TechSpot

[Resolved] Malware redirecting Google search. Followed 8 steps, attached logs

By jennifer1317
Mar 25, 2010
Topic Status:
Not open for further replies.
  1. Hi everybody,
    I, too, have this terrible redirect virus. I click a link after doing a Google search and I'm redirected to an obscure webpage full of ads. It happens with Bing in IE as well. Sometimes I just have random pages open in new tabs while viewing sites. I have followed all of the steps suggested in the updated prelim thread. My Java version on my computer was archaic, is it possible that's how I got this? I have Symantec Antivirus, which found nothing during a few scans; and I ran CCleaner until there was nothing left to delete. I think I have done everything correctly...I wouldn't want to waste anyone's time. Attached are my file logs, and I thank you very much in advance :)

    Jenn

    Edit: Logs have been removed for security purposes. Member advised.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Jenn, I'm checking your logs now. It's taking me longer because I have to retrieve them out of the zip. If you have to leave multiple logs in the future, please attach them separately.
     
  3. jennifer1317

    jennifer1317 TS Rookie Topic Starter

    attached logs in zip

    Hey Bobbye...sorry about that. I had a hell of a time getting my HJT log to upload, hence the zip file. My connection kept resetting while uploading that one file. I didn't have any issues with any of the other logs, just that one. Sorry for making you work harder ;) I appreciate you checking my logs so quickly!
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It appears that you have both McAfee and Symantec Security Suites installed. Each has multiple processes. Please decide which you would like to keep and remove the other. Contrary to what you might think. doubling up on an AV program and firewall can make the system more vulnerable, rather than less. It will also slow the system down.

    Here are some tools that will help in the removal of whichever suite you decide not to keep:
    McAfee Removal
    Norton Removal Tool

    I also see many entries for the DCMA Domain: Domain = sknkwrks.ds.dcma.mil
    and
    several entries indicating you are remotely controlling or accessing the system. Is this intentional?

    I am a bit confused about the large number of these entries, especially since at least one leads to a secure site. If you are using a military account, wouldn't it be up to the host to handle problems?

    I also see entries for ActiveIdentity which requires strong authentication . So, can you please tell me how all these processes are suppose to protect the system on one hand, but on the other, you're hanging everything out, so to speak?
     
  5. jennifer1317

    jennifer1317 TS Rookie Topic Starter

    Ok, first, I don't see McAfee in my programs list but I do find a bunch of references to it elsewhere like my registry. Is it possible it was installed at one point and not uninstalled properly? I currently only use Symantec.
    Second, I do access the DCMA site remotely & it is military. I contacted my helpdesk through my job and they suggested I ask my IT dept, who sent me an email with a link to another "Google redirect web searches" thread on this very site. Yes, I thought it was odd, too, that they would not help me but rather send me to this forum to post log files and such. I usually work remotely so maybe they were trying to get me immediate help?
    I will understand if you no longer wish to help... thanks so much for your time.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    About McAfee- yes, it may have been preloaded when the computer shipped. But even if it doesn't get used it has to be uninstalled. Please use the tool I left for that.

    As for the IT tech- he/she should be fired. No knowledgeable person would ever suggest you use malware help that was given to someone else! "Immediate" wrong help is worse than no help at all!

    Because of the uniqueness of some of your entries and since you do remote connections involving your work, it is best that you get hands-on help. Considering some of the connections that you use, I strongly suggest that you report this to your boss:
    And if the boss doesn't listen, contact Homeland Security! I am not comfortable continuing my support and urge you to report that tech and ask that someone assist you.

    The Java needs to be kept current. Almost all of the updates are for security purposes. Having an outdated version installed is a vulnerability for the system.

    About the "Google Virus." Almost any malware can cause a redirect of a search engine. The reasons-and the fixes- can be different. But since so many people use Google, it's become known as the 'Google Redirect'- when it really isn't!

    Jenn, I'm going to delete your logs. If I can't do it, I'll ask a moderator to do it. I would rather they not be publicly available.
     
  7. jennifer1317

    jennifer1317 TS Rookie Topic Starter

    Thanks so much for all of your help, I appreciate it. I will speak to my boss about my issue. Thank you, also, for deleting the logs. I don't have access to any "Top Secret" info, I just create multimedia trainings for the nice folks at NASA...but I guess you never know what could happen. Thanks again...this is a great forum, I think I'll stick around.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Jenn, I didn't want the URLs showing.

    I wish you the best in getting help from the office. I would have thought they had better trained people to help on a system that could be compromised.

    I'll close the thread now. If you need any help in the future, you know where to find us.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.