Jump to content

  • GUESTS

    If you want access to members only forums on HSO, you will gain access only when you Sign-in or Sign-Up .

    This box will disappear once you are signed in as a member. ?

Google Search Results Redirect

nofishfisherman
 Share

Recommended Posts

nofishfisherman Grand Master

nofishfisherman

Posted
  • Author
Posted

I don't think i have all that much stuff on this computer. A few different word docs, a fair number of photos and a decent amount of music loaded on itunes but thats about it. No games, no other significant software, not even microsoft office.

Thanks for all the help with this. Hopefully I can get this thing cleaned up once and for all this weekend.

I'll post updates when I get down with the process.

Link to comment
Share on other sites
  • Replies 67
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

BobT Grand Master

BobT

Posted
Posted

What about a hijacker? The one time in my life I picked up malware other than tracking cookies (that I'm aware of) I was constantly redirected when I logged onto the internet (dial-up back then). I would reset my home page and the next time I logged in I was redirected again. I used HijackThis and was able to follow the online tutorials and only removed things the tutorial positively identified as known bad files. It worked for me then.

Link to comment
Share on other sites
nofishfisherman Grand Master

nofishfisherman

Posted
  • Author
Posted

I ran the CCleaner, reran the Malwarebytes, and then tried to go download and run Combofix but when i try to download it Norton Antivirus scans it and says its a virus and removes the file labled Combofix(2).exe (Trojan.ADH.2)

When I run Malwarebytes it keeps saying there are 2 items detected.

Here is a cut and paste from the log it provides. It says to restart to remove threats and I do that.

C:\Windows\svchost.exe (Trojan.Agent) -> 3844 -> No action taken.

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

These same to threats show up each time I run malwarebytes.

Any ideas on why Combofix keeps getting picked up by Norton?

Link to comment
Share on other sites
upnorth Grand Master

upnorth

Posted
Posted

Malwarebytes should have a next feature and allow you specify the action to delete the threats.

There are some malware apps that not allow certain fixes to be downloaded.

Couple options.

Download combofix to USB drive from a different PC and then install it. Or you might be able to do if from safe mode with networking. Or you may need to disable norton long enough to install and scan.

Link to comment
Share on other sites
nofishfisherman Grand Master

nofishfisherman

Posted
  • Author
Posted

I wasn't able to run the Combofix yet but i did run the Antirootkit and it found a bunch of unknown hidden files but it did not recommend clean up on any of them. They all looked legit from my untrained eye.

This thing is getting frustrating.

I'm tempted to just back up my music and photos and to a complete system restore. I assume that will fix it for good.

Link to comment
Share on other sites
Jim Almquist Grand Master

Jim Almquist

Posted
Posted

If you are having problems running ComboFix because of your Norton just uninstall it. If Norton gives you any issues when you uninstall it you might have to into msconfig and stop it from starting up. I feel Microsoft Security Essentials is better than Norton and its free and will automatically update when a new definition comes out.

You should check your PMs as well wink

Link to comment
Share on other sites
upnorth Grand Master

upnorth

Posted
Posted

i had a google redirect virus and i could kill it like described above, but it would come back in a few days. Even if I wasn't surfing the internet.

I ended up having to reformat/reinstall. yucky.

Did you run CCleaner first? or better yet dump everything in the the C:\windows\prefetch folder. Most the reinstallers hide in there to allow easy re install.

Link to comment
Share on other sites
bobbymalone Grand Master

bobbymalone

Posted
Posted

Did you run CCleaner first? or better yet dump everything in the the C:\windows\prefetch folder. Most the reinstallers hide in there to allow easy re install.

I did run CCleaner. I did not dump the prefetch folder.

I needed to upgrade to 7 anyway, so I thought it would be a good excuse. Especially when I can get a legit copy of 7 ultimate for cheap cheap cheap.

Link to comment
Share on other sites
nofishfisherman Grand Master

nofishfisherman

Posted
  • Author
Posted

Well I just ran through the entire process again.

