Need Help: Getting redirected from search results (Google, Yahoo)

Status
Not open for further replies.
Hi,

My PC is infected with "search redirect" malware.

Symptoms:
- Clicking on search results (from Google or Yahoo) in IE get redirected to random sites
-- for ex. questbooster.com, swishtrade.com, chameleonsearch.com, etc.
- Installed Firefox to see if it suffers form the same issue - initially it did not, but after 2-3 reboots it now suffers with the same search redirect problem.

Attached are logs following basic instructions.

Any help in removing this virus/malware is greatly appreciated.

Thanks
 

Attachments

  • mbam-log-2010-01-01 (10-21-00).txt
    868 bytes · Views: 3
  • SUPERAntiSpyware Scan Log - 01-01-2010 - 11-03-45.log
    2.7 KB · Views: 3
  • hijackthis_01012010_1124.log
    11.3 KB · Views: 2
forsatish, sorry for the delay. I don't see anything in these logs to explain a redirect.

If you still need help for this issue, please do the following:

Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  • Run Combo-Fix.exe and follow the prompts.
    (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
  • Wait for the scan to be completed.
  • If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Leave the Combofix report and the HijackThis log on your next reply. We''ll see if either-or both-found malware.
 
Hi Bobbye,
Sorry for my late response, however I am still running above mentioned scanners and collecting logs. My internet access at home is down, as I switched to VOIP killing my DSL account during number porting. I hope to complete these items over the weekend.
Thanks!
 
Okay. I didn't see any malware in the first 3 programs. Be sure to continue so we can find the cause of the redirect.
 
Status
Not open for further replies.
Back