Possible google hijack problem help plse?

Status
Not open for further replies.

Terrac

Posts: 9   +0
Hi ppl. Wonder if someone can advise.

A friend of mine is having google search and windows update problems on his XP machine. He is currently going through the 8 step plan and i'll post the logs as soon as these complete. AVG, Spybot, Spyhunter show no problems at all.

The strange problems are. when searching for certain things in google the results that come back are kinda strange and erratic. If he searches for "Windows update" in Google there is a delay before results are displayed and they come up as per attached pic "googledave.jpg" obviously incorrect with random links, sometimes referring to hottv.com and various other dodgy looking sites. if I search on my machine they are correct as per "googleme.jpg"

anyone heard of this before?

Also if he goes to start menu and trys to do a "windows update" from there internet explorer trys to send him to the VISTA update page even though he's on Windows XP?
see "update.jpg" attachment.

I'll post the logs ASAP guys just wanted to put the feelers out to see if anyone has ever heard of this before. I cant seem to find anything whilst searching but i'm maybe looking in the wrong places.

thanks...
 
thanks for the speedy reply. Ok at Step 4 we've got a hit already. He's now rebooting his machine and will run Step 5.

On Step 4 Malwarebytes found:
C:\WINDOWS\system32\sysaudio.sys (Trojan.Agent) -> Quarantined and deleted successfully.

log attached.
 
OK for MBAM that is not a real bad boy, so good.

Get me the rest of the logs as you run them.

Mike

Edit : SAS is OK only tracking cookies.

What is status of computer now is it running any better?

Get me a HJT Log.

Mike
 
What is being found is not pointing to the Google redirection you are having a problem with.

HJT log is clean of Malware just some wheel spinners.

Download SD Fix to Desktop among other things Catchme to look for RootKits.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.
Mike
 
thank you.. he's busy scanning now. He has windows update back again referring to the correct XP page and not vista. Google still operating as per above.

will post results.txt ASAP.
 
All sorted!.. he's just done a reboot and then a windows update and IE is working fine again with google now. !

Many thanks Mflynn for your help and advice!
 
he says everything is fine again now. Internet Explorer loads very quickly whereas before it was taking a few seconds. Google searches are coming up as normal. Windows update is working as normal. He says system seems to boot nice and quickly and appears to be running a lot better all around.

System is a Q6600 quad core, 4GB ram, Windows XP Pro, Asrock 4CoreViiV mboard with Nvidia 8800GTS.

many thanks... he's over the moon...
 
Adobe Reader

Hi :

Your friend's computer, according to the HijackThis log, has an outdated and
malware-prone Adobe Reader . Recently, Researchers found a new hackertoolkit that uses nothing but Adobe securityleaks in order to infect systems. "PDF Xploit Pack" ( http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits )adds all kind of exploits to PDF-files. When a certain exploit has successfully infected the OS, the IP address is sent to the attackers, so they need to try again. This to reduce the time it takes to manage the bots.

Use of PDF-files is becoming more and more popular among malcreants, this because other toolkits also have PDF exploits now. A year ago only 3% of the exploits were PDF directed.

So, it would seem wise to uninstall this "reader" and use the safer "Foxit Reader"
or "CutePDF" .

Unable to tell by the "log" IF the Java ( from Sun) is up-to-date, which would be
a security risk . Would be wise to run "JavaRa" from http://raproducts.org .
Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.
Open JavaRa.exe again and select Search For Updates.

Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
 
Excellent advice and I agree. Do away with Acrobat Reader and get FoxitReader.

The JavaRa is what I use and recomend also.

Check back later fro a thread closing including removing the cleanup tools.

Mike
 
Status
Not open for further replies.
Back