Search Engine Redirect Malware

By discky
Dec 11, 2009
  1. I have a trojan/hijacker that redirects my results on IE and other browsers. IE takes a little bit longer to load now, and it appears the virus loads when IE is opened. While running 1 IE window you will see 2 iexplore.exe procceses running. Cancelling either process closes IE. When you click a result in google the avatar in the address bar will change to what looks to be a Q in cursive, after that you are redirected to a page you didn't intend to go to.

    Thanks for help in advance.
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    2 IE8 entries is normal... Your Hijackthis log doesn't look too bad. A more intensive scan may be needed to correct the browser redirect issue
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Welcome to TechSpot, discky. I've checked your logs and am pleased to report they are clean. This does not mean there is no malware- we can check further for that.

    I do have a question about one entry though:
    O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) -

    The actual URL in the entry takes you to the Legal Notice for using the program. This site>> would be for an online scan.

    I would question the need for this though and suggest you remove the entry in Add/Remove Programs. Then open IE> Tools> Manage add-ons> look for the entry in either 'add-ons currently used' or add-ons previously used'> highlight> Disable.

    I notice you have the Panda Security Suite. Just for your information, this program appears to have an extraordinary number of entries I see in logs> When the subscription comes due, you might want to consider changing to a less resource intensive program..

    Multiple iexplore.exe processes are perfectly normal in IE8. But I'd like you to do the following to see if anything comes up to tell us what the problem might be:

    Download SDFix HERE and save it to your Desktop.
    • Double click SDFix.exe and it will extract the files to %systemdrive%
      (Drive that contains the Windows Directory, typically C:\SDFix)

      Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

      Run SDFix
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    • Attach Report.txt back here

    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    And in the 'redirect', are there any special kinds of sites coming up?

    Please attach Eset and SDFix logs in next reply.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...