Google & Bing links not working

Status
Not open for further replies.
Hello all! Visiting the family and mom's computer is a little goofy. When searching the internet using google or bing, the search results come up fine, but if I try to click on any of the links, I get directed to various ad sites or other place trying to sell me stuff.

I ran all the steps recommended in the FAQ (except for #6 - she does not have java installed) and the problem still exists. Any recommendations?

Thanks and Happy Holidays All!
Glubash
 
Hello and Welcome To Techspot,

I am going to ask you a series of question that I would like you to answer so we can help you the best we can from what you may have, seeing there are many different types of re-directs people can pick up.
  • Are you getting re-directed when you type in google.com?
  • When you use google and search something, do you get re-directed?
  • If so, how often (for ever 4 websites, how many get re-directed)?
  • Is it using certain search engines like yahoo, google, etc.?
  • Do some search engines work and others get re-directed?
  • Does any site load when clicked on?
  • Do the sites have a pattern? Are they the same?
 
Anon,

Here are answers to your questions (as best as I could answer). Thanks for the help!:

1. Are you getting re-directed when you type in google.com?

No. It appears that IE8 is going directly to google.com. Typically, I am searching from the toolbar.

2. When you use google and search something, do you get re-directed?

The search results are correct for the keywords that I'm searching for. When I click on the search results, sometimes it will go to the correct result and sometimes it will go to some ad site or something else.

3. If so, how often (for ever 4 websites, how many get re-directed)?

It varies, at times 100%. Other times, about 25%.

4. Is it using certain search engines like yahoo, google, etc.?

Confirmed on yahoo, bing, and google.

5. Do some search engines work and others get re-directed?

It appears that all of the major search engines get re-directed.

6. Does any site load when clicked on?

Occasionally, the appropriate site will load. Usually, I get re-directed after clicking on a link. After trying a few just now, I saw that it sent my keywords to googloe.de and that popped another site.

7. Do the sites have a pattern? Are they the same?

Sometimes they are related to what I searched for, other times it comes up with a home medical site (fairly often) or something else random.

Additional info: Today, I've noticed several times that McAffee has reported finding and deleting a trojan that it is calling "DNSChanger.as". It appears to come back each time I connect to the internet and at times during surfing.
 
Glubash, the DNS Changer calls for a specific fix. I don't see any evidence of it in these logs. Can you attach the McAfee logs showing this? Do you have access to her router? If so, please do the following: Suggest you print the directions out as you will need to follow the steps:

DNS Changer
You will need to do a DNS Flush, then reset your router.
Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

Exit the Command prompt when finished and shut the system down.-

  • [1]. Shut down your computer, and any other computer connected to your router.
    [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
    [3]. Unplug the router. Wait sixty seconds.
    [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
    [5].With the router unplugged, start your computer. Run MBAM again.
    [6].Connect to the router again. The turn the router back on.
    [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
    [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.

As for
(except for #6 - she does not have java installed)

Any reason for this? There are some site that will require Java on the system.

Let me know the status after this. There will be 2 more steps.
 
Bobbye,

Thank you for the reply. I know that this is a really busy time of the year for everyone and particularly you guys.

When I asked about java, she said that it just isn't something that she needs.

We did the DNS flush and ran MBAM as instructed (logs attached). She does not have a router but uses a Verizon USB modem to connect. There is only 1 pc in the house.

Also attached is the McAfee log (looks pretty messy).

Thanks again,
Glubash
 
There are 2 serious malware infections: the TDSS Rootkit and the DNS Changer. I'm going to refer you to another board HERE for the help in cleaning. It requires special program and experienced guidance. I do not think the two can be handled in this forum.

The choice is yours, but wrongly done, the computer can become badly disabled and possibly inoperable. Here is a capsule description from Malwarebytes.org for the TDSS Rootkit:
High risks (like Rootkit.TDss.Gen) are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer
 
Bobbye,

Thanks for the response. Although not what I was hoping for, it is good to have an idea of what I'm up against. At the moment, I'm strongly considering the nuclear option (archiving the data, reformat, and a clean installation of XP). That will probably burn about a day to get everything patched and reinstalled. But, I think it will be about a wash with fighting this thing.

Thanks again,
Glubash
 
You might check out the site. They can run the most applicable programs in the least amount of time to address the malware.
 
Status
Not open for further replies.
Back