Solved Google redirect and new IE windows opening

Status
Not open for further replies.
Just got back,
Browser is: IE 8.0
Will do the router now.

Reset router as described ... still redirecting and new windows popping up,
 
Broni -
I think you hit the proverbial 'nail on the head' with the router! After doing the router reset and that not working ... I undid the incoming LAN cable from the router and put it directly into the computer (by passed the router). I surfed around for 5-10 min and no pop-ups ... no redirects.

Now, I know one of the rules is about doing things on your own ... but I figured flipping the cables wouldn't be a big deal to try (especially following your thoughts on the router being the issue). Its the only thing I have tried without following your explicit instructions ... I promise.:blush:

So, if the issue is in the router (it is disconnected now) where do I go from here? I'm guessing for the computer to pick up from your earlier post where I left off (by the Mr. Clean pic)?

And then what about the router?

Standing by ... not doing anything else until I hear from you ... I promise!!
 
You did just fine.

Try to reset router one more time.
Remember, unplugging it won't do.
You must use "Reset" pinhole and make sure you hold it long enough, so all lights go off then on.
If you do it correctly, that should solve the issue.
 
I tried resetting again, twice, and get the redirect (with router connected).

I am resetting correctly ... it is one of the only processes that you have written about ... that I actually knew what I was doing, LOL. Push hold the recessed button, the green light goes off, comes back on blinking (orange I think) and then to green when ready.
 
Do you have another browser to see, if redirection is present there too?

Reconnect router and...

1. Go Start>Run ("Start search" in Vista and Win 7), type in:
cmd
Click OK (hold CTRL nad SHIFT keys and press Enter in Vista and Win 7).

2. At Command Prompt, paste this:
ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
Hit Enter.

3. Copy and paste what you see in Notepad into a Reply here.
 
Nope ... only IE on the computers.

Windows IP Configuration



Host Name . . . . . . . . . . . . : ed-nxaibjwwpxn5

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-07-E9-51-93-55

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Friday, February 25, 2011 11:30:48 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM
 
Wait a minute!!

Does this look right?? Copied from my http://router/ page
DNS Address 213.109.67.25

One web site I checked shows it originating in the Russian Federation.
--------------------------------
Also found ..... Secondary DNS Address > 213.109.76.134. Also from the Russian Federation.

I'm thinking something's rotten in Russia!!!
 
Yes, this is definitely a hijacker.

Where did you find that IP? I don't see it in your "ipconfig" log.

Normally, resetting a router gets rid of it.

Secondary DNS Address > 213.109.76.134
If you see the above in your network settings, get rid of it.
 
This is a copy of my http://router page. The first DNS shows on that page, when it did not show on that report I ran for you ... I kinda went hmmm ... and looked it up (I almost sound like I know what I'm talking about ... but not!).
+++++++++++++++++++++++++++++++++++
You will need to log in before you can change any settings.


Language
Current Language English
Available Languages
Time February 26, 2011 9:30:44 AM

Version Info
Hardware F7D3302 v1
Firmware 1.00.23 (Aug 30 2010)
Boot Loader 0.08e
Serial No. 121015G3101791

Internet Settings
WAN MAC Address 00:07:e9:51:93:55
Connection Type Dynamic
WAN IP 10.100.2.83
Subnet Mask 255.255.0.0
Default Gateway 10.100.0.1
DNS Address 213.109.67.25
LAN Settings
LAN/WLAN MAC 94:44:52:61:18:DD
IP Address 192.168.2.1
Subnet Mask 255.255.255.0
DHCP Server Enabled (0 LAN, 2 WLAN Clients)

Features
Firewall Settings Enabled
SSID Belkin.48DD
Security WPA-Personal ( PSK )
UPnP Enabled
Remote Management Disabled
WPS Enabled
Guest Access Enabled
SSID Belkin.48DD.guests
Password/PSK 2B38B53842

++++++++++++++++++++++++++++
So, I was looking at what it would take to to change that. On my router I can click on any of the line items(above) to go into another page for the set up of that item. (probably all similar? but I have no clue). So if I click on the DNS address above I go to the set up page for that and this is what I see:
==================
WAN > DNS

If your ISP provided you with a specific DNS address to use, enter the address in this window and click "Apply Changes" .

Automatic from ISP

DNS Address > 213.109.67.25 . . .

Secondary DNS Address > 213.109.76.134 . . .

DNS = Domain Name Server. A server located on the Internet that translates URL's (Universal Resource Links) like www.belkin.com to IP addresses.You must enter the DNS settings provided by your ISP if you don't use the Automatic DNS function More Info
+++++++++++++++++++++++++++++++++
 
I have since deleted the two Russian dns and clicked on the box 'Automatic from ISP'. And reset the router.

I no longer see the two Russian DNS entries. And I have seen no redirect or pop upd in some limited testing (but actually using the same google search as I had been ... clicking on the same links).

So ... how to keep this from happening agina to the router?

Will pick up from where I left off in the earlier thread (on the computer) setting the restore point etc (by the Mr. Clean pic).
 
Log after running OTL setting the new restore point:
=======
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Ed Schaar
->Temp folder emptied: 221272 bytes
->Temporary Internet Files folder emptied: 12585609 bytes
->Java cache emptied: 13291 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1031 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Ed Schaar
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.21.0 log created on 02262011_123154

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Ed Schaar\Local Settings\Temporary Internet Files\Content.IE5\P391SIIF\sh32[1].html not found!
File\Folder C:\Documents and Settings\Ed Schaar\Local Settings\Temporary Internet Files\Content.IE5\MB829HG6\crosspixel-dest[1].htm not found!
C:\Documents and Settings\Ed Schaar\Local Settings\Temporary Internet Files\Content.IE5\MB829HG6\topic161631-2[1].html moved successfully.

Registry entries deleted on Reboot...
 
Good job :)

So ... how to keep this from happening agina to the router?
Router infection/hijack is always an offspring of some infection.
If you keep your computer clean, your outer will stay healthy.

In any case....

Way to go!!
p4193510.gif

Good luck and stay safe :)
 
Status
Not open for further replies.
Back