Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search issues.


  • Please log in to reply
16 replies to this topic

#1 yhahao

yhahao

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 17 June 2011 - 11:53 PM

Hi, I'm having a problem with my Google searches. When I click on a link from my search results, I just get a blank white page. One time, I got a re-direct to some strange website, but normally it just won't load the page. My computer runs on Windows XP, and I use Firefox. Any help would be great, Thanks

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 18 June 2011 - 08:02 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click on the setup file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: The issues you describe could be related to compatibility problems with web sites that are not yet Internet Explorer 8-ready or with Internet Explorer Add-ons.
The No Add-ons mode allows IE8 to temporarily run without any add-ons (toolbars, ActiveX controls) and is useful for troubleshooting incompatible browser add-ons or extensions, browser freezing and other issues as described in MS Article ID: 969938 - Internet Explorer 8/9 take longer than expected to start.

Press the WINKEY + R keys on the keyboard or click Posted Image > Run..., then copy and paste this command into the Open dialog box: iexplore –extoff
Click OK or press Enter to open IE without add-ons.

Alternatively, you can go to Start > All Programs > Accessories > System Tools and click on Internet Explorer (no Add-ons).

If using Firefox, please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 yhahao

yhahao
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 18 June 2011 - 01:15 PM

Hi, it seems the scan found nothing, but the problem remains...Thanks

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6888

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2011 2:10:37 PM
mbam-log-2011-06-18 (14-10-36).txt

Scan type: Quick scan
Objects scanned: 156067
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 18 June 2011 - 01:48 PM

Did you look into the other troubleshooting suggestions?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 yhahao

yhahao
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 18 June 2011 - 02:00 PM

Yes, I restarted Firefox in safe mode with all the plug-ins and extensions disabled and the same thing happens.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 18 June 2011 - 02:48 PM

What happens with the No Add-ons mode in IE8?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 yhahao

yhahao
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 18 June 2011 - 10:09 PM

Sorry, I didn't check that one...I never use IE. Both normally and with the Add-Ons off, it says "HTTP 500 Internal Server Error" when I click on Google search results...other pages open normally.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 18 June 2011 - 11:07 PM

The issue does not appear to be related to malware.

500 Internal Server Error Resolution
The page cannot be displayed. HTTP 500 - Internal server error

You also may want to Reset Internet Explorer or use Microsoft's Fix it to automatically reset registry keys and the browser back to the way it was when initially installed. If you check the Delete personal settings checkbox in Advanced settings, it will reset the home page(s), search providers and Accelerators to their default values. It will also delete temporary Internet files, history, cookies, web form information (passwords) and InPrivate Filtering data.

If using FireFox, please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 yhahao

yhahao
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 18 June 2011 - 11:23 PM

Hm, i'm being redirected now. Not sure if I should post the link? http ://area.popularer.com/search.pg?q=Buy+from+pharmcy+tramadol&subaff=6265-63F3EB9B&z=toronto+on....this has nothing to do with the search I made. I'm also getting this message..I've never got this before.



To continue, please type the characters below:
--------------------------------------------------------------------------------
About this page

Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. Why did this happen?


This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service. The block will expire shortly after those requests stop. In the meantime, solving the above CAPTCHA will let you continue to use our services.

This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests. If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible. Learn more

Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very quickly.
IP address: 184.107.64.188
Time: 2011-06-19T04:18:05Z
URL: http://74.125.67.105/search?hl=en&source=hp&biw=&bih=&q=honda+accord&aq=f&aqi=&aql=&oq=&gs_rfai=

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 19 June 2011 - 07:35 AM

184.107.64.188 resolves to iWeb Technologies Inc. 20, place du Commerce in Montreal QC. Do you recognize iWeb?

We can try some more checks for malware.

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extensio, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.


Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and make sure that the option Remove found threats is NOT checked.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 yhahao

yhahao
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 19 June 2011 - 04:33 PM

The TDSSKiller found nothing. Here are the results for the ESET Scan.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WLYF4LER\upgrade[1].cab a variant of Win32/Adware.OneStep.Z application
C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\31\52961cdf-3be7e971 probably a variant of Java/TrojanDownloader.OpenStream.NAS trojan
C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\31\743fee9f-53e06906 multiple threats
C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\34\187b0ca2-152fa82c a variant of Java/Exploit.CVE-2009-2843.B trojan
C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\35\3c935363-4d86e776 multiple threats
C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\38\5f23bb26-3b4c97ac multiple threats
C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\41\1763d7e9-2c5e4de0 probably a variant of Win32/Agent.CDGQEWH trojan
C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\43\752509ab-3dd778b5 a variant of Java/Exploit.CVE-2009-2843.B trojan
C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\45\64d634ad-66f5ce45 Java/Exploit.CVE-2010-3562.A trojan
C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\52\6b23e0b4-3b4a3c68 a variant of Java/TrojanDownloader.OpenStream.NAS trojan
C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\56\412339b8-7dd9e44c Java/Exploit.CVE-2009-2843.B trojan
C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\63\4052083f-6bdbdc61 probably a variant of Win32/Agent.ZVRMM trojan

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 20 June 2011 - 06:22 AM

Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe) to select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • At the 'Setup page', click Next, check the box 'I accept the license agreement' and click Next twice more to extract the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan and one for Manual disinfection.
  • Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2010.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 yhahao

yhahao
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 20 June 2011 - 03:12 PM

Autoscan: completed 28 minutes ago (events: 12, objects: 163956, time: 00:59:58)
6/20/2011 3:36:31 PM Task completed
6/20/2011 2:52:18 PM Detected: Exploit.Java.CVE-2010-0094.y C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\52\6b23e0b4-3b4a3c68/cjkyxlbrfrwaxbyc.class
6/20/2011 2:52:17 PM Detected: Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\38\5f23bb26-3b4c97ac/bpac/KAVS.class
6/20/2011 2:52:17 PM Detected: Exploit.Java.Agent.bu C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\43\752509ab-3dd778b5/vmain.class
6/20/2011 2:52:17 PM Detected: Trojan-Downloader.Java.Agent.hx C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\38\5f23bb26-3b4c97ac/bpac/a.class
6/20/2011 2:52:17 PM Detected: Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\35\3c935363-4d86e776/bpac/KAVS.class
6/20/2011 2:52:16 PM Detected: Trojan.Java.Agent.am C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\35\3c935363-4d86e776/bpac/b.class
6/20/2011 2:52:16 PM Detected: Exploit.Java.Agent.bu C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\31\743fee9f-53e06906/vmain.class
6/20/2011 2:40:30 PM Detected: Exploit.Java.Agent.bu C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\31\743fee9f-53e06906/________vload.class
6/20/2011 2:40:30 PM Detected: Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\35\3c935363-4d86e776/bpac/a.class
6/20/2011 2:40:30 PM Detected: Exploit.Java.Agent.bu C:\Documents and Settings\Tristan\Application Data\Sun\Java\Deployment\cache\6.0\34\187b0ca2-152fa82c/vmain.class
6/20/2011 2:36:32 PM Task started

#14 yhahao

yhahao
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 22 June 2011 - 12:48 PM

I thought the problem had gone away, but it seems to be getting worse. Im getting strange pop-ups for some anti-virus software and the original Google problem is back...thx

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 22 June 2011 - 01:23 PM

Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself or infect critical system files which cannot be cleaned. Sometimes there is an undetected hidden piece of malware such as a rootkit which protects malicious files and registry keys so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS log for further investigation.

Please read the "Preparation Guide".
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.
When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, please reply back here with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users