Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet Another Google Redirect?


  • Please log in to reply
No replies to this topic

#1 otto_cia

otto_cia

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 26 May 2011 - 12:38 AM

Impacted machine: WinXP
Impacted browsers: IE8.0, FF4, Chrome

Tonight I foolishly checked out "famous movie bikinis" on yahoo.com. FF hiccuped a bit, which I recognized as a problem but looking forward to bikinis, I didn't kill it. After that incident, I noticed the following behavior on all 3 browsers:
> type search phrase in the search box (the add-in or helper box in the upper right corner)
> search returned legitimate results page
> click on any result, redirected to some quasi-404 search result...you know, the pages that look like portals, except they are very vague and have the feel of a 404.

The first interesting thing is that this happened with Google and Bing search tools, but not with the yahoo search tool. The yahoo tool worked fine (even selecting from the 1st results page). By contrast, searching from the "title bar" of the yahoo.com home page did not work (legit results redirected). I noticed that the results page returned by the yahoo search tool had a banner "search protected by AVG" while the yahoo.com homepage search results didn't.

Next, the browser behavior:
Open FF, two processes start: firefox.exe and plugin-container.exe. If I use Task Manager to kill plugin-container.exe, FF still runs, but the redirect problem remains.
Open IE, two processes start: both called iexplorer.exe. If I use Task Manager to kill the larger/more CPU-intensive one, IE instantly "restarts" and gives a message "had to restart IE and reload this page". Killing the smaller/less CPU-intensive one kills IE completely.

Playing with FF, I noted some of the redirection after clicking on the search results page went to
64.111.211.154
64.111.211.161
registered to isprime.com in NJ. Don't know if that's relevant.

Checked hosts file, clean.
Checked DNS entries in cable modem, OK.

Then as I was explaining to my wife what the problem was, Task Manager suddenly popped up 3 new processes (the machine had been largely idle for the last few minutes):
0.13816013570317687.exe
mmc218.exe (2 instances of this)

at which point I hard-booted the machine (power switch off, then back on).
Now the bad news...boot sector apparently hosed, can't boot from HDD.

So I don't know if there's even anything to help...but maybe these are useful clues. Looking at the posts it would seem that search hijacks are all the rage today.

Edited by hamluis, 27 May 2011 - 02:42 PM.
Moved from MRL to Am I Infected, no logs.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users