Internet Explorer search results are being redirected

By Spatzile ยท 40 replies
Jan 5, 2010
  1. cryptic70

    cryptic70 TS Rookie

    Thanks but I don't really see the point in starting yet another thread regarding the exact same topic. I was simply adding my thoughts on the issue.
    Thanks though.
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Thoughts on your issue:
    Your searches are still being redirected. Using Opera is a band aid to the problem you are trying to ignore. You most likely still have an active Trojan hiding in the Windows system files. Things will only get worse
  3. cryptic70

    cryptic70 TS Rookie

    Obviously I'm not gonna let the issue stay as is. The Opera comment was to point out a work around for the time being.
    Now I know why the other guy told you to stay off the thread.
  4. Spatzile

    Spatzile TS Rookie Topic Starter

    Hi Bobbye!

    I'm going to try those 2 searches right now!

    Ok, so I typed into google 'Computer power saving programs' and I got the same search results as you. I clicked on the first one and still got redirected! To this: programs (I'm not even in the UK?)

    I tried 'CD burning software' and got redirected to this site:

    I understand what you are saying, how vague search results can get vague websites. And although some websites are related - others are not.

    It is still very strange though - how it is related but not the website indicated in the search result....?

    Got any other ideas?? :)

    Thank You!
  5. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    The Opera comment was to point out a work around for the time being"...

    The point should be to clean the computer and get rid of the redirect, not to live with the redirect
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Spatzile and cryptic, both of you appear to be using a provider either in or going through the UK. Both of you are getting legitimate sites within your search terms.

    These search terms were vague but I went to each site from both of you. The sites all appeared to be legitimate and I got no warnings or alerts. I got no blocking alerts from Firefox for a fraudulent site.

    cryptic, the KD site that came up for you had search term of "computer problems." It had 2 links for this subject, one of which brought up a legitimate Dell business site. I agree that the soup site wasn't related to Hula, although I did search it for Hula! (nice music though!)

    None of these sites are giving any indication of being malicious or fraudulent or pushing any particular product like the Vimax ads.

    To each of you:
    What happens if you type the URL in the Address Bar> Go? Do you go to that site?
    What happens if you use a Favorite or Bookmark? Does it take you to the correct site?

    cryptic, if you want to pursue your problem separately, you would need to start a new thread and go through the steps, leaving the logs when through. That's all the reply meant. Most people who do have the problem want to be checked for malware.

    As for "the same problem", the searching redirect is happening for a gazillion different reasons! And even if it is caused by malware, there are multiple malware infections that can cause it. So why the problem might be the same, the cause might not be.
  7. cryptic70

    cryptic70 TS Rookie

    All better for me.

    Firstly Id like to mention that the Tmagic guy is a tool, never did i suggest using Opera as a permanent fix, you'd do well to re-direct your advice elsewhere. Secondly, it is obvious the actual problem is being missed in this thread. The problem isnt a url being hijakced or redirected, its the search results themselves get re-directed. Anyway, I have used multiple malware/spyware removers to include, S&D, Super Anti-Spyware, Malwarebytes, Combofix and each detected several different issues. I would recomend repairing the ATAPI file as once that was repaired all my issues were resolved. Sorry I dont have my log files to post. Keep running several different programs Spatzle and it will get fixed but I'd look at repairing the ATAPI file asap. I did happen to save this snippet from the log......Good luck.

    Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
  8. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Hello, i wanted to add my two cents as I am having the EXACT same issue...

    How do you really it is the EXACT same issue? From one computer to another, the symptoms could be the same, but the fix(es) could be quite different. Just look though the posts here

    ...Anyway, I have used multiple malware/spyware removers to include, S&D, Super Anti-Spyware, Malwarebytes, Combofix and each detected several different issues...

    This might indicate that the computer isn't really clean. You might not have removed the infected computer from the Internet, disabled firewalls or deleted the temp files before the scans were run
  9. cryptic70

    cryptic70 TS Rookie

    Dude, get bent, move on, its over. Even if the fix is different, by your own admission the problem can still be the same.My problem is fixed, you know how I know? CUZ MY SEARCH RESULTS ARE NO LONGER HIJACKED. EVERYTHING IS AS IT WAS AND BETTER. Damn, you cant stay off a thread for nothing. How does anyone really get any help from this site with you trolling around? So glad my issue is resolved, good day sir, or boy, what ever you are.
  10. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    I'm glad your issue are fixed, and your the one who hijacked this thread... remember that please
  11. Spatzile

    Spatzile TS Rookie Topic Starter

    Hi Bobbye (And everyone else on here!)

    Firstly, I checked typing in a URL into the Address bar and clicking some of my favourites and both work perfectly fine.

