TechSpot

Google results links are redirected

By gregm
Dec 9, 2009
  1. Hi,
    I am working on a PC that has had a few problems. I have removed a bunch of malware but can't solve the last nagging problem.
    When I do a google search, the results are successfully displayed. If I then click on one of the results, instead of going to that page, IE goes to searchmeup4.com. Sometimes it just goes to the main search page for searchmeup4.com, other times it bounces on to another page that is related to the original search topic, but not the results page that I clicked on.

    I have done the "UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions" and found a few extra infections that were then removed but the problem remains.

    I have attached the required logs.

    I'd love to get this sorted.

    Regards,
    Greg
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Wow that CA Internet Security Suite, has 13 startup entries in your HJT log, that would really slow down Windows
    And you got infected anyway! Before starting any work on this infected computer of yours, are you going to keep CA Internet Security Suite?
    Because if so, then I might leave it for the next support member to help you, as I'd think > Why?

    I prefer Free Avira Antivirus myself
     
  3. Ronell

    Ronell TS Rookie

    Hi, i did an analysis from one of the site and this what i go with HIJACKTHIS...i hope it make some sense.

    Cheers R
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks Ronell, but these online scans are not to be fully trusted
    Not only that, but it implies that the member can just start removing bad stuff. Whereas by doing this without guidance their computer may not even start again!

    Also have a read here: Special governing rules for the Virus & Malware removal board
    Whilst we appreciate anyone supplying support, they must be able to read the logs themselves (and not just upload it to get auto-scanned)
     
  5. kritius

    kritius TS Guru Posts: 2,084

    Thats actually worse than useless
     
  6. gregm

    gregm TS Rookie Topic Starter

    Kimsland,
    We will (unfortunately?) be staying with CA for the time being at least. This computer belongs to a client of mine who has 6 computers, all running CA and they have a multi-licence for CA.
    To date I have had my suspicions about the value of CA but am yet to be able to state a good enough case to cause them to change there protection. Being a fairly large commercial entity, they are happy to pay for a professional level product and not just rely on a free product (which usually does not encourage use by commercial entities anyway).
    Having said that, I will certainly look at Avira for the possible use of some other not-so-commercial clients.

    Greg
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Here's a good way to prove my point:

    FREE Online Virus Scan: http://www.eset.com/onlinescan/

    If you even get 1 Malware stated then CA couldn't be all that good
     
  8. gregm

    gregm TS Rookie Topic Starter

    Kimsland,
    I'm not actually defending CA in this, but I don't necessarily agree with you. The 8-step process uses multiple products to resolve malware problems. This in itself implies that a single product probably can't do everything. I don't believe that there is an AV product that can detect and block every threat. Obviously some are better than others, and most are only as good as the latest update.
    But no matter what product you use, if a brand new threat appears it could potentially still get thru, before the latest update has been written to block it. If this occurs and a rootkit or stealth virus infects the system, then the protection can be compromised and let in any number of other malware.
    I think this is probably what has happened to this system. There were a couple of little things with CA the other day that didn't seem quite right. I tried to tidy CA up and couldn't do it. So I had to use their on-line support and ended up having to unistall/reinstall CA. It was then that CA picked up more infections.
    I'm not convinced that this cannot happen to any number of anti-malware products out there. I've seen similar things with systems protected with several different products.
    Still, if the overheads are high and the product proves to be not as secure as some, then I can probably swing the client to a different product. But I would really need to be sure of the new product first, otherwise if they got another infection I would be in a very awkward position!

    (...just getting off the soap box ...)

    Talk with you soon and hopefully make some further progress with the problem at hand.

    Regards,
    Greg
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I agree

    Anyway, I still believe the online scan is a good idea at this point
    Its irrespective if it finds anything that all users should then change their AV product, of which they shouldn't
    But it will be interesting anyway ;)
     
  10. gregm

    gregm TS Rookie Topic Starter

    The on-line scan is underway. It took a while to get started because it timed-out a few times. I've got it going now and will post back when I have any results.
    By the way, I did a Trend Micro on-line scan yesterday and it turned up nothing.

    Greg
     
  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Before replying back (I thought I'd better check the log :cool: )

    Start HJT Scan Only
    Close all Internet browsers, and stop or close any active programs
    Select all the 01 entries, then select FIX
    Close HJT

    Combofix:
    • Download [​IMG]Combofix to your desktop.
    • Disable your Antivirus (as Combofix will remove any found malwares)
    • Double click ComboFix & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here
    Also restart again, and provide a fresh HJT Scan log

    3 logs required (if you include the online scan, but maybe don't bother if you ran one yesterday ;))
    Therefore 2 log attachments required
     
  12. gregm

    gregm TS Rookie Topic Starter

    Hmmm...interesting.

    I did do the eset on-line scan and it picked up just 1 infection: win32/Qhost trojan, which it cleaned automatically.

    I ran HJT again and there were no 01 entries at all this time - not sure what changed but I've attached the new log.

    Ran combofix and it wanted to install the recovery console, so I let it. It didn't seem to find anything I don't think, but again, the log is attached.

    I've checked google again and YIPPEE!! the problem appears to be gone now!

    So I guess that all might now be good at this end, but if you have any further advice I'd be pleased to hear it.

    Thx heaps for your assistance.

    Regards,
    Greg

    PS. While I was collecting the attachments just now, CA has just detected another infection and cleaned it. Could there still be something going on behind the scenes?
     
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Un-install Combofix
    • Click START then RUN
    • Now type Combofix /uninstall in the runbox and click OK
    • Any popup errors about Antivirus just ok or close
    Note: 1 space after ComboFix in that uninstall command



    Uninstall SUPERAntispyware
    Start > Control Panel > Add/Remove Programs > SUPERAntispyware > Uninstall



    Update Java and remove older Java versions
    Run JavaRa
    This will remove all your old Java stuff (that is not required)
    It will also help you check for new Java updates Runtime updates
    Or just go here and auto check: http://java.com/en/download/installed.jsp?detect=jre&try=1



    Download and run TFC http://oldtimer.geekstogo.com/TFC.exe
    Your computer may need to Restart



    Clear & Reset System Restore's Cache
    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK


    Restart, and let me know how its performing
     
  14. gregm

    gregm TS Rookie Topic Starter

    Ok, I've done all that. In the midst of it CA realtime scanning detected another infected file. It was infected with 'Win32/SillyDI.PRR' which is one that has popped up alot over the last few days. It was in a 'system restore' folder and I have now cleared the system restore cache again, so it is probably ok. The thing that concerns me is that the last time I cleared the system restore cache was yesterday after I thot it was pretty clean again. So where does that leave me?
    BTW the original problem (google redirection)has not reappeared at all.
     
  15. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Sometimes Users forget to press "Apply" after removing the tick on "Turn off System Restore on all drives"
    The other option is that you have somehow been infected again, but unsure how it passed by CA in the first place (?)
    Who knows, but I believe its ok still (well now it is)

    Also thanks for the update
     
  16. gregm

    gregm TS Rookie Topic Starter

    Ok. Thanks for yuor help. I guess this thread can be closed.
    I really appreciate you seeing me thru this.
    Best regards,
    Greg
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...