1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

The search engine redirect issue

By idkface ยท 6 replies
Dec 26, 2009
  1. i figured i'd post and say that i too am having this same issue. i know there are numerous other cases being talked about here and on other forums/blogs. i intend on just following a couple of the more popular threads here about this issue until a proper fix is found since the symptoms all appear to me the same. i just wanted to post some logs in hopes that it may help the guys who are looking into this understand what may be causing it and how to potentially get rid of it.

    the symptoms on my machine started a couple days ago, and was caused by a bad advertising pop up from a reputable website. it was one of those, "your machine is infected! quick, click OK to run this, or cancel to (secretly run this) leave." malwarebytes picked up anywhere from 37-94 infections on numerous scans. i kept scanning and fixing and scanning and fixing until malwarebytes determined there were no more harmful files on my machine, but the problem persisted.

    here's a few logs, keep in mind, all of these programs are now producing clean logs but i'm still having the problem, and none of these apps have resolved the issue completely. i know how to use combo-fix, and will give that a shot in the morning. if all else fails, i'll just have to wait for one of these companies to catch the problem and release a new definition that includes the fix. right now it's time for bed.

    p.s. if anyone looks over the hijack this log and finds something wrong with it, let me know. a couple things caught my eye, but i'd rather leave that to the pros.

    p.p.s. i use trend micro as my primary real-time protection. it used to be the best, at least in my opinion. now it seems like they're slipping...
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    You most likely still have a back door trojan active on your computer. Was Trend-Micro kept updated and active? Turn off system restore and rescan. Turn System Restore back on after the scans...
  3. idkface

    idkface TS Rookie Topic Starter

    sorry for the late reply. yeah there was still something left. trend micro is set to automatically update and scan during the day. combofix ended up taking care of the rest without any particular scripts. it found iaStor.sys (SATA driver) was infected. no rootkits.

    this is definitely not something a simple scan can catch and fix. it requires a fix made specifically for this trojan/malware/whatever it is, kind of like what vundofix is to the vundo bug (i know combofix is a vundo fix, but you get what i mean). it seems that the trend here is that combofix is the ultimate solution for this particular problem that's been plaguing the internet lately (most likely a vundo variant). for anyone wondering about it, i'd say use it as a last resort and make sure you read and follow the directions closely.

    i followed the other threads that were similar to my problem and just used the same steps being recommended by bobbye & crew.

    p.s. i never ever use system restore. it's always off.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    An overdue welcome to TechSpot idkface. My apology for the delay.

    There are entries found in the Eset online scan that need to be removed. And we need to remove the cleaning tools.

    I'd also like to see the Combofix report- I know desperation made you run it, but we try to discourage members running Combofix without the helper's guidance.

    As for this:
    I would like the opportunity to tell you WHY you should have restore points set and WHY they shouldn't be removed at the beginning of cleaning.

    Tmagic is running up his post count again!
  5. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    "Tmagic is running up his post count again!"...

    Don't worry Bobbye, I will be off line for a couple of months starting 1/11 /2010. I'm sure you will miss me :rolleyes:
  6. idkface

    idkface TS Rookie Topic Starter

    happy new year! the two listings in the eset log were cleaned after that scan (forgot to tick the box to clean infected items on the first scan). i tried to post logs that had actual findings rather than clean logs in order to give some idea of what's been going on with our machines. ie: similar findings, common infected files... however this thought didn't come to mind until after i ran the two big scans: malwarebytes (about 5 times), and super anti-spyware.

    i've attached the combo-fix log. if found a couple things, and cleaned up some things. as for if it's completely clean or not, i'll let you be the judge. it doesn't look like anything out of the ordinary was left behind. my pc has been running stable since the scan. a few things here and there that i still need to address such as not always being able to disable the LAN connection via the task bar. i believe that's due to a duplicate driver problem after combo-fix got done with my system.

    everyone be safe tonight.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    FYI: about this> "(forgot to tick the box to clean infected items on the first scan)."

    When the directions for Eset are givin, there is a line that says:
    There is a reason for that. And I have them moved after seeing them. So another reason why running programs without the helper instructing you to for example. It is more appropriate to run the online scan at the end to mke sure we haven't missed anything.

    Combofix removed some Trojan entries. So I'd like you to delete the current Eset online log and rescan. Follow that with a new scan using HijackThis. If they're clean, I'll have you remove the cleaning tools and old restore points.

    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Please leave the Eset log and new HJT this in next reply. If they're clean, I'll have you remove the cleaning tools and old restore points.

    (The LAN/Taskbar problem will be better handled in the Windows OS Forum)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...