Browser Search Results re-direct links

Status
Not open for further replies.
R

rwgreen1173

Posts: 9   +0
Winows XP SP2
I think I have a bad one here...
I search in Internet Explorer 6 or 7 and get a list of results.
Then I hover over the links and I see go.google something... but when I click on the link it get re-directed to something like

So I am booting with only the absolute essential processes..
Also I started findind and deleting some malaware in my windows/system32 directory..
and my local files and application data directories.. but nothing is fixing the browser problem..

Additionally, when I type in a browser some useful sites are blocked all together. And sites to download some virus fighting software are blocked too. Finally some virus software can't even launch.. For instance Malwarebytes will not run... SpyBot will not run. ... SuperAntispy will not install...

The only way I could even install Malware was to rename the setup file..
So all I have is HiJackThis log..

I did run CCCLeaner...
I had to rename hijack this to find some files...
I tried deleting those file with killbox...


Can anyone help me?
 
You should run MalwareBytes, SuperAntiSpyware, Windows Defender, Avira Antivirus or Avast, and your other security in both regular mode and SAFE MODE... or use a good paid program such as Spy Sweeper or Spyware Doctor, and Kaspersky. Run full scans.
Some bad infestations can be removed, but immediately hide in memory, and become reinstalled when you reboot. This is why it can be helpful to scan, then immediately shutdown, and cold boot to SAFE MODE, then scan everything again, removing or quarantine anything found. Then immediately scan them again. Then run Windows disk install in "repair" mode.
I do not see the infestation.
I see that you are running a Dell with Adaware, Spybot, Online Armor, Spyware Doctor, Super AntiSpyware, MalwareBytes, CCleaner, and Killbox.
I would remove Spybot. It does nothing useful and TeaTimer causes many new problems.
Then tell us what errors, or what infestations are being found.
It may be that you simply need to do a clean install with your Dell restore disks.
 
I can't run MalwareBytes, SuperAntiSpyware or SpySweeper in normal or safe mode. I ran Avira.
It keep hiding my folder options settings, so I have been adding the registery key manually. Also keep getting boot problems..
have uninstalled spybot... Should I allow windows to to startup normally with all the process I have blocked?
Also many websites are blocked...
 
The problem does not seem to be one of infestations, but they way you use security.
Any chance you can do a new install and start over. It would be perhaps the simplest way to get things back to normal.
Most users do just fine with normal windows, nothing blocked, then something like you have: Adaware, Windows Defender, MalwareBytes, SuperAntiSpyware, Avira Antiviurs, and CCleaner. or any other set such as SpySweeper Plus Kaspersky.
We have three shops with hundreds of active users. Are you going someplace online too dangerouse for these simple approaches?
I would not block Windows anything. You end up with everything out of kelter, and then images, animations, and normal processes get blocked.
Have you really been damaged by some previous event or invasion?
 
Also, I would not use PC Tools in addition to the above... just one or the other. The PC Tools Firewall may be part of your problem.
 
I installed all this stuff to try and get rid of the initial problem. I have uninstalled SPyBot and ran AntiVir in both normal and safe mode.. It found a few virus and I quantined and re-ran...and it found it again.. and then I deleted it...
(TR/Crypt.XPACK.Gen)
Attached is my hj file.
 
Wow! So you have these three infestations:
"TR/Crypt.XPACK.Gen Trojan
CFaprok.exe.exe
TR/Agentbypass.2885687K Trojan"

Try this. It usually works:

Too bad. Avira Antivirus will usually remove that set of three that you have:

TR/Crypt.XPACK.Gen Trojan
CFaprok.exe.exe
TR/Agentbypass.2885687K Trojan


Try this. Use a different browser. Not Internet Explorer or Firefox. Download Google Chrome, Safari, or Opera, and use them until the problem is resolved.

Then disable, temporarily, System Restore... or even remove all the system restore files you have previously save.

Update your Avira Antivir definitions, as well as superantispy and MalwareBytes


Now, run your system scans, while cleaning and deleting all TR/Crypt.XPACK.Gen Trojan, CFaprok.exe.exe, and TR/Agentbypass.2885687K Trojan.
Delete or Modify any values added to the registry.
Navigate to the subkey and delete the values.

Plug in your favorite USB flash drive.

Run: http://housecall.trendmicro.com/ and permit it to fix whatever it finds.

Delete all IE temp files or search for, and download, ATF temp files cleaner to run another complete cleaning.

Restart your computer.

You should now be able to remove TR/Crypt.XPACK.Gen.

Now use ComboFix. Search for, and download the latest version.

