Firefox/IE Search Engine Redirect

Status
Not open for further replies.
T

thefloyd

I've been infected with the google redirect problem(s) that alot of people have been experiencing. I can do a google search for something in Firefox and IE, but I get redirected to one of many spam sites when clicking a link.

Ive read some threads relating to this on here and will answer some general questions that have been asked.

If you type a word in the Google search box, and then click one of the links that comes up, what happens? I get redirected to one of many random spam sites.

Does a different site load? Yes.

Does any site load? Yes, but not the site that should have loaded.

Are the sites the same/different? Most are different but I have seen the same sites come up.

I have read through and completed the eight steps and still nothing has changed. If I have missed anything here and should include please let me know. I really want this problem to stop, it is very annoying as Im sure some already know.
 

Attachments

  • mbam-log-2010-01-08 (04-36-47).txt
    867 bytes · Views: 4
  • SUPERAntiSpyware Scan Log - 01-08-2010 - 13-28-44.log
    1.6 KB · Views: 3
  • hijackthis.log
    6.5 KB · Views: 3
I am going to ask you a series of question that I would like you to answer so we can help you the best we can from what you may have, seeing there are many different types of re-directs people can pick up.
  • Are you getting re-directed when you type in google.com?
  • When you use google and search something, do you get re-directed?
  • If so, how often (for ever 4 websites, how many get re-directed)?
  • Is it using certain search engines like yahoo, google, etc.?
  • Do some search engines work and others get re-directed?
  • Does any site load when clicked on?
  • Do the sites have a pattern? Are they the same?

This is an auto-response so if you answered the question in the first post, please just answer it again.
 
AnonymousSurfer, if he answered those questions in the first post, you don't need him to answer them again! (The questions are valid, but you will find them most helpful when there isn't anything to be seen in the logs that have been attached.)

Floyd, there is malware in the System Restore points. They will NOT reinfect your system unless you do a System Restore to those dates. So don't use that feature now. When the system is clean, we will have you drop all of the old restore points and set a new clean one.

Due to entries in the HijackThis log, please run the following:

Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

    Important! Save the renamed download to your desktop.
  • Double click on Combo-Fix.exe to run and follow the prompts.
    (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
  • Wait for the scan to be completed.
  • If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
TFC (Temp File Cleaner)

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

Empty the Recycle Bin

Follow with a new HijackThis scan.
Attach Combofix report and new HJT log to your next reply.
 
Here is the requested logs. Note: During the scan a message popped up saying that it had found a rootkit and needed to reboot the computer. Not sure if this is important.
 

Attachments

  • log_01-08-10.txt
    25.8 KB · Views: 3
  • hijackthis_01-08-10.txt
    6.5 KB · Views: 2
You should address this: Delete the Combofix file on your desktop. Run Combofix again and handle the following:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Click to expand...
Install Recovery Console- Combofix:
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
  • Query- Recovery Console image
    RcAuto1.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png

  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
 
Bobbye has asked that I look at this,

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\sfcfiles.dll
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\ndisdrv.sys

Folder::

Registry::

Driver::
cerc6
zphkjxy
ndisdrv
KILLALL::
Click to expand...

Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 
Status
Not open for further replies.

Similar threads

midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
139
James Ryan
J
A
Google updates Search to fight low-quality spammy content, doesn't mention "AI" at all
Replies
5
Views
147
UdyrL
UdyrL
A
New study confirms the obvious, search results are only getting worse
2
Replies
25
Views
473
hahahanoobs
hahahanoobs

Latest posts

Back