Google Search Gets Redirected & Can't Access Gmail

By dbhojwani
Nov 23, 2009
Topic Status:
Not open for further replies.
  1. It seems I've caught some virus I can't get rid of. My google searches get redirected.

    I can't access Gmail either and keep getting the error message "The requested URL /accounts/ServiceLogin was not found on this server"

    I ran Hijack this and have attached the log file.

    I'd appreciate if someone could help me with this dilemma.
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,451   +135

    You have quite a mess here in the hijack log. Did you notice the 8-Step Virus and Malware Removal thread. You will need to follow the instructions carefully and post the additional logs required
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Don't tell someone they have a mess and not identify it! And it would be appreciated if you took time to put in the link to the Virus and Malware thread!

    dbhojwani, your hosts files have been hijacked. Your searched are all being directed to Poland. It looks like a DNS Changer infection.

    I'd like you to follow this order please:

    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • Be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • Click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this as LOG 1 with your reply
      [o] If you accidently close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt[/b]

    You will need to do a DNS Flush, then reset your router.
    Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

    Exit the Command prompt when finished and shut the system down.-

    • [1]. Shut down your computer, and any other computer connected to your router.
      [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
      [3]. Unplug the router. Wait sixty seconds.
      [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
      [5].With the router unplugged, start your computer. Run MBAM again.
      [6].Connect to the router again. The turn the router back on.
      [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
      [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
    Please reopen HijackThis to 'do system scan only'. Check the following entries if found> don't click on Fix Checked until you have completed checking all:

    O1 - Hosts: 89.149.210.61 www.google.de
    O1 - Hosts: 89.149.210.61 www.google.fr
    O1 - Hosts: 89.149.210.61 www.google.co.uk
    O1 - Hosts: 89.149.210.61 www.google.com.br
    O1 - Hosts: 89.149.210.61 www.google.it
    O1 - Hosts: 89.149.210.61 www.google.es
    O1 - Hosts: 89.149.210.61 www.google.co.jp
    O1 - Hosts: 89.149.210.61 www.google.com.mx
    O1 - Hosts: 89.149.210.61 www.google.ca
    O1 - Hosts: 89.149.210.61 www.google.com.au
    O1 - Hosts: 89.149.210.61 www.google.nl
    O1 - Hosts: 89.149.210.61 www.google.co.za
    O1 - Hosts: 89.149.210.61 www.google.be
    O1 - Hosts: 89.149.210.61 www.google.gr
    O1 - Hosts: 89.149.210.61 www.google.at
    O1 - Hosts: 89.149.210.61 www.google.se
    O1 - Hosts: 89.149.210.61 www.google.ch
    O1 - Hosts: 89.149.210.61 www.google.pt
    O1 - Hosts: 89.149.210.61 www.google.dk
    O1 - Hosts: 89.149.210.61 www.google.fi
    O1 - Hosts: 89.149.210.61 www.google.ie
    O1 - Hosts: 89.149.210.61 www.google.no
    O1 - Hosts: 89.149.210.61 search.yahoo.com
    O1 - Hosts: 89.149.210.61 us.search.yahoo.com
    O1 - Hosts: 89.149.210.61 uk.search.yahoo.com
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R3 - URLSearchHook: (no name) - *{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL> See Optional 1
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKCU\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\AVR.exe See Optional 2
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


    Close all Windows except HijackThis and click on "Fix Checked."

    Optional 1: Foistware: Viewpoint, Askbar
    These programs are not malware but they are foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it.

    Optional 2: Rogue Spyware> AdvancedVirusRemover
    Some anti-spyware programs are considered 'rogue' for the following reasons:
    • They use deceptive means to get the user to buy their program
    • The programs give 'false positives' meaning an entry is presented as 'bad' when is usually is not.
    • Their scanning techniques are not thorough and their databases may not be current.
    • There is no privacy policy
    • See DETAILS

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Start> Settings> Add/Remove Programs> highlight and remove all references to :
    Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.
    AskBar
    Advanced Virus Remover


    Close

    Rescan with HijackThis and include new log in new reply

    Attach BOTH of the Malwarebytes logs> Log 1 and Log 2
  4. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    Thanks Bobbye and Tmagic650 for your input. I will go through the steps you have outlined and post the resulting logs.
  5. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    Hi Bobbye,

    Everything works! Seems your instructions cleaned up the system.

    I've attached the 2 MBAM log files as well as the latest Hijacthis log file.

    Thanks for your help :)
  6. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,451   +135

    "Don't tell someone they have a mess and not identify it! And it would be appreciated if you took time to put in the link to the Virus and Malware thread!...

    Thanks Bobbye for helping out here. You love to pick on me. I'm just trying to help out, and bring posts into notice, so no one feels left out. I'm using Google Chrome and I haven't figured out how to post links yet
  7. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    Hi Tmagic650,

    I appreciate you mentioning the 8-step Virus and Malware Removal thread. I found it and found some extra items I can use to keep my system clean.

    Thanks again for all your help.
  8. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,451   +135

    Glad we could help dbhojwani...
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I pick up the threads as soon as I can. Take the time you use learning about the BBCode:

    http://learn-bbcode.blogspot.com/

    There was some point that each of us knew none of it!
  10. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,451   +135

    In IE I went to File, Properties, select all, copy... Chrome is much faster and colors are brighter, but I haven't figured out how to do this. bbcode is cool, but I can't grab the links to post with bbcode
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.