Booted into safe mode, ran CCleaner, then Malewarbytes, and then ComboFix. Everything ran smoothly and I rebooted back into windows normally.

After all of that search results are still getting redirected in IE.

I tried to do a restore to an early point but the earliest point option I was given was 3/14 which i think is a few days after this started.

Is there any way to just restore all the way back to factory settings?

I have all my docs/photos/music backed up on DVD's so I'm ready to nuke the whole thing and start over fresh.

Link to comment
Share on other sites
upnorth Grand Master

upnorth

Posted
Posted

Since this has spanned a few weeks and 3 pages I am not sure if it has been brought, but there is also the possibility that there may be a proxy set up for IE.

Go to tools, internet options, click the connections tab, if you are using broadband connections click on the LAN settings and check to see if there a proxy setup. If there is uncheck it.

Link to comment
Share on other sites
nofishfisherman Grand Master

nofishfisherman

Posted
  • Author
Posted

Also each time I run Malwarebytes it gives me this file as a threat in the log. Can I simply just delete the file manually?

C:\Windows\svchost.exe (Trojan.Agent)

Malwarbytes doesn't seem to remove it despite me following the removal instructions. Also ComboFix said something about delete something having to do with svchost.exe while it was running but it didn't fix the issue.

Link to comment
Share on other sites
upnorth Grand Master

upnorth

Posted
Posted

Found this, may help.

said to update Malwarebytes, run a scan and then the process below.

Open Malwarebytes > click on More Tools > run File ASSASSIN by clicking Run Tool

Select the File you want to delete.

C:\Windows\svchost.exe <--NOTE: ONLY from this location

Link to comment
Share on other sites
nofishfisherman Grand Master

nofishfisherman

Posted
  • Author
Posted

I went home on my lunch to let the dog out and has he ran around outside I tried the last few suggestions.

I ran the File Assasin in Malwarbytes and targeted the specific file and then restarted the computer. checked out IE and still the search results are being redirected.

I looked at the proxy possibility but thats not the issue.

I also updated to IE9, and the results are still redirected

When i was on the old version if IE i had my homepage set to google and the last couple days it wouldn't load the homepage it just gave me a page that said 404(or some 400 number) file not found at the top middle of the page. Now on IE9 it opens to MSN as a homepage but if I go to google my search results are still redirected.

As an example of what I'm seeing if I search for HSO Outdoors this site is the first on the list, if i click on it i get taken to a page called GimmeAnswers. If I search another random item for example "Frisbee" I get taken to another site called Happli or something like that.

The 2nd link on the list or results seems to a page that can't be found and then Malwarbytes pops up saying it blocked some threat. Then the 3rd link on the page has gone to the legit page. Not sure if this all happens 100% of the time but its what was happening recently.

This is starting to get personal between me and this little bugger. I want it dead and I want it dead now. Normally I have a rifle for such varmits but I don't think it will work in this case.

Link to comment
Share on other sites
upnorth Grand Master

upnorth

Posted
Posted

Quote:
GimmeAnswers

Had the same exact one at work a week or so ago and the CCleaner, Malwarebytes and combofix cleaned it up.

Try opening a command prompt and running "ipconfig /flushdns" without the quotes.

Also I would make sure you dump all the temp internet files.

Open internet options and go to the advanced tab and click restore advanced setting, and they reset to reset explorers settings. Click OK.

Link to comment
Share on other sites
nofishfisherman Grand Master

nofishfisherman

Posted
  • Author
Posted

Upnorth, I'll try your suggestion and see if that helps. I'm probably not doing something 100% correctly or maybe i'm missing a step somewhere.

At this point I'm getting ready to just nuke the entire thing. I have everything backed up so I just need to make sure i have a few install discs for the router and such.

Link to comment
Share on other sites
toughguy Grand Master

toughguy

Posted
Posted

Are you doing all of your work in safe mode without networking? Sometimes if networking is left on the virus uses your internet connection to re-install itself. You could always disconnect any networking in regular mode but safe mode always seems to work better.

Link to comment
Share on other sites

Join the conversation

You can post now ↓↓↓ or ask your question and then register. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept