e57783675b4&hl=en

#7 jtrundle

jtrundle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 02 February 2011 - 10:49 AM

THANK YOU guys!! A million times over! dandan14 was spot on. Months ago I needed to view an EPS file for a website design, and I hastily downloaded and installed EPSViewer. Ever since, my google search bar was acting strangely. All my Spyware/AnitVirus software reported nothing. I was just about to give up and do a time costly rebuild of my laptop.

I hope others who might have this problem will find this thread helpful.

Cheers.

#8 ScrewSeek.Mk

ScrewSeek.Mk

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 06 February 2011 - 01:40 AM

Help me get this off!!!??

i tried malware bytes ( didnt find anything ) and did goorfix


GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:36 on 05/02/2011 (Alp)
Firefox version 3.6.13 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:24 06/02/2011]

C:\Users\Alp\Application Data\Mozilla\Firefox\Profiles\b2n457kc.default\extensions\
foxyproxy@eric.h.jung [05:23 06/02/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [08:03 02/02/2011]

---------- Old Logs ----------
GooredFix[06.09.39_06-02-2011].txt

-=E.O.F=-

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:42 PM

Posted 07 February 2011 - 10:19 AM

Please see post # 5
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users