also @ TechSpot: Android 4.0: Tracking Ice Cream Sandwich's Availability on Smartphones

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

Internet Explorer search results are being redirected

Discussion in 'Virus and Malware Removal' started by Spatzile, Jan 5, 2010.

Thread Status:
Not open for further replies.
Page 1 of 3

  1. Spatzile Newcomer, in training

    Hi

    I am having a problem with Internet Explorer, and in particular: Google.
    When I go to Google and type in what I’m searching for, the results display correctly but when I click to view one of the search results link, it redirects to another 'search' page. Sometimes it even goes to EBay search. Luckily, it doesn't happen very often, but is it annoying and I want any Virus or Malware removed from my computer. Attached I have my Logfile from Hijackthis, Malwarebytes' Anti-Malware and SUPERAntiSpyware.

    Any help would be greatly appreciated

    Thanks!
    :)

    Attached Files:

    Spatzile, Jan 5, 2010
    #1

  2. Tmagic650 TechSpot Ambassador

    Logs show you caught some nasties. Try running the ESET On-Line Scanner:
    Scanner
    See if it picks up anything else
    Tmagic650, Jan 6, 2010
    #2

  3. Spatzile Newcomer, in training

    Hi

    Thank you for the tip!

    This is what was found:
    C:\Documents and Settings\YOUR NAME HERE\My Documents\No More MSN Viruses\msupdate32.exe.back
    IRC/SdBot trojan
    cleaned by deleting - quarantined

    But... I still have the problem, is there anything else I can do or try to fix this?

    Thanks in advanced!
    Spatzile, Jan 7, 2010
    #3

  4. Spatzile Newcomer, in training

    Can anyone help me with this? :(
    Spatzile, Jan 21, 2010
    #4

  5. Tmagic650 TechSpot Ambassador

    Check out Combofix
    Tmagic650, Jan 21, 2010
    #5

  6. Archean TechSpot Paladin

    What happens if you try using another search engine ?
    Archean, Jan 21, 2010
    #6

  7. Bobbye Helper on the Fringe

    Since you did not get any help originally and 2 weeks have past, please repeat the 3 scans-with this exception-
    You have run a Beta version of HijackThis.Please remove the log and go HERE to download the correct version.

    Do not run any other scanning program until I instruct you to do so. Do not run the Eset online scan and do not run Combofix.

    Attach the 3 logs to your next reply.

    FYI:

    This is not consistent with a malware-    caused redirect.

    Tmagic, stay off of the thread.
    Bobbye, Jan 21, 2010
    #7

  8. Tmagic650 TechSpot Ambassador

    "Tmagic, stay off of the thread"....

    Booobye, I started helping this member before my surgery. I just thought I would continue because you were not around. I can't view the logs, I only have the use of one hand typing at this point
    Tmagic650, Jan 21, 2010
    #8

  9. Bobbye Helper on the Fringe

    You did not help this member. Please stay off of the thread.
    Bobbye, Jan 21, 2010
    #9

  10. Spatzile Newcomer, in training

    Hi Bobbye,
    Thank you for your reply!
    Attached are my recent logs.

    Attached Files:

    Spatzile, Jan 22, 2010
    #10

  11. Tmagic650 TechSpot Ambassador

    Spatzile,
    from the looks of the logs, and from the fact that you are still being redirected, Combofix may be needed in your future... to finally correct your problem
    Tmagic650, Jan 22, 2010
    #11

  12. Bobbye Helper on the Fringe

    Spatzile, I don't see any malware entries on any of the logs- as I mentioned, you description of the problem is not the usual 'redirect'.

    So I have a comment and some questions:

    I notice you are running the following. Is it possible that any of the components of this could be responsible for sending you to another site?

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    [IMG]
    http://office.microsoft.com/en-us/groove/HA101656331033.aspx

    When malware causes the redirection, it should be happening on all of the searches. So it isn't possible for you to search effectively- it's not just annoyance.

    I'd like you to run the Eset scan again: Please note my emphasis on NOT checking for removal of any items found.

    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Attach the log to your next reply.

    Since you question a Google Redirect, I'd like you to describe what's happening:
    1. If you type a word in the Google search box, and then choose one of the sites that comes up, what happens?
    2. Does a different site load?
    3. Does any site load?
    4. Are the sites the same/different?
    5. Are you sure you're not seeing a Google page saying DNS server couldn't be contacted?
    Bobbye, Jan 22, 2010
    #12

  13. Ltrain1971 Newcomer, in training

    Bobbeye, I was having almost the exact same problem, so I'd like to share what I did that FINALLY fixed it. I'll let you advise this guy on what to do...I am not trying to hijack your thread.

