1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Redirecting google seaches

By bourbon cream ยท 9 replies
Feb 8, 2009
  1. my system is infected with something which keeps redirecting my google seaches when i click on the links,
    i have looked in the adress bar when it is doing this and it is going through another ip, (i cannot get a copy if this ip)

    i have followed the instruction in this other thread
    /vb/topic58138 .html

    i have attached the log files as requested in the instructions.
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Great job!

    But you have much more!

    Update both MBAM and SAS and run again to get the what was missed an also the ones exposed that were not even visible the first run.

    Post these logs then do the below!

    Download ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

  3. bourbon cream

    bourbon cream TS Rookie Topic Starter

    okay will do, will post log files soon, taking forever to scan
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    It will, but worth it!

  5. bourbon cream

    bourbon cream TS Rookie Topic Starter

    MBAM and SAS log files as requested from second scans

    combofix and HJT logs to come

    combofix and hjt logs
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    Ok we are getting there!

    MBAM was clean but SAS found and removed more, so did ComboFix.

    So UPDATE SAS and run Quick scan make sure to click to remove Tracking cookies and remove them.

    Then run ComboFix again.

    Post the logs!

    We are running these 2 programs again to be sure they find nothing else and come up with clean logs.

  7. bourbon cream

    bourbon cream TS Rookie Topic Starter

    the log repots from combofix and SAS
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    OK fantastic job!

    You do good work!
    Copy the text inside the box above.

    Run MBAM click More Tools then Run Tool.

    Paste the above to the File Name: box and click ok to delete!

    Reboot and rerun ComboFix and post log so i can confirm it is gone.

    If so we are finished!

  9. bourbon cream

    bourbon cream TS Rookie Topic Starter

    here is the last combofix log file,
    hopefully it is sorted now,

    thanks for all your help, it has been very helpful

  10. mflynn

    mflynn TS Rookie Posts: 2,655

    That did it!

    Good job!

    Thread closing-------------------------------------------------------------------

    Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

    Remove ComboFix
    combofix /u
    Hit enter or click OK.

    Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

    Save to desktop.

    This will remove all the tools we used to clean your computer.

    Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

    Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

    If prompted to Reboot click, Yes.
    OTCleanit will delete itself when finished, If not delete it by yourself.

    Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

    KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
    Fantastic cleaner.
    The issues can and are likely found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.

    Every two weeks or so, run MBAM and SAS until clean.

    They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

    If they find something they can not clean, then get back to us.

    Additionally run CCleaner. ATF-Cleaner and KCleaner.
    I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

    It was designed to be used with and to co-exist with other Virus scanners.

    Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

    It's like looking at it with 2 sets of eyes and from a different angle.

    It works like some Firewalls do to learn what is good/bad.

    After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

    As it queries you about the prompt to help you determine to approve or not you can google it with one click.

    Look at http://www.javacoolsoftware.com/spywareblaster.html

    Run SpyBot ocassionally and use the Immunize function.

    I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html

    Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

    A Disk Scan (chkdsk) and Defrag are in order.

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...