Google links keep on getting redirected to random websites

By Pinoyboy1081
Mar 28, 2010
  1. Almost everytime I try to click a link on google it gets redirected. I have read other topics on this issue and I think that I may be infected by a virus. HJT MBAM and SAS haven't found a trace of anything that may have caused this. CWShredder hasn't either. I have completed the 8 steps.

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You might want to look into a fully functional antivirus program instead of Threatfire- it supplements your existing security app.

    Both of the following programs are free and known to be good:
    Avira Free
    Avast Home

    Let's do an online AV scan first- not the usual order:
    Run Eset NOD32 Online AntiVirus Scanner HERE
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    I'm not seeing any malware in these logs, but I am concerned about the 'AV' program.

    Please don't make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!! DO NOT make any Registry Changes. And it is recommended that if you are running any Registry editing program, that you either uninstall or disable while we are in the cleaning process

    By the way, any malware can cause search engine to redirect. It's not just Google- only that most people use it!

    Edit: you used a Beta version of HijackThis. Please remove it and download the current version HERE as we will run it again.
  3. Pinoyboy1081

    Pinoyboy1081 TS Rookie Topic Starter

    Alright, the scan ended. The results are attached. I also have downloaded HJT.

    Attached Files:

    • log.txt
      File size:
      3.1 KB
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    We'll move the infections found by the Eset scanner:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2GMTQ233\n002106201318r0409J10000601W351462e7X943c57e6Ydf926948Z0100f0800
      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4ELMIREA\n002106201318r0409J10000601W351462e7X943a4695Ydf926948Z0100f0800
      C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4ELMIREA\n002106201318r0409J10000601W351462e7X943a4695Ydf926948Z0100f0800[1]
      G:\Rap\imma jerk hot new track.mp3
      G:\Rap\my time fabolous [new single].au;G
      :\Rap\man or machinedjj revolution (highbitratee).mp3
      G:\fantasydavid fernandes.auu
      C:\Documents and SettingsNetworkServicee\Local Settings\Temporary Internet Files\Content.IE5\2GMTQ233\n002106201318r0409J10000601W351462e7X943c57eYdff926948Z0100f0800[1]
      G:\Rap\freestylelillwaynee - best track ever.mp3	
      G:\Rapimmaa jerk hot new track.mp3		
      G:\Rap\my timefabolouss [new single]auu
      G:\fantasydavid fernandes.auu
      [start explorer]
    • Return toOTMoveItt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red [bMoveitt![/b] button.
    • A log of files and folders moved will be created in the c:_OTMoveIttMovedFiless folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close [bOTMoveItt3[/b]
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Be sure to reboot the system when through with the above: follow with:

    Please downloadComboFixx HERE:
    • WithComboFixx, at the download window, please rename it to Combo-Fix(exee) before downloading it.
      Important! Save the renamed download to your desktop.
    • Please disable all security programs, such asantivirusess,antispywaress, and firewalls.
    • Double click on the setup file on the desktop to run
    • If prompted to download and install the Recovery Console, please do so.
      (Please note: If the Microsoft Windows Recovery Console is already installed,ComboFixx will continue it's malware removal procedures.)
    • If prompted to update, please allow.
    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log.Please include the C:ComboFixxtxtt in your next reply.

    • 1.Do not mouse-clickCombofix'ss window while it is running. That may cause it to stall.
      2.ComboFixx may reset a number of Internet Explorer's settings.
      3.Combofixx preventsautorunn of ALL CD, floppy and USB devices to assist with malware removal & increase security.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.

    Leave theOTMoveItt report and thecombofixx report in your next reply. I'll see what else needs to be handles.

    You should note that the source of mostooff the infection is music> this is why:
    O4 - Startup:LimeWiree On Startuplnkk = D:\LimeWire\LimeWire.exe

    P2P or 'filesharingWarningg:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall [bLimeWiree[/b] for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning[urll] to help you better understand these dangers.

    If you choose not to remove LimeWire, do NOT use it while I am helping clean your system.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...