    I installed the latest version of Java, and deleted the older versions under Control Panel>Programs and Features.

    However, I didn't know I had to delete them from Firefox's Extensions...Tools>Add Ons>Extensions tab

    Once I deleted the older versions of Java Console I am left only with v6.0.18, and everything is smooth as silk. It was an immediate fix after Firefox was restarted, and it hasn't returned.

    Hope that helps!
    Ltrain1971, Jan 22, 2010
    #13

  14. Bobbye Helper on the Fringe

    Thank you. It's an unusual fix, but worth trying if nothing else works.
    Bobbye, Jan 22, 2010
    #14

  15. Spatzile Newcomer, in training

    Hi Bobbye,

    Sorry for the late reply.

    Attached I have the log from the Eset scan.

    In regards to the Groove System Services being related to the problem - I wouldn't have an idea as I haven't used this application before.

    This is what I have just done:
    1. I typed 'computer problems' into google.
    2. I clicked on the first search result that appeard. The webstite stated below was 'pcsupport.about.com'
    3. I opened the link but instead of the intended website i get: 'http://www.reimage.com/index.php?tracking=gk&banner=AUNZ&adgroup=computer1&ads_name=direct&keyword=direct'
    4. If i click back and re-click the link it opens to the correct website.

    Let's try it with another search -

    1. I type in 'latest news' into the google search engine.
    2. I open the first link from this website: www.news.com.au
    3. When I open it though it come with this website: 'http://www.upliftsearch.com/?keyword=latest%20news&aid=1419&cid=1071&subid=12704' <----- This website i get redirected to quite frequently.

    Here is another search I just did:
    1. I typed in 'australia day' into google
    2. I click on the link for this website: www.australiaday.org.au
    3. I get reidrected to: http://www.upliftsearch.com/?keyword=australia day&aid=1419&cid=1071&subid=12704 <-- The same one as last time!


    --- Some days it is like today, every search comes redirected but other days none get redirected.---

    I hope this is the information you need to fix it :)

    Thank you!

    Attached Files:

    • log.txt
      File size:
      1.8 KB
      Views:
      4
    Spatzile, Jan 27, 2010
    #15

  16. Archean TechSpot Paladin

    By the way Groove is MS Office's collaboration tool/service.

    Which version of IE you are using?

    Also do you have Google as being default search engine (added) in IE (if its 7 or above)? If not try adding it again from here.

    May be that will help
    Archean, Jan 27, 2010
    #16

  17. Spatzile Newcomer, in training

    Hi Archean,

    I am using Internet Explorer 8 and I have Google as my default search engine.

    Thank you for trying to help!

    :D
    Spatzile, Jan 27, 2010
    #17

  18. Archean TechSpot Paladin

    Welcome; i suggested that because i've seen similar but less chronic issue; however, on that occasion simply removing google search addon from IE and reinstalling it was sufficient to cure it.
    Archean, Jan 27, 2010
    #18

  19. Spatzile Newcomer, in training

    Thank you, I'll keep that in mind. First i'll see what Bobbye says though. :)
    Spatzile, Jan 27, 2010
    #19

  20. Bobbye Helper on the Fringe

    Spatzile, you did some nice troubleshooting- thank you!

    Are you up for an adventure? If so, give this a try:

    Open Internet Options (through Control Panel or Tools in IE)> Security tab> Restricted sites> Sites> type in each of the following, then click on Add:

    *.searchnext.com
    *.aroundme.com
    *.upliftsearch.com
    *.xml.upliftad.com
    *.my.compete.com

    Then click on Apply> OK.
    The * acts as a Wild card for anything before the Domain name. I took a trip around the internet starting with your redirected site. In the world of bad sites, none of what I found were of the 'bad' types that some redirects can be.

    I'd like to see if restricting the Domains will stop your problem. You seem adventuresome, so let's give it a try! If it doesn't work, we'll

    As for Grove, it is either downloaded as a stand alone program or can be added to MS Office. Since it is running a Protocol, if you aren't using it, I suggest either uninstalling or disabling.

    And a tip about searching: I know you were purposely checking the redirect, but keep in mind that using such broad terms can cause problems. When I do a Google Search, I occasionally get a RoadRunner search page telling me there are no matches. I don't consider this a redirect and it doesn't happen often.

    It's possible that your broad search terms are causing a similar thing with the Australia ISP. See what the Restrictions do. along with more specific search terms.
    Bobbye, Jan 27, 2010
    #20
Page 1 of 3
Thread Status:
Not open for further replies.