Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searching through Firefox takes me to the wrong site


  • Please log in to reply
8 replies to this topic

#1 txlauren

txlauren

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 18 July 2011 - 10:25 AM

First time poster, so sorry if I don't follow all the protocols. I hope to provide all the information:

Approximately three weeks ago, my google search capability on Firefox became erratic - taking me to ad sites (primarily) but sometimes citysearch or yellow pages, and rarely it worked. (I also had my yahoo hacked into around the same time - after changing my password it has not happened again.)

I installed McAfee and it detected 47 problem files which it cleaned, but the problem with google persisted.
I then ran Malwarebytes and it didn't find any problem programs either.
So, I uninstalled Firefox and reinstalled it, and I still have the problem.
As much of my work is based on google searches, any help would be appreciated. I can work around the problem by clicking on the cached button in the search, but would love a fix since it's obvious there is some malware.

I have a Toshiba laptop with Windows Vista Home Edition, running Office 2007 and Firefox 3.6.
Let me know what if any additional information you need - your help is greatly appreciated!

Thanks

BC AdBot (Login to Remove)

 


#2 Allan

Allan

  • BC Advisor
  • 8,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:26 PM

Posted 18 July 2011 - 10:29 AM

I suggest you replace McAfee with ANY OTHER av. McAfee products are the worst.

I've asked a mod to move this to the appropriate forum. Pleae wait for a malware specialist to respond.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 18 July 2011 - 10:36 AM

Hello, I moved you from Vista to the Am I Infected forum.

lets do a few things and see if you stop redirecting, yoou may check after each step.



Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.



Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.




Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 txlauren

txlauren
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 18 July 2011 - 11:38 AM

Thank you for the help, unfortunately, it didn't work.
I reset the HOSTS file.

Here is the log from the GooredFix:
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:32 13/07/2011]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [22:46 05/04/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [18:25 05/10/2010]

C:\Users\Mommy\Application Data\Mozilla\Firefox\Profiles\h669mqmq.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [22:23 05/08/2010]
{3112ca9c-de6d-4884-a869-9855de68056c} [20:21 07/12/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:51 17/02/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [14:12 05/07/2011]

-=E.O.F=-

It did not find any infected files in TDSSKiller.txt
No infected files in MBAM either.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7192

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

7/18/2011 11:35:30 AM
mbam-log-2011-07-18 (11-35-30).txt

Scan type: Quick scan
Objects scanned: 166690
Time elapsed: 11 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And yes, the problem still exists! Any other ideas?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 18 July 2011 - 12:01 PM

Are you on a router and are other machines on it also? If so do they redirect?

lets ee if it stops after we reset to a date prior to all this trouble. Windows Vista System Restore Guide
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 txlauren

txlauren
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 19 July 2011 - 10:55 AM

I did a system restore back to June and the computer didn't recognize my Mozilla, so I had to reinstall. Now it seems to be running great and with no problems on the google redirect :)

Thank you for your help!

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 19 July 2011 - 12:16 PM

You may need to go to Windows update also and see if any were backed off.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 txlauren

txlauren
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 19 July 2011 - 12:32 PM

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Security Scan
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 20
Java™ 6 Update 6
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader 8.3.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:26 PM

Posted 19 July 2011 - 12:48 PM

OK,lets update.. NOTE some items will ask to install a toolbar. We don't recommend that. so be sure the box in front of these line s is UN checked

Free! Google Toolbar search Google from any web page, block pop-ups
Yes, install Google Toolbar - optional


Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.




Install Adobe Reader X (10.1.0)
the same way in Control Panel remove the old,install the new and reboot,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users