Google Searches redirect me to other sites, done 8 Steps

Status
Not open for further replies.
F

Fabe7016

Posts: 8   +0
Hello, I went through all 8 steps to remove any Malware and i'm still having the same issue.

My Issue:

When I do a search in google, I click on a non-advertising search result and the IE7 redirects me to a totally different site. I hit the back button and then I arrive at the site I should have initially went to. Any thoughts?

I attached my logs and txt files from the programs.
 
Those logs were clean so let use different eyes!

Download SDFix to Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.
=========================================
Download ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike
 
First Malware file

It appears that I had two Malware logs. Here is the first one, it shows it caught some stuff.
 

Attachments

  • mbam-log-2009-02-27 (22-08-37).txt
    2.4 KB · Views: 11
Mike I started in safe mode, then opened up the SD Fix folder and double clicked on Runthis.bat and click yes. Then it gave me my desktop and it just sat there, I tried again and same results, nothing happened, the program never did it's thing. I restarted the computer myself.

Do I move on to ComboFix?

ComboFIx also just sits there. It is on my desktop but when I click it, it shows a small window and the line line looks like its loading but nothing happens.
 
Uh oh not good!

OK boot to safe Mode with networking and 1st run ComboFix then try SDFix again!

Mike
 
mflynn said:
Uh oh not good!

OK boot to safe Mode with networking and 1st run ComboFix then try SDFix again!

Mike
Click to expand...

Ok, I booted in safe Mode with networking and I get the same response.

A window that tells me that i'm running Windows in safe mode and if I can to continue running in safe mode, click Yes, if I wanted to restore click no. I always click yes and it takes me to the desktop like nothing ever happened.

ComboFix opens a small window that looks like its running but then it never launches anything. The RunThis.bat never runs either for SDFix. Anything else I can try.

Do you think my settings are not letting me run programs in safe mode?

Mike, I went into the History of AVG Free software that I use and then I click Virus Vault, there are 5 things in there.

Found Tracking cookie.Doubleclick
Found Tracking cookie.Atdmt
Found Tracking cookie.Adtech
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Doubleclick

All of these are .txt files. I started having this issue with Google search results a couple days ago. Thanks for your help.
 
Better do this..

Go here Download DrWeb https://www.techspot.com/vb/post724044-3.html

Then boot to Safe Mode only! Not with Networking.

DrWeb will fisrt do and Express Scan on its own, when it completes then do a full scan.

The first Virus it finds select Cure and chose to do the same for all the rest.

This will take hours but is your best chance at this point!

Mike
 
Mike, this took all day, you were right.

Unfortunately, after I did all this, I did a search in Google and and I click on a result, and it redirected me to another page. I saw it said, abcjump.com was the site that redirected me. Anyways when I click the back button it takes me to the landing page that I should've gone to in the first place.

Where should I go from here?
 
This is pretty similar to the problem I am having, except when I click links in either firefox or IE it opens a popup to some random, no previous screen option. When I tried to install and run both MBAM and Super Antispyware, MBAM never opened, it would show in task manager for a second and disapear, and SA would encounter problems, both in safe mode and regular. At this point it looks like a reformat is unavoidable.
 
NO! No format.

If we have cleared the Malware we can fix the redirection now! Redirection is a small thing!

BUT! Where is the DrWeb log? You didn't even tell me if it found and fixed anything and what!!

What you had is very important as to how we proceed from here!

Now get me the DrWeb log!

Only after attaching the log and only after do the below.

Since something removed by DrWeb could have freed SDFix and ComboFix then.....

Reboot Safe Mode try the SDFix again.

When it finishes back to Normal Mode try the ComboFix again.

Mike
 
Mike, I'm not going to format, no way. The problem is not that huge, I just don't want it to get bigger than what it is. How do I get the log from Dr. Web?

When I ran it, it found a file from ComboFix and SDFix corrucpted and it took both programs off my desktop.
 
Those were false positives and no worry.

DrWeb Log
Paste the following line to the run command
Code: 
%USERPROFILE%\DoctorWeb\CureIt.log
Post it!

