Google Search Results Redirect

[nofishfisherman]

I don't think i have all that much stuff on this computer. A few different word docs, a fair number of photos and a decent amount of music loaded on itunes but thats about it. No games, no other significant software, not even microsoft office.

Thanks for all the help with this. Hopefully I can get this thing cleaned up once and for all this weekend.

I'll post updates when I get down with the process.

[BobT]

What about a hijacker? The one time in my life I picked up malware other than tracking cookies (that I'm aware of) I was constantly redirected when I logged onto the internet (dial-up back then). I would reset my home page and the next time I logged in I was redirected again. I used HijackThis and was able to follow the online tutorials and only removed things the tutorial positively identified as known bad files. It worked for me then.

[nofishfisherman]

I ran the CCleaner, reran the Malwarebytes, and then tried to go download and run Combofix but when i try to download it Norton Antivirus scans it and says its a virus and removes the file labled Combofix(2).exe (Trojan.ADH.2)

When I run Malwarebytes it keeps saying there are 2 items detected.

Here is a cut and paste from the log it provides. It says to restart to remove threats and I do that.

C:\Windows\svchost.exe (Trojan.Agent) -> 3844 -> No action taken.

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

These same to threats show up each time I run malwarebytes.

Any ideas on why Combofix keeps getting picked up by Norton?

[upnorth]

Malwarebytes should have a next feature and allow you specify the action to delete the threats.

There are some malware apps that not allow certain fixes to be downloaded.

Couple options.

Download combofix to USB drive from a different PC and then install it. Or you might be able to do if from safe mode with networking. Or you may need to disable norton long enough to install and scan.

[itchmesir]

the first thing you need to do is get rid of Norton.. what a POS anti-virus

[bobbymalone]

i had a google redirect virus and i could kill it like described above, but it would come back in a few days. Even if I wasn't surfing the internet.

I ended up having to reformat/reinstall. yucky.

[nofishfisherman]

I wasn't able to run the Combofix yet but i did run the Antirootkit and it found a bunch of unknown hidden files but it did not recommend clean up on any of them. They all looked legit from my untrained eye.

This thing is getting frustrating.

I'm tempted to just back up my music and photos and to a complete system restore. I assume that will fix it for good.

[Jim Almquist]

If you are having problems running ComboFix because of your Norton just uninstall it. If Norton gives you any issues when you uninstall it you might have to into msconfig and stop it from starting up. I feel Microsoft Security Essentials is better than Norton and its free and will automatically update when a new definition comes out.

You should check your PMs as well

[upnorth]

i had a google redirect virus and i could kill it like described above, but it would come back in a few days. Even if I wasn't surfing the internet.

I ended up having to reformat/reinstall. yucky.

Did you run CCleaner first? or better yet dump everything in the the C:\windows\prefetch folder. Most the reinstallers hide in there to allow easy re install.

[toughguy]

the first thing you need to do is get rid of Norton.. what a POS anti-virus

+1

[Lowblazah]

+1

x2

[bobbymalone]

Did you run CCleaner first? or better yet dump everything in the the C:\windows\prefetch folder. Most the reinstallers hide in there to allow easy re install.

I did run CCleaner. I did not dump the prefetch folder.

I needed to upgrade to 7 anyway, so I thought it would be a good excuse. Especially when I can get a legit copy of 7 ultimate for cheap cheap cheap.

[PierBridge]

Quote:

the first thing you need to do is get rid of Norton.. what a POS anti-virus

Plus a Gazzilion...

Just reformat and be done with it if possible!

[nofishfisherman]

Well I just ran through the entire process again.

Booted into safe mode, ran CCleaner, then Malewarbytes, and then ComboFix. Everything ran smoothly and I rebooted back into windows normally.

After all of that search results are still getting redirected in IE.

I tried to do a restore to an early point but the earliest point option I was given was 3/14 which i think is a few days after this started.

Is there any way to just restore all the way back to factory settings?

I have all my docs/photos/music backed up on DVD's so I'm ready to nuke the whole thing and start over fresh.

[MuleShack]

Just throwing another idea out...

You said you have IE7, maybe if you upgrade to IE8 it may overwrite the malware files causing the problems? Just a thought.

[upnorth]

Since this has spanned a few weeks and 3 pages I am not sure if it has been brought, but there is also the possibility that there may be a proxy set up for IE.

Go to tools, internet options, click the connections tab, if you are using broadband connections click on the LAN settings and check to see if there a proxy setup. If there is uncheck it.

[nofishfisherman]

I think I checked for the proxy but I'll check again when i get home tonight. I found a few different check lists online of things to try and I thought that was one of them.

Could simply upgrading to the latest version of IE really solve the issue?

[nofishfisherman]

Also each time I run Malwarebytes it gives me this file as a threat in the log. Can I simply just delete the file manually?

C:\Windows\svchost.exe (Trojan.Agent)

Malwarbytes doesn't seem to remove it despite me following the removal instructions. Also ComboFix said something about delete something having to do with svchost.exe while it was running but it didn't fix the issue.

[upnorth]

Found this, may help.

said to update Malwarebytes, run a scan and then the process below.

Open Malwarebytes > click on More Tools > run File ASSASSIN by clicking Run Tool

Select the File you want to delete.

C:\Windows\svchost.exe <--NOTE: ONLY from this location

[nofishfisherman]

I went home on my lunch to let the dog out and has he ran around outside I tried the last few suggestions.

I ran the File Assasin in Malwarbytes and targeted the specific file and then restarted the computer. checked out IE and still the search results are being redirected.

I looked at the proxy possibility but thats not the issue.

I also updated to IE9, and the results are still redirected

When i was on the old version if IE i had my homepage set to google and the last couple days it wouldn't load the homepage it just gave me a page that said 404(or some 400 number) file not found at the top middle of the page. Now on IE9 it opens to MSN as a homepage but if I go to google my search results are still redirected.

As an example of what I'm seeing if I search for HSO Outdoors this site is the first on the list, if i click on it i get taken to a page called GimmeAnswers. If I search another random item for example "Frisbee" I get taken to another site called Happli or something like that.

The 2nd link on the list or results seems to a page that can't be found and then Malwarbytes pops up saying it blocked some threat. Then the 3rd link on the page has gone to the legit page. Not sure if this all happens 100% of the time but its what was happening recently.

This is starting to get personal between me and this little bugger. I want it dead and I want it dead now. Normally I have a rifle for such varmits but I don't think it will work in this case.

[upnorth]

Quote:

GimmeAnswers

Had the same exact one at work a week or so ago and the CCleaner, Malwarebytes and combofix cleaned it up.

Try opening a command prompt and running "ipconfig /flushdns" without the quotes.

Also I would make sure you dump all the temp internet files.

Open internet options and go to the advanced tab and click restore advanced setting, and they reset to reset explorers settings. Click OK.

[Lowblazah]

I'd factory restore that thing at this point.

[nofishfisherman]

Upnorth, I'll try your suggestion and see if that helps. I'm probably not doing something 100% correctly or maybe i'm missing a step somewhere.

At this point I'm getting ready to just nuke the entire thing. I have everything backed up so I just need to make sure i have a few install discs for the router and such.

[toughguy]

Are you doing all of your work in safe mode without networking? Sometimes if networking is left on the virus uses your internet connection to re-install itself. You could always disconnect any networking in regular mode but safe mode always seems to work better.

[nofishfisherman]

I did it all in safe mode with networking as I needed to download the Combofix while in safe mode other wise my antivirus was flagging it.