    - So that is not the issue -

    Secondly, I thought maybe I should try to do a search on Yahoo (even though i never use it) and see if it has the same problems. To my surprise the search results redirected me as well! AND to the same website!

    Do you have any other ideas or would recommend any of the tips that previous posts have said such as:

    cryptic 70 :
    'I would recommend repairing the ATAPI file as once that was repaired all my issues were resolved. Sorry I dont have my log files to post. Keep running several different programs Spatzle and it will get fixed but I'd look at repairing the ATAPI file asap.'

    'I installed the latest version of Java, and deleted the older versions under Control Panel>Programs and Features.'

    However, I didn't know I had to delete them from Firefox's Extensions...Tools>Add Ons>Extensions tab

    Once I deleted the older versions of Java Console I am left only with v6.0.18, and everything is smooth as silk. It was an immediate fix after Firefox was restarted, and it hasn't returned.

    'simply removing google search addon from IE and reinstalling it was sufficient to cure it.'

    Thank you!!
  12. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    After all this Spatzile, try running combofix:
    Combofix Instructions

    Bobbye might help with the uninstall and provide other "clean up" advice. You have tried a lot of things up till this point, and you are still experiencing redirects. Good luck :)
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Tmagic. Time you learned how to handle the results of programs you're telling people to run!

    Spatzile, I linked around using the URLs from your redirects. Please try this:

    Open Internet Options for either Tools in IE or the Control Panel> Security tab> Restricted Zone> Sites> type each of the following in just as I have it and click on Add after each: use the * as it acts as a wild card:

    When you have done all 3, click on Apply> OK
    Reboot and try the searches. Try to make your searches-any searches more specific.

    For this: the screen was blank with the exception of the following message:.
    ShopTo.Net is 'The Online UK Video Games and console Superstore.' and somehow involved in this group of sites.

    K-Directory does a 'Search five major UK search engines - FAST!'.

    MySpace today displays an available Live Stream of the Grammy Pre-show and is followed by a list of Music & Video Exclusives is exactly what it says: an authorized software reseller Registry Cleaner
    Note: this is a secure site to get free, multiple car insurance quotes and it looks like there is ID for a registered user.

    I got no Alerts, no Warnings, no messages of any kind. They all seem to be legitimate sites and are all UK related. See if blocking the specific Domains makes any difference.

    I don't see any malicious intent on any of the sites. I have to wonder if the UK backbone handles non-specific searches differently, or again, if you ISP does.

    I'm sorry you got the run around here. Tmagic does not know how to interpret the logs and reports. Consider sending a PM to the site owner, Julio if you feel a complaint is in order.

    If you do see signs of malicious intent, please send me a PM and we'll go from there.
  14. Spatzile

    Spatzile TS Rookie Topic Starter

    Hi Bobbye,

    Thank you for always replying to my posts!

    I restricted the sights you mentioned and restarted my computer.

    I went to google and typed in 'Computer power saving programs' usually, I would get but it didn't redirect at all and went to the correct site! :D

    I then typed in 'CD burning software' but still got redirected to: Burning Cd Fix

    I did 4 other failry detailed searches and all times there were no problems!

    Maybe restricting the sites fixed it afterall?
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You're welcome Spatzile. This was certainly an unusual case of the 'redirects'. The site you got was for a legitimate program and within your search scope.

    I just have to think that the ISP or UK backbone in general has applied their search feature a bit differently than the US. Make your searches as specific as possible. For instance, your search for CD Burning Software got you a fix for a problem with the burning. Perhaps if you had searched for programs to burn CD you might have gotten something different, but within the scope of the search.

    It also appears that the UK system may be more ad-driven set up. For example, if I do a Google search for
    programs to burn CD, I get a return of 1,330,000 for programs to burn CD and can make any choice.

    Since you did some 'traveling' I'd like you to run another Eset scan to be sure you're clean: Please note the emphasis on not checking the removal. I will handle anything found:
    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Do NOT do the following until I have checked the Eset log.
    If this is clean, you can remove the cleaning tools:

    Remove all of the tools we used and the files and folders they created
    • DownloadOTCleanIt by OldTimer
    • Save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    The tool will delete itself once it finishes.

    If you are prompted to Reboot during the cleanup, select Yes.

    You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
    • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
    • Click "OK" to select the partition or drive you desire.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    More details and screenshots for Disk Cleanup in Windows Vista can be found here.

    As far as I can see, you didn't download and run Combofix. Is that correct?
  16. sekhon1991

    sekhon1991 TS Rookie

    Hey everyone, I would like to confirm that this method worked for me. I had done everything in the 8 steps malware removal guide but once I did this, VOILA !!

    My google search engine started to work fine. Just to let you know that this maybe an unusual fix but it still is a strong factor in this ptoblem. Hope it helps guys.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...