Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Google problem-redirected to wrong pages

  • 10-03-2007 04:05PM
    #1
    Closed Accounts Posts: 171 ✭✭


    Hi

    I think I have some sort of secuuirty issue with my PC. Everytime I google a website and click on a particular result, i get redirected to other sites which appear to be search engines with link to adult sites etc. This happens twice on every google search before I get to the page I'm after on the 3rd attempt.
    examples of the sites I'm being directed to are:
    alisea.com
    weddingcamerasplace.com

    I've taken off and re-installed my google toolbar but to no avail. I've searched my PC for viruses but nothing. Whats causing this? And how can I block certain websites from appearing(as it seems to be a core of about 10 sites I keep coming across)

    thanks


Comments

  • Registered Users, Registered Users 2 Posts: 14,842 ✭✭✭✭dulpit


    Sounds like spyware, try running a scan with something like ad aware or the like...


  • Closed Accounts Posts: 198 ✭✭sh_o


    take a look in C:\WINDOWS\system32\drivers\etc\hosts also


  • Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    Download and run AVG Anti-spyware or Spybot-Search and Destroy in Safe Mode.


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    http://www.majorgeeks.com/download3155.html
    dl that,run a system scan and save a logfile,send that to me

    or dl this
    http://www.download.com/AVG-Anti-Spyware/3000-8022_4-10610898.html?tag=lst-0-1
    like above poster said


  • Closed Accounts Posts: 171 ✭✭Delboy05


    Hi,

    downloaded the adware anti-spy virus and ran it. It picked out about 250 cookies that were 'suspect'. I deleted them all and re-booted the PC...after doing about 5 googles, so far so good...am getting directed to the sites i choose each time. So all seems fien (cant understand why my McAfee anti-virus software was'nt able to solve this...i ran a system scan and it found nothing)

    thanks for the help.


  • Advertisement
  • Closed Accounts Posts: 171 ✭✭Delboy05


    sorry, spoke too soon.....have come across the same crap again. I'm just going to take off my google toolbar and use Yahoo instead. The problem does'nt seem to happen with Yahoo


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    no need to do that if you dont want to. like i said above if you do this

    http://www.majorgeeks.com/download3155.html
    dl that,run a system scan and save a logfile,send that to me

    theres a feature in it that tells you if your getting re-directed to other sites cause of spyware, and is easily fixed


  • Closed Accounts Posts: 884 ✭✭✭NutJob


    Ruu wrote:
    Download and run AVG Anti-spyware or Spybot-Search and Destroy in Safe Mode.


    What Ruu said


  • Closed Accounts Posts: 171 ✭✭Delboy05


    no need to do that if you dont want to. like i said above if you do this

    http://www.majorgeeks.com/download3155.html
    dl that,run a system scan and save a logfile,send that to me

    theres a feature in it that tells you if your getting re-directed to other sites cause of spyware, and is easily fixed

    ok. ran that yesterday also and got a list of programmes but saw nothing suspicious so disregarded it. Will run it again tonight and pm it to you. Thanks


  • Registered Users, Registered Users 2 Posts: 4 gcfm


    Hi could you have a look at this for me please, my mozilla keeps opening on strange web site .. cheers


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 23 BarryC


    I'm having the same problem with google for the past few weeks. I've tried re installing internet explorer and still no joy. I have tried loads of different spyware programs but still cant find any problems. Scanning with AVG Anti-Spyware 7.5 at the moment.

    Does any one have any ideas or can help me?

    thanks


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Google redirects are from a nasty piece of malware called "WareOut" which probably wont get fixed by any anti-spyware program.

    BarryC do this to get rid of it

    Please download the self-extracting version of HijackThis from here:

    HijackThis_sfx download

    Save HijackThis_sfx to your desktop.

    Double-click the file then click the Unzip button. Then close the Self-Extractor window.

    Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it. If you would like to make a shortcut for your Desktop so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

    Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

    Open HijackThis and click Do a system scan and save a log file. Copy the entire contents of that log and post it here

    Also if you see this Delboy05 you should post that HijackThis log here as it's very easy not to spot the malware that causes google re-directs.

    To gcfm, I must have missed your reply when you posted it over two months ago. If you post me a new HijackThis log I can check it out if your having the same problem or other problems. I can see WareOut in your original log


  • Registered Users, Registered Users 2 Posts: 23 BarryC


    Hi ActorSeeksJob

    Done all that. File attahced.

    Thanks


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please download SmitfraudFix to your desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, double-click on SmitfraudFix.exe
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background.


    Once you are in Normal Windows mode, run HijackThis and click "Do a system scan only" and check these entries if present :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) -
    O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
    O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba2218.exe
    O21 - SSODL: fairydom - {5839511e-ec1b-4f91-ace3-fb88e52f5239} - (no file)


    close all windows(including your browser) except for HijackThis and click "Fix checked".

    Did you install the SoftForYou Keylogger program?

    You now need to update your Java and remove your older versions.
    Please follow these steps to remove older version Java components.

    * Click Start > Control Panel.
    * Click Add/Remove Programs.
    * Check any item with Java Runtime Environment (JRE) in the name.
    * Click the Remove or Change/Remove button.

    Download the latest version of Java Runtime Environment (JRE), and install it to your computer.
    http://java.sun.com/javase/downloads/index.jsp
    Go down to Java Runtime Environment (JRE) to get it.

    In your next reply I need a new HijackThis log, the SmitfraudFix report, and the answer to my question and if you had any trouble doing any of the tasks.


  • Registered Users, Registered Users 2 Posts: 23 BarryC


    About to try it, I'll know what happens

    thanks


  • Registered Users, Registered Users 2 Posts: 23 BarryC


    So far so good, heres the report

    SmitFraudFix v2.181

    Scan done at 18:43:15.34, 15/05/2007
    Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "fairydom"="{5839511e-ec1b-4f91-ace3-fb88e52f5239}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{28086A1F-211C-4F60-A9D4-26BD19DD6A54}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{28086A1F-211C-4F60-A9D4-26BD19DD6A54}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{28086A1F-211C-4F60-A9D4-26BD19DD6A54}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"="kdvfn.exe"

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Reboot

    C:\WINDOWS\system32\kdvfn.exe Deleted

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» End


Advertisement