TechSpot

Search Link Redirecting Issue

By mc6796
Dec 15, 2009
  1. I have completed the 8 steps and attached the logs, please advise. Thanks
     
  2. mc6796

    mc6796 TS Rookie Topic Starter

    So obviously it is not a true fix, but it does solve the basic annoyance of the problem. With all thanks going to noob415 who posted in another thread, if you rename the firefox.exe file the annoying redirecting ends. As I said I understand that this doesn't solve the real issue, which I would still like to get some help with, but did lower the Blood Pressure a bit.
     
  3. mc6796

    mc6796 TS Rookie Topic Starter

    2 Days still waiting, not trying to be pushy just don't wanna get lost in the shuffle.
     
  4. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Ye old Trojan downloader...

    Fix these issues in the Hijackthis log:
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)

    The ASK Toolbar... may have opened the backdoor, along with the help of some nasty cookies.

    Run the ESET on-line scanner:
    Eset Scanner
     
  5. mc6796

    mc6796 TS Rookie Topic Starter

    So I had already fixed two of the ones you listed and ran this scanner the other day and it came up clean but I will fix it again have at the scan agian. I was thinking of doing a clean install of firefox do you think there is any benefit to this or is it just a waste of time? So if all the scans continue to come up clean do you think I should be all clean, I guess I don't always seem to trust the scanners since each one seems to find something different. Thank you very much for the help.
     
  6. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    There is another good on-line scanner... Kaspersky on-line scanner is Java based:
    On-Line Scanner
     
  7. mc6796

    mc6796 TS Rookie Topic Starter

    Ok, thank you
     
  8. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    These are just preliminary removal steps. Sometimes they work well, sometimes other removal methods are needed. Good luck and Happy Holidays!
     
  9. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    I'm trying a new test that i found could lead to the redirecting. Go to

    • C:\WINDOWS\system32\drivers\etc and open hosts.
    • It will then prompt you to select what to open it with, click on notepad.
    • Copy and paste everything that is inside onto the forums. Seeing your problem is resolved there shouldn't be anything wrong with it, but still post it.
     
  10. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    I'm trying a new test that i found could lead to the redirecting. Go to

    • C:\WINDOWS\system32\drivers\etc and open hosts.
    • It will then prompt you to select what to open it with, click on notepad.
    • Copy and paste everything that is inside onto the forums. Seeing your problem is resolved there shouldn't be anything wrong with it, but still post it.
     
  11. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    woops posted twice for some reason. Sorry about that
     
  12. mc6796

    mc6796 TS Rookie Topic Starter

    Is there something particular I should look out for in there?
     
  13. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    no just copy an paste everything that is in there and post it.
     
  14. mc6796

    mc6796 TS Rookie Topic Starter

    To many characters to copy paste and txt file is to large to attach, but, everything is from the same IP and seem related to spybot.
     
  15. mc6796

    mc6796 TS Rookie Topic Starter

    Kaspersky just finished clean as well.
     
  16. mc6796

    mc6796 TS Rookie Topic Starter

    Split the file into two files hope this works.
     
  17. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    There is your problem that could resolve the redirects, there should be nothing after ::1 localhost so I would copy

    # Copyright (c) 1993-2009 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    # localhost name resolution is handled within DNS itself.
    # 127.0.0.1 localhost
    # ::1 localhost

    and select all, then delete those other entries, and paste in the one above. I have no redirects and there is nothing after
    # ::1 localhost
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...