Redirect Issue

By DeathsDesign · 25 replies
Apr 19, 2009
  1. I am having issues when i search for something. A lot of the time it will attempt to redirect me. Now that I have zonealarm installed it will not go to the site at all but i can still see it is trying to go to a site starting with Before ZA install the redirect would take me to site.

    I have followed the 8 steps and am attaching my logs. TIA for any help you can give me.

    Noticed that now it does not redirect me just goes back to the same search results page, but if i click on the link again, then it goes to the correct website. I am very confused. TIA.

    Attached Files:

  2. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,436   +37

  3. DeathsDesign

    DeathsDesign TS Rookie Topic Starter Posts: 31

    Looks like that took care of it!! thanks a million :)

    So my hjt log looks ok then right? (did not see any suspicious on it either)
  4. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,436   +37

    use edit, rather than making multiple consecutive posts... keeps things cleaner.

    I am not an expert on HJT... and I am out of time for tonight.
    I'll look more closely tomorrow, but maybe someone else can look it over in the meanwhile?

    Glad you had good results with the fix...
    Did you use the TechSpot information, or Major Geeks, or both, or...?

    HJT exam...
    Other than some possible performance tweaks,
    the only thing I see to check in your HTJ report is to make sure JAVA is up to date.
    Should be version 6, update 13.

    Hmmm... I see that Touch is giving you help... looks like you are in good hands.
  5. DeathsDesign

    DeathsDesign TS Rookie Topic Starter Posts: 31

    They both were pretty much the same thing and it seemed to have worked.

    That was the last remnant of the dang virut virus. spent two and half days cleaning that sucker off my system and that Goored rascal was the last bit of it. Thanks!!
  6. touch

    touch TS Rookie Posts: 978

    Hijackthis log looks clean ;)
  7. DeathsDesign

    DeathsDesign TS Rookie Topic Starter Posts: 31

    So i am safe in assuming my 2 1/2 daqys of toiling over this virut.56 virus was successful? Is there anything else I can do to make sure sure i am completely free of this nasty nasty virus?\

    Lets see, i have ran malwarebytes--now clean..SAS--now clean-- Kapersky and eowid(sp?) caught a couple of backdoors and porcesses running on explorer.exe near the end of the cleaning. Had to replace user32.dll. Drweb found tons of stuff and cured them. Avast says I am clean. I am just asking because it seems the majority vote is that with the virut.56 virus its best to format and forget it all, i was not willing to do that until absolutely necc. so I want to make sure I am good to go.

    Thanks again everyone. I love hunting down and killing virii, and if you give me a clean bill of health I am going to rank this up with my 'biggest game' ever kill ;-)

    Almost forgot, when i was waiting for an initial reply to this thread, I saw some others that suggested combofix. I tried that, (renaming combofix) disabled on-access protection with avast, disabled diskkeeper pro, disabled probe II, disabled sixengine (asus mb tool). and yet when i ran combofix it stayed on the screen stating 'scanning for infected files this could take ten minutes but a more infected machine could take twice as long' that ran for almost 8 hours with no change, still that prompt with the cursor blinking two lines down. I did not click on the screen or touch the computer in anyway, yet i did not see that it did anything so i stopped it. (i have a TB HD with about 500GB used).

    Thanks again y'all.
  8. touch

    touch TS Rookie Posts: 978

    You have´nt mentioned virut.56 virus before, that´s why I assume the computer are clean, which it apparently is not.

    I´ll therefore suggest you run this scantool ->

    Download DDS and save it to your desktop from here
    or here (

    And then double click dds.scr to run the tool.
    When done, DDS will open two (2) logs:

    Save both reports to your desktop. Attach DDS.txt back to your topic.
  9. DeathsDesign

    DeathsDesign TS Rookie Topic Starter Posts: 31

    Ok, i tried running that and when i did the window popped open and i got the message 'sort' is not a recognized as an internal or external command' and then sort.exe is not a recognized internal or external command or operable batch file' then it just sits there. is there something else i need to do?

    sorry kind of slow this morning, there was no sort.exe in my windows/system32 folder, copied the one from servicepackfile/i386 gonna run the .scr now

    ok, here ya go

    Attached Files:

    • DDS.txt
      File size:
      14.1 KB
  10. touch

    touch TS Rookie Posts: 978

  11. DeathsDesign

    DeathsDesign TS Rookie Topic Starter Posts: 31

    Ok, here ya go...

    Anything else i need to do? TIA
  12. touch

    touch TS Rookie Posts: 978

    Yes, it looks like explorer exe are infected, I´ll therefore suggest you run F-Secure online scanner.

    Please run F-Secure online scanner Here:

    Accept the License Agreement.
    Once the ActiveX installs,Click Full System Scan
    Once the download completes,the scan will begin automatically.
    The scan will take some time to finish,so please be patient.
    When the scan completes, click the Automatic cleaning (recommended) button.

