Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Re-direction from Google


  • Please log in to reply
7 replies to this topic

#1 Soothplaya

Soothplaya

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 26 June 2011 - 11:50 PM

Hi there,

I am being redirected from Google to a host of different websites that all seem to be related to recent search topics of mine but not at all related to the current websites I'm trying to navigate to. I'm currently running an ESET Online scan but I don't know what to from here considering the results. Any help would be thoroughly appreciated. Cheers!

Soothplaya

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:02 AM

Posted 27 June 2011 - 11:24 AM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 NataliaS

NataliaS

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 27 June 2011 - 12:18 PM

Hi,
I am dealing with the same problem for a few days now - being redirected from Google to a host of different websites. I ran an updated Malwarebytes Anti-Malware scan several times but no results - shows 0 infections. Per your reply to the previous post I ran SecurityCheck.exe and got the following:

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 24
Java™ SE Runtime Environment 6
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 9.0.115.0
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


Please HELP…Thank you so much in advance!

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:02 AM

Posted 27 June 2011 - 12:20 PM

Natalia
You need to start your own topic.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Soothplaya

Soothplaya
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 27 June 2011 - 05:04 PM

Hi Broni,

And thanks. Here's the report:

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG Free 9.0
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 22
Adobe Flash Player 10.0.45.2
Adobe Reader 9.4.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:02 AM

Posted 27 June 2011 - 05:43 PM

...and Malwarebytes...

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Soothplaya

Soothplaya
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 27 June 2011 - 06:53 PM

Dang, sorry I missed that bit. Here it is:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6964

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28/06/2011 11:47:36 a.m.
mbam-log-2011-06-28 (11-47-36).txt

Scan type: Quick scan
Objects scanned: 165095
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
c:\Windows\Temp\Ikw.exe (Trojan.Downloader) -> 2124 -> Unloaded process successfully.
c:\Windows\Temp\Ikx.exe (Trojan.Downloader) -> 692 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\W1WIWQ1NPG (Trojan.Downloader) -> Value: W1WIWQ1NPG -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ASH24SXZ9S (Trojan.Downloader) -> Value: ASH24SXZ9S -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4ECYTQ9SIC (Trojan.Downloader) -> Value: 4ECYTQ9SIC -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\Ikw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\Ikx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Playtech\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:02 AM

Posted 27 June 2011 - 07:03 PM

Which browser is getting redirected?

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=====================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users