TechSpot

Google being redirected

Solved
By Calculus225
Aug 11, 2010
Topic Status:
Not open for further replies.
  1. Hi.
    When I click on Google search results I am being redirected to random sites. The sites seem to do their own version of a search related to my desired topic but takes me to other sites. Hopefully the wonderful volunteers on this site can help me. I have had the problem for a few weeks now. Here are the logs from the 8-step process (attached).

    Thanks.

    Attached Files:

  2. crunchie

    crunchie Malware Helper Posts: 761

    Hi and welcome to TechSpot forums :)

    ==

    Please download JavaRa

    If you get this message:
    Problems with the download? Please use this direct link or try another mirror.

    Select the Direct link download unzip it to your Desktop.

    Double click JavaRa.exe then click Remove Older Versions.

    Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

    Next, open JavaRa.exe again, and select Search For Updates.

    Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

    In Vista and Windows 7 run the tool as Administrator.

    ====

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
  3. Calculus225

    Calculus225 Newcomer, in training Topic Starter

    Finally, ready for next steps.

    Thanks, Crunchie.

    The Java update went smoothly. (log attached)

    The ComboFix program was more problematic. The version downloaded from your link said it had expired and could run with reduced functionality. I said yes, but it just erased itself and nothing happened. I downloaded another copy of ComboFix from another server. This one stalled after making a restore point. Said it started to scan for infected files, but never got to stage-1. I had to reboot to get rid of it. Ran it again today and everything ran as expected. (log attached)

    Let me know what is next.

    Calculus225

    Attached Files:

  4. crunchie

    crunchie Malware Helper Posts: 761

    Are you still being re-directed?

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

  5. Calculus225

    Calculus225 Newcomer, in training Topic Starter

    Redirects are gone (so far)

    Thanks Crunchie.

    Yes, it appears the redirects are gone.

    The ESET scan found another couple of threats. Should I scan again and remove them?

    Calculus225

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=09f57a88aee09e458eed9ffb831bd1df
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-08-13 12:19:14
    # local_time=2010-08-12 08:19:14 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=768 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=102906
    # found=2
    # cleaned=0
    # scan_time=6129
    C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\isapnp.sys.vir Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1398\A0071984.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
  6. crunchie

    crunchie Malware Helper Posts: 761

    Yes, rescan with ESET and then;

    • Click START then RUN and copy/paste the following bolded text into the Run box and click OK:

      ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

    • [​IMG]
  7. Calculus225

    Calculus225 Newcomer, in training Topic Starter

    Thank you so much!

    ESET successfully removed the Olmarik trojan and I have successfully removed Combofix from my computer.

    Everything seems to be running smoothly.

    Thanks again.
    Calculus225
  8. crunchie

    crunchie Malware Helper Posts: 761

    No worries :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.