Then at run command
type
combofix /u

Click OK (uninstalls ComboFix) may not find it based on what DRWeb removed, thats OK.

Then browse to the SDFix Folder (that contains the runthis.bat) and delete the folder.

Then re download both ComboFix and SDFix and run again.

If ComboFix will not run then rename ComboFix.exe to 12cbf34.exe and run that!

Mike
 
OK the DrWeb log is good.

Boot to Safe Mode with Networking.

Rename ComboFix.exe to 12cbf34.exe and run, attach log.

Reboot to normal mode and repeat and post that log!

Mike
 
I've done the rename of ComboFix and it just shows a little green bars and nothing else opens so no log. Some of the programs are not opening as well. Any other options. My Task Manager has like 54 Processes going. Is this normal as well.

Also, i've noticed that a couple of programs are not opening. I open Task Manager and notice that when I try to open a program, like turbo tax, it opens a file then closes it. It doesn't let turbo tax open and run.

Here is the latest HIJack log. Can you please review? Thanks Mike
 
Very Similar Problems

I've been having an almost identical experience here. This is a list of all the symptoms I've spotted:

1) Searches in multiple browsers, from various search engines: when you click on one of the search results, it instead redirects you to another site. If you do it a second time, you can usually get where you wanted to go.

2) All browsers crash on a regular basis (IE, Firefox, Chrome)

3) It's impossible to bring up a command prompt. Instead, the entire screen goes black for a second then comes back. No command prompt ever appears. This also happens in safe mode, which is why it's impossible to run SDFix, etc.

4) If you try and update your virus definitions, it gives a "server not found" error.

It seems like #3 and #4 are done to make it harder for you to get the virus off your system.

I've tried running everything mentioned on this thread and more, and nothing is working. If anyone ever figures this out, let me know! Do you think a re-install of Windows would fix it, or would that be a waste of time? Should I take this opportunity to ditch XP and finally upgrade to Vista? I'm at a loss.
 
Similar Problem

I'm a similar problem. pretty much the same. should I follow some of the advice above?

i use only google. when I type something into the search engine and it comes up with results like normal but when I go and click a link it takes me to a different site saying click check ru and a whold bunch of links after etc. etc. but when I close it (I direct links to tabs so I can go back to the search easily if it's not what I'm looking for) and reopen it it'll go to the one I want. (google shows the links in the search engine before you click on it) I've noticed that www. part will be faded and google, micrsoft etc. section won't be and whatever isn't will be faded. I don't know if that makes a difference. It's not exact but it seems similar to what some of the person was experiencing so wondering if I should try the same stuff or if you recommend something different. I've run my antivirus programs. I've tried norton (which doesn't pick up viruses that well period), malware bytes, and antivir. I've tried the microsoft malware software removal tool which a friend recommended but didn't work. I'm avoiding formatting but if it comes to that I will. Hope you can help.
 
Giving up

I'm about to format my drive and re-install windows. Hopefully I'll get AVG updated before the virus hits me again. Is there a way to download the AVG updates offline so I don't have to risk having my fresh install online and unprotected?
 
I think I'm fine. ran dr. webb cure and it found some backdoor stuff and uninstalled a program. virus problems and browser problems seem to be alot better for now.
 
Ok, I am not sure how old this thread is, or if it will get any kind of response. But I am having the same problems. I have tried MalwareBytes, tried SuperANTISpyware, tried HijackThis, tried everything I can think of. I have tried SD Fix, and ComboFix, but get the same results as above posters. I am now about to try Dr Web, so I will let you know how that turns out. I can't post logs, because everytime I run one of the AV programs, the virus closes it and disables it until I reinstall it.
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
637
Feng Lengshun
F
Cal Jeffrey
Hackers are using Punycode to create authentic-looking URLs in Google ads
Replies
8
Views
391
FF222
F
Daniel Sims
  • Locked
For now, don't Google search for software downloads
Replies
13
Views
1K
Feng Lengshun
F

Latest posts

Back