Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • Please log in to reply
5 replies to this topic

#1 Rosencrantz

Rosencrantz

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 25 March 2011 - 10:56 AM

Hi!

For the last couple of weeks or so I've been experiencing random Google redirects. It doesn't occur every time I click on a link from a google search though, only sometimes. The page I get redirected to sometimes loosely have to do with what I'm searching for, probably by picking up on a single keyword. If I press back on the browser and re-click the link, it'll send me to the correct page.

I've already run Spybot Search & Destroy and Malware Bytes but both logs come up clean.

After this started happening, my AOL account was sending out spam mail to people in my address book (I've since changed the password). I'm not sure if it's related or a separate case.

Any help would be much appreciated. Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:01 PM

Posted 25 March 2011 - 01:56 PM

Hello,you will need to change your Email passwords after running this.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Rosencrantz

Rosencrantz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 25 March 2011 - 04:40 PM

Thank you for the response!

Both logs came up clean. I have not experienced any redirects today, but as recent as yesterday it was still happening. I haven't performed any System Restores or scans within the last couple of days though.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:01 PM

Posted 25 March 2011 - 07:12 PM

Don't forget to change your passwords.
If the redirects comeback it may be the router is hijacked by trojan DNS-hijacker.

Please read this: Malware Silently Alters Wireless Router Settings


First if there are other machines on this router they need to install and update MBAM,DO NOT run yet. You now need to disconnect from the internet. Then scan each PC then reset the router.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don?t know the router's default password, you can look it up HERE.
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

Edited by boopme, 25 March 2011 - 07:15 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Rosencrantz

Rosencrantz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 26 March 2011 - 08:19 AM

Thank you. Before I do that, I actually have more information.

The redirect's happened twice since then during different search results. It takes me to "intl.ask.com" with a search for whatever I typed into Google. Is this a specific, known redirect?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:01 PM

Posted 26 March 2011 - 10:52 AM

DNS hijacking or DNS redirection is the practice of redirecting the resolution of Domain Name System (DNS) names to other DNS servers. This is done for malicious purposes such as phishing; for self-serving purposes by Internet service providers (ISPs) to direct users' HTTP traffic via the ISP's own webservers where advertisements are served, statistics can be collected, or other purposes of the ISP; and by DNS service providers to block access to sites which the user wishes to block because they are malicious or of an unwanted[who?] nature.~~WIKI
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users