Internet Explorer search results are being redirected

[Spatzile]

Hi

I am having a problem with Internet Explorer, and in particular: Google.
When I go to Google and type in what I’m searching for, the results display correctly but when I click to view one of the search results link, it redirects to another 'search' page. Sometimes it even goes to EBay search. Luckily, it doesn't happen very often, but is it annoying and I want any Virus or Malware removed from my computer. Attached I have my Logfile from Hijackthis, Malwarebytes' Anti-Malware and SUPERAntiSpyware.

Any help would be greatly appreciated

Thanks!

 

[Tmagic650]

Logs show you caught some nasties. Try running the ESET On-Line Scanner:
Scanner
See if it picks up anything else

 

[Spatzile]

Hi

Thank you for the tip!

This is what was found:
C:\Documents and Settings\YOUR NAME HERE\My Documents\No More MSN Viruses\msupdate32.exe.back
IRC/SdBot trojan
cleaned by deleting - quarantined

But... I still have the problem, is there anything else I can do or try to fix this?

Thanks in advanced!

 

[Spatzile]

Can anyone help me with this?

 

[Tmagic650]

Check out Combofix

 

[Archean]

What happens if you try using another search engine ?

 

[Bobbye]

Since you did not get any help originally and 2 weeks have past, please repeat the 3 scans-with this exception-
You have run a Beta version of HijackThis.Please remove the log and go HERE to download the correct version.

Do not run any other scanning program until I instruct you to do so. Do not run the Eset online scan and do not run Combofix.

Attach the 3 logs to your next reply.

FYI:

Sometimes it even goes to EBay search. Luckily, it doesn't happen very often, but is it annoying

This is not consistent with a malware-caused redirect.

Tmagic, stay off of the thread.

 

[Tmagic650]

"Tmagic, stay off of the thread"....

Booobye, I started helping this member before my surgery. I just thought I would continue because you were not around. I can't view the logs, I only have the use of one hand typing at this point

 

[Bobbye]

You did not help this member. Please stay off of the thread.

 

[Spatzile]

Hi Bobbye,
Thank you for your reply!
Attached are my recent logs.

 

[Tmagic650]

Spatzile,
from the looks of the logs, and from the fact that you are still being redirected, Combofix may be needed in your future... to finally correct your problem

 

[Bobbye]

Spatzile, I don't see any malware entries on any of the logs- as I mentioned, you description of the problem is not the usual 'redirect'.

So I have a comment and some questions:

I notice you are running the following. Is it possible that any of the components of this could be responsible for sending you to another site?

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

http://office.microsoft.com/en-us/groove/HA101656331033.aspx

when I click to view one of the search results link, it redirects to another 'search' page. Sometimes it even goes to EBay search. Luckily, it doesn't happen very often,

When malware causes the redirection, it should be happening on all of the searches. So it isn't possible for you to search effectively- it's not just annoyance.

I'd like you to run the Eset scan again: Please note my emphasis on NOT checking for removal of any items found.

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Attach the log to your next reply.

Since you question a Google Redirect, I'd like you to describe what's happening:
1. If you type a word in the Google search box, and then choose one of the sites that comes up, what happens?
2. Does a different site load?
3. Does any site load?
4. Are the sites the same/different?
5. Are you sure you're not seeing a Google page saying DNS server couldn't be contacted?

 

[Ltrain1971]

Bobbeye, I was having almost the exact same problem, so I'd like to share what I did that FINALLY fixed it. I'll let you advise this guy on what to do...I am not trying to hijack your thread.

I installed the latest version of Java, and deleted the older versions under Control Panel>Programs and Features.

However, I didn't know I had to delete them from Firefox's Extensions...Tools>Add Ons>Extensions tab

Once I deleted the older versions of Java Console I am left only with v6.0.18, and everything is smooth as silk. It was an immediate fix after Firefox was restarted, and it hasn't returned.

Hope that helps!

 

[Bobbye]

Thank you. It's an unusual fix, but worth trying if nothing else works.

 

[Spatzile]

Hi Bobbye,

Sorry for the late reply.

Attached I have the log from the Eset scan.

In regards to the Groove System Services being related to the problem - I wouldn't have an idea as I haven't used this application before.

This is what I have just done:
1. I typed 'computer problems' into google.
2. I clicked on the first search result that appeard. The webstite stated below was 'pcsupport.about.com'
3. I opened the link but instead of the intended website I get: 'http://www.reimage.com/index.php?tracking=gk&banner=AUNZ&adgroup=computer1&ads_name=direct&keyword=direct'
4. If I click back and re-click the link it opens to the correct website.

Let's try it with another search -

1. I type in 'latest news' into the google search engine.
2. I open the first link from this website: www.news.com.au
3. When I open it though it come with this website: 'http://www.upliftsearch.com/?keyword=latest%20news&aid=1419&cid=1071&subid=12704' <----- This website I get redirected to quite frequently.

Here is another search I just did:
1. I typed in 'australia day' into google
2. I click on the link for this website: www.australiaday.org.au
3. I get reidrected to: http://www.upliftsearch.com/?keyword=australia day&aid=1419&cid=1071&subid=12704 <-- The same one as last time!


--- Some days it is like today, every search comes redirected but other days none get redirected.---

I hope this is the information you need to fix it

Thank you!

 

[Archean]

By the way Groove is MS Office's collaboration tool/service.

Which version of IE you are using?

Also do you have Google as being default search engine (added) in IE (if its 7 or above)? If not try adding it again from here.

