Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Google searches are being redirected

  • This topic is locked This topic is locked
3 replies to this topic

#1 i2i2


  • Members
  • 17 posts
  • Local time:02:26 PM

Posted 06 November 2011 - 09:15 PM


I seem to have infected my PC with some kind of malware, causing a bunch of symptoms. The main result that I can detect is that search engine results are being redirected to those irritating ad portal sites.

Here are the symptoms I'm aware of. I've noted which ones are gone or changed after running security software.

  • Firefox crashed/was killed off while I was loading a bunch of pages in a window. I don't know what page caused the issue, and Firefox had no record of the window when I restarted it. Immediately after Firefox crashed, the other symptoms began. Since that crash, Firefox has not closed unexpectedly.
  • Fake security software was auto-starting, and re-starting if I killed it off. I don't recall the name. Fixed by Symantec AV 2006 (see below).
  • Windows Task Manager and other utilities getting killed off immediately after launch. No longer happening after fixing the previous symptom.
  • Entire filesystem changed to have "hidden" and/or "system" attributes. I fixed this manually, so I'm sure loads of files now have the wrong attributes.
  • When logging in, the error message "The ordinal 1109 could not be located in the dynamic link library WSOCK32.dll" would pop up twice, with Symantec Anti-Virus in the title bar. This is not occurring now, but Symantec AV doesn't seem to be working properly anymore. Specifically, the system tray icon doesn't show up.
  • Google search result links redirect to various advertising sites. This is still happening. I'm not sure about other search engines.
  • Long hangs (10-15 seconds) when I download a file and Microsoft Security Essentials checks it for viruses. This is not just Firefox hanging, all of Windows is unresponsive. Not sure if this is "normal," since I was not previously running Microsoft Security Essentials.

My PC is running Windows XP Pro 2002, with SP3.

To be clear about what I've tried, here are the tools that I have run so far:

Symantec AntiVirus found and removed the executable that was running the fake security software I mentioned earlier. That file was "C:\Documents and Settings\All Users\Application Data\qoteqpeceyt.exe".

Microsoft Security Essentials, which found and removed "Trojan:win32/FakeSysdef", contained in the file "C:\WINDOWS\Temp\P5tM1QBI6DSS92.exe.tmp".

Malwarebytes Anti-Malware, which found and removed exactly the same file that Microsoft Security Essentials found, about an hour after I ran Microsoft Security Essentials.

DDS.scr, a utility that the Malwarebytes forum recommends running as a first step in diagnosing malware issues. This utility states that it should run relatively quickly (10-20 minutes), but it did not complete or produce the log file that it is supposed to create. I ran DDS.scr overnight, and in the morning the PC had become unresponsive. I could move the mouse, but nothing responded to clicks. The keyboard seemed to be "running" (caps-lock and num-lock could be toggled), but Windows didn't respond to any keyboard shortcuts.

GMER.exe, another diagnostic (maybe also repair?) utility. I don't recall how far this one got, but it also did not complete after running for several hours.

I think that's all I've got so far. Please ask for more info, I'm happy to run scans or give more details.

- Victor

BC AdBot (Login to Remove)


#2 Broni


    The Coolest BC Computer

  • BC Advisor
  • 42,754 posts
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:26 PM

Posted 06 November 2011 - 09:24 PM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE


#3 i2i2

  • Topic Starter

  • Members
  • 17 posts
  • Local time:02:26 PM

Posted 06 November 2011 - 10:12 PM

Thanks, Broni! I'll get started on that later this evening.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,046 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:26 PM

Posted 07 November 2011 - 05:29 AM


Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic426697.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users