Google search links are being redirected

[rflynn86]

Hey guys, my google searches are showing up links as normal but when I click on them it send sme to random pages, doesnt happen all the time but quite a bit. AVG or f-secure backlight program cant find any problems, I'd really appreciate any help, cheers.

 

[Bobbye]

Please follow the preliminary removal steps HERE.


You will find the correct link for HijackThis in the steps. Please uninstall the beta version you ran and delete the log.
When you have finished, attach all 3 logs for review. You will rescan with HijackThis AFTER the other 2 programs.

Please be sure to check the sections in Mbam and SAS to remove what is found. I'll help with any HJT removals.

 

[rflynn86]

Google hijacked

Thanks very much for your swift reply, ive followed the steps given, I already had run mbam so didnt get any nasties this time. Ive attached the previous log as well which did find some threats. Thanks again for helpin mate, id be pretty screwed without people like your good self...

 

[Bobbye]

Okay- I notice you've removed some entries that are best off the system. but lets seen what files may be left over:

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
  Important! Save the renamed download to your desktop.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

• Double click on the setup file on the desktop to run
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
• When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
  
• Query- Recovery Console image
  
  
  
  
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
  
  
• Click on Yes, to continue scanning for malware.
  
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

These logs are okay but let's check an online virus scan to make sure nothing was missed:
Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Please attach the Combofix report and the Eset log in our next reply.
Give me an update on redirect problems. If they are still occurring, give me a description of what's happening.

Best to stay away from the casinos while we're cleaning!

 

[rflynn86]

Google Hijacked.

Here's the logs from the programs you mentioned, I tried the net again but it's still happening. It doesnt happen all the time and doesnt seam to happen if you chose the most relevant google link (first link). Still happens quite a bit though, a lot of the time it jumps to an address something like 'nngoheogitar' (it goes too quick to copy it) then jumps to a random search engine, it jumps to ask.com quite a bit too. Sometimes it goes to 'bounce123' page for a moment then moves on to the random search engine. I dont know if that helps? Should I let the eset program delete the threat it found? Any merit in reinstalling avg? Oh avg keeps shows up tracking cookies quite a bit too...

 

[Bobbye]

This will handle the Eset entry:

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes	
  
  :Services
  
  :Reg
  
  :Files 
  C:\ISP\BT_Openworld\Narrowband\Signup\Reinstall\SignupLt.EXE
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

AVG antivirus and Norton Internet Worm Protection?
Norton Internet Worm Protection is part of Norton AV:

Please download Norton Removal Tool and Save to the desktop:

Note: You do NOT need the registration key to uninstall.

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Double click on the Norton tool to run. follow the on screen prompts.

I'll be back in a while to go over anything remaining.

 

[rflynn86]

google hijacked

that seems to have done the trick, im still a little tentative but no redirects yet! thanks so much for the help man, i really appreciate it, if you ever need a place to kip in edinburgh thers a sofa-bed here wit your name on it!

 

[Bobbye]

Glad to help! You can remove the cleaning tools and old restore points:

Uninstall ComboFix.exe And all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

Remove all of the tools we used and the files and folders they created

• DownloadOTCleanIt by OldTimer
• Save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

If you are prompted to Reboot during the cleanup, select Yes.

You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:

• Go to Start > All Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
• Click "OK" to select the partition or drive you want.
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Let me know if you need more help.