    Click the Show Report button and attach the entire report in your next reply.
  13. DeathsDesign

    DeathsDesign TS Rookie Topic Starter Posts: 31

    Looks like it did not get it all.

    I will do some research while I wait for your response. TIA
  14. touch

    touch TS Rookie Posts: 978

    Unfortunality no :(

    Reboot to safe mode, and see if combofix will run properly there. If it will, please attach the log (c:combofix.txt) in next reply
  15. DeathsDesign

    DeathsDesign TS Rookie Topic Starter Posts: 31

    It will work. the missing sort.exe was preventing it from running as well.


    Here ya go

    I am going to run stinger and drweb live cd and posts those results and will await your reply tomorrow. Thanks again.

    Stinger found nothing. Drweb livecd found one exe that was in a quarantine folder. and another file located in applications data\firefox\profiles. it was a '*,default' file, and it was deleted

    Did another f-secure online scan this morning. Now it shows all clean. still says explorer.exe is infected with the same two virii.. No other scanner, online or otherwise is picking them up though. False positive maybe?
  16. touch

    touch TS Rookie Posts: 978

    Ok. Then I´ll suggest you run a Systemfile check ->

    To do this simply go to the Run box on the Start Menu and type in:

    sfc /scannow

    Note the space between the c and the /

    This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.

    Reboot, and have explorer exe checked again at virustotal
  17. DeathsDesign

    DeathsDesign TS Rookie Topic Starter Posts: 31

    Ok ran sfc, rebooted, uploaded explorer.exe to same results. Hope ya have some more tricks up your sleeve. I have an idea, but I am waiting till we exhaust every other option as I am not sure if it will work.
  18. touch

    touch TS Rookie Posts: 978

    I´m always open for ideas ;)

    Start the computer from the Windows XP CD-Rom
    Press ENTER at the "Setup Notification" screen. Press R to repair a Windows
    XP installation, and then press C to use the Recovery Console. The Recovery
    Console then prompts you for the administrator password. Hit Enter.

    From the command prompt you can expand the file. Type:

    expand E:\I386\explorer.ex_ %systemroot%\explorer.exe

    Reboot, and tell how things goes ?

    If E is your Cd drive, Otherwise, write the correct letter
  19. DeathsDesign

    DeathsDesign TS Rookie Topic Starter Posts: 31

    Pffft, fine. LOL that is what i was going to do, with one minor addition. Before replacing the explorer.exe I was going to re-download xp sp3 and then after replacing explorer.exe i was going to boot into safe mode and reinstall sp3 since the explorer i have on cd is sp2. What do you think? I'll wait for your reply. Thanks again
  20. touch

    touch TS Rookie Posts: 978

    Your idea/suggestion is better than mine :grinthumb
  21. DeathsDesign

    DeathsDesign TS Rookie Topic Starter Posts: 31

    Hmmm, ok very odd. When i expanded explorer.exe from my cd and then booted into safe mode and ran sp3 and then booted and uploaded the explorer.exe to it gave me the same dang results with the same two 'infections'. so i expanded again, (deleting explorer.exe within recovery console first.) then booted without reinstalling sp3 and uploaded the file and everything is now great. no infections.

    why would installing sp3 make those two infections come back again?

    Don't suppose anyone else with sp3 can upload explorer.exe to and see what results they get?
  22. touch

    touch TS Rookie Posts: 978

    You´re right, it sounds odd. I´ve scanned My "own" explorer exe, all the scanners said -
    Found nothing

    It sounds like your computere are clean now ?
  23. DeathsDesign

    DeathsDesign TS Rookie Topic Starter Posts: 31

    Yeah i guess it is... I did run Ultimate boot cd and ran avira off their and it found a couple more backdoor/trojans... but i think/hope, im good now..thanks....

    do you only do the virus thread? have a question in the 'other software' section, but it does not look like many people are on it very much.
  24. touch

    touch TS Rookie Posts: 978

    Is it - ZoneAlarm messages - you mean ?

    It is time for the clean-up procedure ->

    You should Create a New Restore Point to prevent possible reinfection from an old one.
    The easiest and safest way to do this is:
    Go to Start > All Programs > Accessories > System Tools > System Restore
    Select Create a restore point, and Ok it.
    Next, go to Start > Run and type in cleanmgr
    Select the More options tab
    Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.

    Please download OTCleanIt
    Save it to desktop.
    This will remove all the tools we used to clean your computer.
    Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

    To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
    How did I get infected in the first place
  25. DeathsDesign

    DeathsDesign TS Rookie Topic Starter Posts: 31

    Yes, the zonealarm messages. I will follow the steps and run the otcleanit

    odd... add/remove programs show no programs at all. but they do show up with ccleaner, so no worries.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...