May be that will help

 

[Spatzile]

Hi Archean,

I am using Internet Explorer 8 and I have Google as my default search engine.

Thank you for trying to help!

 

[Archean]

Welcome; i suggested that because i've seen similar but less chronic issue; however, on that occasion simply removing google search addon from IE and reinstalling it was sufficient to cure it.

 

[Spatzile]

Thank you, I'll keep that in mind. First i'll see what Bobbye says though.

 

[Bobbye]

Spatzile, you did some nice troubleshooting- thank you!

Are you up for an adventure? If so, give this a try:

Open Internet Options (through Control Panel or Tools in IE)> Security tab> Restricted sites> Sites> type in each of the following, then click on Add:

*.searchnext.com
*.aroundme.com
*.upliftsearch.com
*.xml.upliftad.com
*.my.compete.com

Then click on Apply> OK.
The * acts as a Wild card for anything before the Domain name. I took a trip around the internet starting with your redirected site. In the world of bad sites, none of what I found were of the 'bad' types that some redirects can be.

I'd like to see if restricting the Domains will stop your problem. You seem adventuresome, so let's give it a try! If it doesn't work, we'll

As for Grove, it is either downloaded as a stand alone program or can be added to MS Office. Since it is running a Protocol, if you aren't using it, I suggest either uninstalling or disabling.

And a tip about searching: I know you were purposely checking the redirect, but keep in mind that using such broad terms can cause problems. When I do a Google Search, I occasionally get a RoadRunner search page telling me there are no matches. I don't consider this a redirect and it doesn't happen often.

It's possible that your broad search terms are causing a similar thing with the Australia ISP. See what the Restrictions do. along with more specific search terms.

 

[Spatzile]

Hi Bobbye!

Yes, I'm always up for an adventure so i'll give this a try!

Ok, so i've just restricted all those sites you told me. Now i'll go and type in the same things I did yesterday and see if I am redirected...

I just tired 'computer problems' like yesterday but got redirected to: http://quad-cleaner.com/v3/?PID=fdf200aa-194b-4581-9ffd-4a85351c1f54

I clicked the 2nd search result and got this!!: http://7search.com/scripts/validati...u7Be745JmUgG39jhpe7iUqVFvvy+xSaB0NKUY4aIOAhw6

^----- This is another one i actually get redirected to quite frequently.

For a fair experiment i'll just check 'latest news' and 'australia day'

'latest news' got redirected to myspace! http://music.myspace.com/index.cfm?...us1&utm_content=mus&utm_campaign=mrc?ref=gsem


and 'australia day' got redirected to: https://secure1.insweb.com/cgi-bin/auto.exe?id=bF4lPmJjx_TKQ-4X86iKkyvzubu


---- Ok, so restricting those sites didn't work ---

I am not quite sure how to uninstall Groove and it was installed with Microsoft Enterprise and i am unable to remove just 'Groove' in Add Or Remove Programs as it was installed as a bundle?

Is there a way i can disbale it?

The last tip you mention sounds quite right actually...

Though what do you mean by 'specific search terms' and what would you like me to search to see if it still redirects?

Thank you for all your help!

Look forward to your reply.

 

[Tmagic650]

If you are really the adventurous type, a complete format and OS reinstall would be more of an adventure at this point

 

[Bobbye]

Please try something more specific: you did a search for "Computer Problems" and got a site for a Registry Cleaner. Nothing bad about that!

The second site was for Paid to Search. I didn't go any further.

The MySpace site was an update from a music person thanking for good wishes. So that could easily be "latest news."

These searches are way too broad. Almost any site could be read into them. It may be your ISP who sponsors these sites so when you use a vague search, you get a vague site.

What about the types of searches you would 'really' do such as the following:
Computer power saving programs
I get this Google page for selection:
http://www.google.com/search?hl=en&...=navclient-ff&rlz=1B3GGLZ_en___US359&ie=UTF-8

CD Burning software
I get Google page for this:
http://www.google.com/search?hl=en&...=navclient-ff&rlz=1B3GGLZ_en___US359&ie=UTF-8

Try those 2 searches and see what you get.

 

[cryptic70]

If I may interject

Hello, i wanted to add my two cents as I am having the EXACT same issue. But to clarify what happens is (both in FF and IE) when i use either google or yahoo the search results come back fine however when you click the actual link it takes you to a totally different site, so if i type in say Hulu results come back for hulu.com but when I click that link it will go to some bogus web site. Something I know is not related to hulu at all. its http://www.goodbite.com/recipes/10-minute-miso-soup?f=1147 even though the link i click on says www.hulu.com. I have noticed that (so far) this does not happen when I use Opera so I have been using that for the most part. I have ran S&D, Malwarebytes, and they have removed a couple of items yet the issue persists. The one big thing that is different for me is that earlier today I went to a photobucket page and somehow became infected with "internet security 2010" virus, or trojan as it were. I was able to finaly remove that and figured everything was fine but now my search results are being hijaked as noted above and very similar to Spatzile. I am running the ESET scan now but it hasn't completed yet. Hope this sheds a little more light on the subject and Spatzile for now I'd use Opera

P.S. I did the first search you included above (computer power saving programs) and got the same results page however when I click the first link (http://www.energystar.gov/index.cfm?c=power_mgt.pr_power_management) it takes me to here------> http://www.kdirectory.co.uk/results...ms&rfid=lbyb2_60728-2710&bp=computer programs

 

[Tmagic650]

Hello cryptic70,
Start your own thread by going here first and following the instructions:
8-Step Virus & Malware Removal Instructions

Post the 3 logs in your very own thread