TechSpot

Search links being redirected

By hjjools
Jun 17, 2009
Topic Status:
Not open for further replies.
  1. I had a infection that changed my desktop background, popped up bubbles trying to get me to install various software. I've got rid of most of it but still my google search results are being hijacked still. I thought I'd got rid of it last night but in the morning it was back.

    Have gone through your eight steps, have tried Combofix and Backlight, Backlight found nothing. Combofix log attached

    Any help would be gratefully recieved.

    Thank you

    *Edit Bitorrent has been uninstalled*
  2. hjjools

    hjjools TS Rookie Topic Starter

    Can anyone help?
  3. hjjools

    hjjools TS Rookie Topic Starter

    Hokay then I'll try a Window XP repair and if that doesn't work I'll do a Format, Reinstall and be done with it.

    Cheers.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sorry, once in a while someone falls through the cracks! Give me a bit of time- I'll check the logs now. Please hold off on the reformat/reinstall.

    Edit: for logs. Mbam and SAS are clean. We suggest that Combofix not be run unless it is on the instructions of the helper. BitTorrent shows up, so we're going to need a log showing it gone.

    The steps tell you to disable Real Time Protection before the scans. For you, it would be AdWatch:
    AD-AWARE AD-WATCH

    • Right click on the Ad-Watch icon in the system tray.
    • At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
      [o] Active: This will turn Ad-Watch On\Off without closing it.
      [o] Automatic: Suspicious activity will be blocked automatically.
    • Uncheck both of those boxes.
      * (When done, you can re-enable it using the same steps but this time check both boxes.)

    Please open HijackThis, and select Do a system scan only.

    Place a checkmark next to the following entries (if present):
    (Re: first R0 entry: If you have a home page set to come up blank, okay to leave. If not, check for removal.)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"


    Then, close all other open windows, leaving only HijackThis open, and select Fix checked.

    Your Adobe Reader is out of date. Vulnerabilities can be exploited. Click here to download the latest version : http://www.techspot.com/downloads/345-adobe-reader.html
    OR
    Install the FoxIt Reader: this does the same thing as Adobe, but doesn’t have the bloat: http://www.foxitsoftware.com/pdf/rd_intro.php

    Please run a full system scan with Avast, save the log and attach it with next post.
    Rescan with HijackThis after you disable AdWatch, include new log.

    I don't see anything obvious in these logs for a redirect, so definitely need the AV scan.
  5. hjjools

    hjjools TS Rookie Topic Starter

    Thanks for the reply Bobbye.

    I did a Format/Reinstall already. I think it was the best thing anyway as it hadn't had one since I built the PC about 2 years ago. Everything is back up and running much faster now.

    Thanks for the advice I'll use FoxIt Reader instead of Adobe in the future.
  6. Badfinger

    Badfinger TS Rookie Posts: 160

    Get Hostman (freeware) and use the MVP host file, add sites to it: 127.0.0.1 >insert web address here<
    Kiss that site goodbye, it will never work again.
    It replaces DNS, and works great, been using for years, that MVP file is reachable within the app itself, if really paranoid you can try the other ones too, but they have a lot of sites that other sites pull files from and some you might visit, be prepared to mess with the HOST file if you use them. 8)
    Get Spybot and Spyware Blaster also free, I run them as needed, and definitely get WinPatrol.

    Amazing how a new install is speedy and then quickly becomes a slow mess again, such is Winblows.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I am always amazed at the number of users who think reformat/reinstall is a part of the 'normal' computing process! It isn't. I've never done one!

    I do regular maintenance on my systems, run clean and lean. I use a Housekeeping utility in The Ultimate Troubleshooter, send the files and folders to the Recycle Bin, then erase-overwrite- the contents. I am using a laptop that will be 4 years old in August and have 87% resources free.

    At any rate, you can uninstall the Adobe Reader since you have FoxIt.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.