Run from here :C:\Documents and Settings\owner\Desktop\ComboFix.exe
(if not familiar with ComboFix.exe, do a Gurgle search and read up.)

You will find that you have: * Created a new restore point


Now run Antivir, MalWareBytes, and SuperAntiSpyware, and a downloaded scan of Spyware Doctor. The Spyware Doctor scan will not repair the issue unless you pay, but it will tell you if there is anything remaining.

If successful, as I suspect, they will find nothing.

If still a problem, do a Gurgle search for each of those three infestations: TR/Crypt.XPACK.Gen Trojan
CFaprok.exe.exe
TR/Agentbypass.2885687K Trojan
and try again with the recommended tools you find listed.


Once it is repeatedly clean in your scans, run a new System Restore

Good luck. Let us know what happens
 
0. I have been using K-Melon... also tried Firefox and still can not access some websites.
Also, I am running Online Armor..
Also, have renamed Hijack this to ensure that it coud run
1. Disabled System Restore and removed restore points.
2. Updated Avira AntiVir and Ran Scan Again.
3. - Can not Run Malware or AuperAntispy.. In normal or safe mode (Even after renaming executable)
4. AntiVir - Deleted TR/Crypt.Xpack.Gen (It keeps deleting c:Arkxx.tmp and then re-creating)
5. Could not find any registery values to delete (Manually ?)
6. Plugged in USB Drive... then what?
7. Could not access this site http://housecall.trendmicro.com/
8. Used ATF to delete all
9. Used CCCleaner Again to Delete all IE temp files.
10. Used KillBox to delte ARK files on reboot
11. I re-ran Avira - Just found some in Recycle and KillBox (So I manually deleted)
12. Tried to run ComboFix and I just got the hour glass.. Even tried renaming and nothing.

Attached are me new AVSScan and Hijacklog
 
This is amazing. Could there also be something wrong with your hardware... How much memory do you have? How old is the hard drive and what size, as well as how much free space? If you have 17% or less free space, that could be encouraging the problem - SATA or PATA-EIDE?. What is the brand and model of motherboard ? And who is your Internet provider?
I would not waste more time unless you just want to learn from the battles you have been waging.
Do your downloads include a lot of images or is it free music sites... do any other friends have the problems you describe on your machine.

We would start fresh with a new hard drive and see how things install.

We can see why you would be frustrated, because you don't even have normal infestations.

We would first like to see a report of your HiJack This scan... using the very latest "HiJack This" download.

Renaming is not a good option.

It doesn't appear that you have followed our suggestions? Are you not able to perform those downloads? If not, download to another clean machine and bring them across on a USB drive or CD.

We do this stuff all day long with heavily infested machines without the problems that continue to happen on your unit. Is it possible that you have removed parts of Windows that are needed?

One download to try if you can get it on another machine is a simple Registry Editor... Reg Clean... available on www.majorgeeks.com... called RegCleaner. It is found under the Registry heading. This will enable you to remove software in the registry that you find suspect. It is free, and helps in understanding the setup... It will not cure the problem, but will give you tools to start doing that.
 
I think I did it... jeeze.. this was like a 5 day ordeal.

I think the problem was some of the process or something I had blocked in my system startup.. but I finally ran everything and well, everything seems alot better. I didn't want to launch IE yet though.. until I got a clean bill of health from you guys...

Can someone take a quick look at these log files and let me know if I am all clean?
 
You still show some worrisom stuff in MalwareBytes and SuperAntispyware.
Can you again try to run those two from a cold SAFE MODE boot. If they are gone there on the re-test, you may finally be ok.
But I would still download and run the Spyware Doctor Free Scan... It will not remove anything, but it is very good at reporting if anything is still there...
 
You are looking good, now.
Are the problems you described gone?
Have you run your windows install disk in Repair mode to patch any damage?
If you are still having troubles, your only sensible choice is a clean, fresh install... hopefully to a new drive so you can save you files and documents for importing later.
 
No the problems seem to be gone...
I didn't run windows repair.. I dont see any issues... so probably will not..

I think I will just keep the Antivar and Online Armor running and that's it... Does that make sense?

Also I think I am pretty much done with IE.. :) and make sure I keep JRE up to date I think I was ignoring those alerts.. and might have been the issue.
 
Status
Not open for further replies.

Similar threads

midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
118
James Ryan
J
D
Google is changing how it shows search results to European users
Replies
1
Views
156
Mr Majestyk
M
D
Could Google charge a fee for AI search results? We don't think so.
Replies
16
Views
202
Ecurb
Ecurb

Latest posts

Back