TechSpot

Help - Getting redirected from google search results

By tezza22
Apr 9, 2007
  1. Hi
    When I search for something in google and click one of the links to one of the results, most of the time it redirects me to other websites. Please help.

    I have attached my hijackthis log.

    Thank you
     

    Attached Files:

  2. momok

    momok TS Rookie Posts: 2,272

    Hi,

    Have you followed the steps for removing malware that are posted in this forum? You can find it HERE

    I've looked at your HJT log and it did contain quite a few dubious entries.
    However, the problem cannot be completely resolved until we get to the root and source. I strongly suggest you follow the thread above, and in your next post, post a fresh HijackThis log, AVG Anti-spyware log and combofix log.
    (Note that you have to rename your HijackThis.exe to Analyze.exe because certain malware can detect HijackThis and hide from it.)

    I suggest you also provide a description of your problems to greater detail, like which sites you get redirected to, what other problems crop up when you are on/off the internet, etc. This will help aid the problem identifying process and thus getting the solution quicker.

    PS. I may not be able to full guide you through the entire solution, but so far the best you can do is to follow the advice above for now until a more senior member replies you.

    Yours,
    The friendly and mysterious Momok.
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Your system is infected with at least one trojan and has a nasty hijacker as well.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above. Also, pleas attach the C:\fixwareout\report.txt.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of tezza22 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. tezza22

    tezza22 TS Rookie Topic Starter

    malware removal

    Hi,

    Thanks for the replies momok and howard. I have follwed the instructions and have attached the fresh HJT, AVG Antispyware, Combofix logs and the fixwareout report too.

    I ran the AVG Antirootkit scan and it came up empty with no rootkits found.

    I have also checked the internet to see if I was still being redirected and have so far found that it is no longer occurring. I also haven't noticed any other symptoms so far.

    I hope this gives you enough information.

    Thank you
     
  5. momok

    momok TS Rookie Posts: 2,272

    Hi

    Your HijackThis log looks fairly clean to me. However I noticed that your AVG log displays 'No Action Taken' for all the files detected.

    I suggest you run AVG again and quarantine the files. Instructions HERE.

    Also, run HijackThis and fix these entries:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    and the following (only fix these if the domain is not from your ISP)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{34B91759-B17A-445D-AF70-C8897C278C3D}: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{616BA13C-509E-48E3-BFFB-75290559F9D3}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{68AC4056-FA99-4825-A228-FC39F35E8192}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{869B70DE-3818-4DA0-ADEA-8699905CECCC}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EAA937F6-C708-4089-A312-56DF40C5D52D}: NameServer = 85.255.115.34,85.255.112.63
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

    After that, please post fresh HJT logs and AVG logs.

    PS. I'm not too sure about fixwareout though, so let Howard reply to confirm if your system is really clean.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your AVG Antispyware log says "No Action Taken" for all items. This is because you didn`t follow the instructions properly for using AVG Antispyware. See These instructions HERE and make sure you tell AVG Antispyware to quarantine it`s results.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    Fix all 017 entries.These are from the hijacker

    Click on the fix checked button.

    Close HJT and reboot your system.

    Locate and delete the following bold files and/or directories(if there).

    C:\windows\ALCMTR.EXE

    Post a fresh HJT log as well as another AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of tezza22 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. tezza22

    tezza22 TS Rookie Topic Starter

    Hi,

    I have done what you have said and have posted the fresh logs.

    I did the AVG scan, changed the 'set all elements to' button to quarantine, but it only changed some of them to quarantine and the others stayed at delete. I applied all actions and you'll be able to see what happened in the log.

    Thanks
     
  8. momok

    momok TS Rookie Posts: 2,272

    Yes, that looks clean now.

    Now,

    Delete all quarantined files from the AVG scan.

    Turn off system restore, and turn it back on again. Learn how to do that HERE.
    This deletes any nasties residing in your restore files and sets a new restore point for your computer.

    Please let us know if you have any further problems by posting in this thread.

    PS. Howard: I'm not fully sure about this folder "D:\Program files\NudgeBomb\" Apparently the AVG scan picked up nudgebomb.exe as "Not-A-Virus.HackTool.Win32.Delf.bw". Couldn't find anything on google either. What do you think?
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is clean.

    Before deleting files in AVG Antispyware quarantine, can you tell us if you know what the D:\Program files\NudgeBomb programme is? If you know for a fact it`s safe, have AVG Antispyware restore the file, otherwise delete all files in AVG Antispyware quarantine.

    Then, turn system restore off, then on.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of tezza22 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. tezza22

    tezza22 TS Rookie Topic Starter

    My brother downloaded it. It's an hack tool to nudge people you are chatting to on msn. MSN allows you to nudge people, however it restricts you to nudging people only once every 20 or so seconds. The nudgebomb overides those retrictrictions and allows you to nudge as many times as you like. It's harmless but he doesn't use it anyway, so I'm going to delete it. Thats about it really. Its not dangerous and its not really useful. Its pointless.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Thanks for the info.

    Regards Howard :)

    This thread is for the use of tezza22 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.