Inactive Google redirect at DNS server

[CraigB]

I am having an issue similar to others on the forums with google search redirects however, unlike the others, the issue in not on my machines. I will try to explain a bit...

My default search provider on each of my machines is set to Google.com. However, any search entered into the address bar is redirected to searchassist.com which is of course a part of Ask.com. This behavior only occurs while connected to my cable ISP and not on my Verizon 3G.

I have a couple of Google searches bookmarked on my laptop and can access them perfectly while on my 3G connection. When I get home and try to access them on my cable account, I am blocked from viewing them. It is a valid URL as proven by access on Verizon but blocked on the cable connection.

I have set my router to use Google's DNS of 8.8.8.8 and 8.8.4.4 but searches are still redirected.

I have been in contact with my ISP and they have recreated these results by way of setting their browser to use the same DNS server that my area uses. In short, they admit that this is in fact an issue with their server and not my machine.

Now for my actual question...

The redirects happen very quickly but sometimes I can see 'google' flash in my address bar before landing on searchassist.com. Is there a way to log these redirects as they happen? I feel such information would be valuable to figuring out exactly why this is happening and make it easier to track down. At this point my ISP seems clueless as to the cause.

I might add: a utility to track and log the redirects can be either Windows or Linux (Ubuntu) based as I have access to both.

 

[Bobbye]

Welcome to Techspot! I'll help with the problem but will need information from you first.

It sounds like you have a DNS Changer malware infection and there is a specific way to handle this. As to this comment> "unlike the others, the issue in not on my machines.", that's only half right. The other half is the router.And once the Askbar gets on the system, it is very pervasive. There is also a way to handle that also.

Before you make any more changes, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

These scan logs will give me information about the malware as well as your system, so it's important that you run them and leave the logs. I will add to the comment above about not using any other cleaning programs by instructing you not to make any more setting changes. Sometimes it can take longer to undo what has been done in an attempt to fix a problem than it would take to actually fix the problem itself.

 

[CraigB]

I will do as asked but, I need to ask if there is a preference as to which machine I preform the tasks on. I currently have 4 machines all displaying the same behavior..

2 running Ubuntu. These are my main desktop machines and the utils listed in the 8 steps won't work on them. (I believe)

1 running XP Home. This is an older laptop with a sole responsibility of displaying my weather service radar feeds. almost nothing else installed on it. (recently restored from Dell restore cd)

1 running Win7. This is my mobile radar and mapping laptop. Little installed on it as well. Most on line activity with this machine is via Verizon 3G.

As a side note, my router has been reset to factory and is encrypted. Also my ISP says that it is their DSN server doing the redirect.

Not trying to be difficult, just making sure you are aware of the full scope of the current situation.

 

[Bobbye]

As a side note, my router has been reset to factory and is encrypted. Also my ISP says that it is their DSN server doing the redirect.

Well, we're kind of at an impasse here, aren't we? Please explain what the ISP told you about their server doing the redirecting? What redirecting would that be? Are they telling you that their servers are infected?

I would make this comment- but if all of the above is fact and no one/everyone assumes the responsibility for the redirecting, then you need to work with the ISP servers. The full scope you're making me aware of means I can't do anything that will help.
Is it correct to 'assume' that all 4 of the machines connect through the same router? IF so, please do the DSN Flush on the machine which has the router hard wired to it. The do the router reset.