Getting redirected from google search results

By lochieg
Feb 2, 2007
Topic Status:
Not open for further replies.
  1. Gday folks, I've done all the pre-posting instructions and can't get any results (though they did find a whole bunch of other stuff)...basically, when I search for something in google and click one of the links to one of the results, 2/3rds of the time it redirects me to one of quite a few "websites", such as sestat.com, http://www.google.com/webhp?hl=en, http://oldhetaira.com/.cfm?pt=2&rpt=1&kt=1 or any other crap like that. My HJT log is attached, and I hope you have seen this before and know how to fix it quickly! While I'm at it, I may aswell ask, should I have winfox instead of IE? I see so much literature with that stance and thought I'd ask the experts.

    Thanks a lot guys, you do a great service to the web and it's much appreciated.

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Your system is infected with a variety of nasties.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :)

    This thread is for the use of lochieg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. lochieg

    lochieg Newcomer, in training Topic Starter

    Done and done mate... here's the latest.

    CCleaner found a whole bunch of stuff, too. I'd like to just clean the comp, as it's not really used for banking or anything like that.
    Cheers, howard, et al.

    Attached Files:

  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    You did not post an AVG Antispyware log as requested. Please do so in your next reply.

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    sysvx.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\System32\ipv6mote.dll

    O2 - BHO: ASP.NET Helper - {42031715-09B2-3B51-A93F-56C308E48F38} - C:\WINDOWS\system\ctlvxd32.dll (file missing)

    O4 - HKLM\..\Run: [sysvx.exe] C:\WINDOWS\System32\sysvx.exe

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O20 - AppInit_DLLs:

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\System32\sysvx.exe

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\System32\ipv6mote.dll

    Once your system has rebooted, rehide your protected OS files.

    Post fresh HJT and AVG Antispyware logs.

    Regards Howard :)

    This thread is for the use of lochieg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. zipperman

    zipperman Newcomer, in training Posts: 1,423   +7

    How you ask google is important.
    So be sure to search with exact words.
    Tip and example :
    Title:New York Hotels
    Type all the above.or
    utilities+system tools.
    google doesn't care what browser it is.
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    zipperman:

    lochieg`s problem is not caused by him typing in the wrong words into Google, but rather when he gets the Google results from doing a search and clicks on a link, he gets taken to a completely different website from the one he`s trying to access. I.E he`s getting redirected. I believe this is caused by the malware on his system.

    Regards Howard :)

    This thread is for the use of lochieg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. lochieg

    lochieg Newcomer, in training Topic Starter

    Apologies...here it is

    Attached Files:

  8. zipperman

    zipperman Newcomer, in training Posts: 1,423   +7

    Options

    What where your options besides "No action" ?
    Name one of your search words and reported links and i'll report my results.
  9. lochieg

    lochieg Newcomer, in training Topic Starter

    It only says that because I don't have an option to save a logfile AFTER I've taken the action. I quarantined one and deleted another, but can't remember which was which. I'm not sure what you mean by "name your search words"...you mean what I've searched for in google? One of them was stylus (an online magazine I couldn't remember the URL for), and that resulted in http://oldhetaira.com/.cfm?pt=2&rpt=1&kt=1 once, and a different each time I clicked on the link...I hope that's the info you wanted?

    Anywya, here's the latest logs...
  10. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Your HJT log is now clean, are you still having the same problem with Google?

    please do the following, only if your problem is still there.

    Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    Regards Howard :)

    This thread is for the use of lochieg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  11. zipperman

    zipperman Newcomer, in training Posts: 1,423   +7

    Yes

    http://www.stylusmagazine.com/

    Search : stylus+magazine
    That found it. Thats what i meant.
     
  12. lochieg

    lochieg Newcomer, in training Topic Starter

    Nope no more problems. Thanks a lot Howard and everyone: I should say again that you guys do an amazing job.
  13. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    That`s good news and thanks for letting us know.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of lochieg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  14. chethanv

    chethanv Newcomer, in training

    google search result getting redirected to different sites in IE

    Hi All,

    I am not sure if this is the right place to post my issue. Whenever i search in google for something and get the results, i am taken to different website when i click the link. This happens only in internet explorer. Few days back i had lots of spyware, tracking, malware and adware on my pc but i was able to clean most of the things using spybot search and destory. Can someone help me.

    thanks.
  15. rf6647

    rf6647 TechSpot Maniac Posts: 931

  16. Train

    Train Newcomer, in training

    Rookie User - Posting Logs

    I followed the "8 step malware removal guide" and so far so good. I am not being redirected to any sites and pop up ads have stopped.

    I attached my logs per your instructions. Let me know if you see anything that should be corrected.

    Thanks, I really appreciate this guidance.


    Train
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.