Google and Yahoo Search Results Being Redirected

By ttjames
Jul 14, 2010
Topic Status:
Not open for further replies.
  1. Hello all. Can someone please help me. I have a user that is having the same symptoms as others on this forum with thier "Google and Yahoo Search Results Being Redirected"
    I am a my wits end and need help. I am acting as the intermediatary between this person and this forum. He has a Windows XP SP3 laptop. He clicked on what I believe was a fake anti-virus alert and now he says he is getting all kinds of pop-ups and is being redirected. He has McAfee VirusScan Enterprise 8.5i anti-virus installed and I had him install and run MalwareBytes. MalwareBtyes seems to have cleaned everything but the browser hijack.
    Any help you could provide would be greatly appreciated. I have had him complete the 8 step preliminary removal guide and I am attaching his log files below for HiJackThis and MalwareBytes.

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I'll start you off and then request that you ask the person you are helping to post here directly. It's really tough to do 'middle person' malware cleaning.

    The host files have been hijacked, so they can be removed. But we have different programs we use for preliminary removal.

    Please reopen HijackThis to 'do system scan only.;. Check each of the following if present:

    O1 - Hosts: 84.16.244.15 www.google.com
    O1 - Hosts: 84.16.244.15 us.search.yahoo.com
    O1 - Hosts: 84.16.244.15 uk.search.yahoo.com
    O1 - Hosts: 84.16.244.15 search.yahoo.com
    O1 - Hosts: 84.16.244.15 www.google.com.br
    O1 - Hosts: 84.16.244.15 www.google.it
    O1 - Hosts: 84.16.244.15 www.google.es
    O1 - Hosts: 84.16.244.15 www.google.co.jp
    O1 - Hosts: 84.16.244.15 www.google.com.mx
    O1 - Hosts: 84.16.244.15 www.google.ca
    O1 - Hosts: 84.16.244.15 www.google.com.au
    O1 - Hosts: 84.16.244.15 www.google.nl
    O1 - Hosts: 84.16.244.15 www.google.co.za
    O1 - Hosts: 84.16.244.15 www.google.be
    O1 - Hosts: 84.16.244.15 www.google.gr
    O1 - Hosts: 84.16.244.15 www.google.at
    O1 - Hosts: 84.16.244.15 www.google.se
    O1 - Hosts: 84.16.244.15 www.google.ch
    O1 - Hosts: 84.16.244.15 www.google.pt
    O1 - Hosts: 84.16.244.15 www.google.dk
    O1 - Hosts: 84.16.244.15 www.google.fi
    O1 - Hosts: 84.16.244.15 www.google.ie
    O1 - Hosts: 84.16.244.15 www.google.no
    O1 - Hosts: 84.16.244.15 www.google.de
    O1 - Hosts: 84.16.244.15 www.google.fr
    O1 - Hosts: 84.16.244.15 www.google.co.uk
    O1 - Hosts: 84.16.244.15 www.bing.com
    O4 - HKUS\S-1-5-18\..\Run: [urjbjfip] C:\Documents and Settings\NetworkService\Local Settings\Application Data\sfsdvqvod\usogycvtssd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [urjbjfip] C:\Documents and Settings\NetworkService\Local Settings\Application Data\sfsdvqvod\usogycvtssd.exe (User 'Default user')


    Close all Windows except HijackThis and click on "Fix Checked."

    This domain/server will have to be identified:richmond.amfautomation.int There are numerous entries for it and I can't identify it.

    That's about as far as I can go. This will not remove all of the malware

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. ttjames

    ttjames Newcomer, in training Topic Starter

    Thank you for your assistance. I am contacting the user now to join this forum and do what you ask him to do.
    Also, the domain richmond.amfautomation.int listed in the HiJackThis log is our internal FQDN, so I do not think that is of any concern.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Good. That will be easier on all of us! Okay about the domain- I just have to verify.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.