Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How I finally dealt with search engine redirects


  • Please log in to reply
No replies to this topic

#1 abdoozy

abdoozy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 21 December 2011 - 08:35 PM

After battling the dreaded get-answers-fast redirect for a couple of months, having worked through every piece of antimalware/AV/fixme software known to modern man, and being briefly satisfied only to discover the problem recurring within a few days, I took a different approach to the issue.

Please note: Your Mileage May Vary, and these are *not* recommended steps -- the folks here who provide virus removal support do an amazing job, and I don't want to get in their way at all. This is just how *I* dealt with the issue. Call it a suggested last resort. (I'm an IT professional by trade and am used to eating my own mistakes.)

One mistake I made a while back was assuming UAC was just a nuisance and that someone with my "level of expertise" didn't need a nanny, and shutting it off. I can't say for sure that if I'd had UAC enabled I wouldn't have become infected, but this whole debacle has annoyed me enough to overcome my having to click "Allow" on occasion. (I probably shouldn't do most of my work under a user account with admin rights, either, but...)

The first thing I noticed about the particular flavor of this redirect on my system was that it only affected Firefox and Chrome. Never had any redirects from Google searches launched on IE9. That suggested an issue with those browsers and *not* a native DNS issue, nor something related to my router. Also, I could never seem to get ComboFix to not think my installed AV/AM software (Prevx3.0) was deactivated, and I'm convinced I wasn't getting a "full run" on that program as a result.

The other thing I noticed was that *none* of the AV programs were finding anything amiss. MBAM, StopZilla, ESET, AVG, etc... all came back saying "Nothing wrong here!"

Eventually I put get-answers-fast.com as a blocked site in my OpenDNS account setup, so all I'd get from the redirect was an OpenDNS blocked site error. And if I returned to the search page after a redirect, and clicked the same link again, I'd go to the site I expected. Thus, this redirect was an annoyance, not catastrophic.

But I hate annoyances.

So, here's what I did that seemed to work. Again: NOT recommending doing this in lieu of getting help here!

0. Backed up my system boot partition (I use ShadowProtect).
1. Uninstalled Chrome
2. Uninstalled Firefox
3. Uninstalled Prevx3.0
4. Turned off MSE and rebooted
5. Created a system restore point
6. Ran CCleaner on registry and system
7. Turned off all extra services and programs in System Config and rebooted
8. Ran ComboFix, which found several items, including a .dll in the SysWow64 folder, that it hadn't found when it was run previously. (Noticed that after ComboFix ran, links on the desktop didn't work. Did not panic.)
9. Rebooted. Desktop links working again. Phew.
10. Turned MSE back on, re-enabled UAC and rebooted.
11. Downloaded Firefox 9 and installed
12. Downloaded Chrome and installed
13. Ran MBAM, results came back clean
13. Reinstalled Prevx3.0, ran initial scan, no issues noted.
14. Turned services and startup programs back on in System Config and rebooted one more time.
15. Tested multiple Google and Yahoo searches on both Firefox and Chrome. No redirects!
16. Ran CCleaner again for good measure.

It's now been five days since I had a SE link redirected. Longest clean streak since I first noticed the infection back in October. I'm tempting fate by posting this, but I wanted to share, just to let people know that it's neither a permanent disease nor a death sentence.


Also want to point out that ComboFix is a program you do *not* want to just download and run if you don't know what it does, or what you're doing. GET EXPERT HELP on this forum.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users