Welcome To Signs101.com: Largest Forum for Signmaking Professionals

Signs101.com: Largest Forum for Signmaking Professionals is the LARGEST online community & discussion forum for professional sign-makers and graphic designers.

 


  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus Help- Google Results are redirected

Discussion in 'General Software' started by Graphics2u, Jul 5, 2010.

  1. Graphics2u

    Graphics2u Very Active Member

    1,841
    2
    38
    Jan 31, 2007
    Iowa
    Been fighting a problem on my home computer all week end. It got a fake AV virus last week, used Malwarebytes to clean up and it seemed fine, until every once in a while a random adware site would open in a new browser window. Then noticed that when I did a google search the correct results would be displayed on google's page but when you click on them you are redirected to more of theses random adware sites trying to sell you security software and misc other junk. Since this is going on those sites will install more malware and I've done several scans with Malwarebytes and Microsoft Security Essentials and they always clean up everything except what ever is causing the redirects in Google.

    Getting really frustrating! Any good suggestions on what to try for scan software to try and locate what is causing this.

    It's not fake sites on google, their results are correct and if I type the address of the results into the address bar it goes right to it. but if I click on the link in google you're off to who knows where!

    Thanks for any Ideas you may have.

    It's a XP Machine. with IE8.
     
    Tags:
  2. Malkin

    Malkin Very Active Member

    2,200
    29
    48
    Feb 11, 2009
    Augusta, ME
    That is sometimes referred to as a browser hijacker.

    This program could be helpful in finding the processes that are causing the issue, but you need to be very careful not to delete anything that your system needs.
    http://free.antivirus.com/hijackthis/

    Also, IE bites. as in, the big one.
    Use something else, anything.
     
  3. Graphics2u

    Graphics2u Very Active Member

    1,841
    2
    38
    Jan 31, 2007
    Iowa
    I downloaded Hijackthis last night but didn't get to use it yet. I have tried it once before but was a little worried about deleting something I needed!
     
  4. Malkin

    Malkin Very Active Member

    2,200
    29
    48
    Feb 11, 2009
    Augusta, ME
    I've used it many times...

    once I did make a mistake and took out the wrong thing....never did fix that machine.
     
  5. AUTO-FX

    AUTO-FX Very Active Member

    2,185
    0
    0
    Feb 14, 2010
    try AVG free virus software download. it will help- we had it last week. between that and microsoft malware it got fixed. that virus you have alters registry files. avg will identify the virus for you and then you can do a search on micrsoft website for a fix. i think the only way to TRULY eliminate it is to wipe out and reload windows.
     
  6. Graphics2u

    Graphics2u Very Active Member

    1,841
    2
    38
    Jan 31, 2007
    Iowa
    Thanks I may give AVG a shot.
     
  7. Flame

    Flame Major Contributor

    8,283
    7
    38
    Apr 26, 2006
    Vancouver
    I got it too!!!
     
  8. Replicator

    Replicator Major Contributor

    10,230
    10
    38
    Nov 19, 2006
    Sun City, AZ
    If you know what the name of the virus is that you had and you research how to fix it on another computer . . .

    It will tell you to fix it using malware bytes, but it should also tell you how to go through
    and delete all the other components of the virus without harming your system.
     
  9. MikePro

    MikePro Major Contributor

    5,136
    279
    83
    Feb 3, 2010
    Racine, WI
    I've fixed this before without software... Just make note of what the popups are displaying and get on a clean computer to google it. There's a buncha discussions about this kind of virus and which filed to delete in safe mode.

    from what I remember, it's actually designed like an actual antivirus program, so your norton/whatever never picks up on it's processes. Not to say the malwarebytes won't work tho.
     
  10. jtrainor56

    jtrainor56 Member

    50
    0
    6
    Nov 12, 2006
    REading, PA
    http://www.bleepingcomputer.com/virus-removal/remove-security-tool
    Automated Removal Instructions for Security Tool using Malwarebytes' Anti-Malware:

    Go to the above link and section, download RKILL.COM, download Malwarebytes and then back to the document and download Malwarebytes EXE(this saves the exe to name the does not recognize). These should be downloaded from another PC to a zip or thumb drive.

    start the infected pc in safe mode, run RKILL, install Malwarebytes and copy the Malwarebytes exe to the malwarebytes folder... run the quick scan and that should help. You may need to do this more then once.
     
  11. matsuru2

    matsuru2 New Member

    13
    0
    0
    Jun 21, 2008
  12. Techman

    Techman Major Contributor

    8,520
    8
    38
    Jun 24, 2003
    michigan
    good luck,,,

    An AV software will not remove it.
    It will take a good cleaner to do it.
     
  13. Baz

    Baz Very Active Member

    I got the same thing a couple of months ago on my home pc. After many systems scans with AVG, Spybot search and destroy, Malwarebytes and AdAware .. Combofix and Trend Microsystem's cleaner fixed the problem for me. I was infected with a couple of rootkits.
     
  14. choucove

    choucove Active Member

    809
    0
    0
    Feb 25, 2008
    I have seen this happen a couple times. One time the person couldn't figure it out and ended up doing a system restore back a ways and ended up solving the issue. The second time the person noticed that there had been several of the links to these redirect sites entered into the HOST file on his system. Removing them as an administrator from the HOST file fixed the issue. However, I can't guarantee that this will fix the issue for you directly, but it worked in their situation.

    To further clarify, this situation occurred both times after the computer had been infected by the fake anti-virus application. This type of infection is most commonly seen as the Smitfraud/Virtumonde variant, and I've personally removed it off of more than thirty computers in the last six months. However, it is not very common that it also leads to the browser hijack in the cases I've specifically fixed. In the above cases, the fake AV was removed with Malwarebytes Anti-Malware, but the browser hijack still remained behind. So, even if you are able to remove the original cause such as using Malwarebytes, it may not fix the browser hijack, which is probably something more within the registry or again even the HOST file.
     
  15. OldPaint

    OldPaint Major Contributor

    if you can open TASK MANAGER, you can fix it. but THIS NOT FOR THE NOVICE COMPUTER OPERATOR.
    you need to get TASK MANAGER OPEN......then go to processes.........in there you will find a ******.EXE file of something that is not loaded by windows or you to the computer. CAUTION:REMOVING other files then the malware.........WILL SCREW UP YOUR COMPUTER....so it best to get a pro to do it...............
     
  16. buttons

    buttons Member

    171
    1
    18
    Jul 5, 2010
    Burlington
    Task manager won't do a thing! A lot of these programs either embed themselves in an already running task or they just restart themselves after you close the task manager.
     
  17. Techman

    Techman Major Contributor

    8,520
    8
    38
    Jun 24, 2003
    michigan
    I dream of the day when those who do not know what they are doing, and those who merely muddle and guess their way to a reinstall will stop making diagnosis for computers..
     
  18. gerald

    gerald Member

    405
    0
    0
    Mar 20, 2006
    My daughter got this on her laptop. I eventually had to do a complete reload. It started like this and over a couple days deteriorated to total re-directs. I searched it out and found that a total re-install was the only fix. Hope I'm wrong on your's.
     
  19. Pat Whatley

    Pat Whatley Major Contributor

    8,605
    89
    48
    Sep 29, 2003
    Wetumpka, AL
    It sounds like the Google Hijack virus I had a couple of months ago. Techman is right....$30 spent with my local computer geek would have saved me the hell of a reformat. I followed 5 or 6 different "solutions" offered here and on other sites and it just kept compounding the problem. There's not a "one size fits all" solution to removing it.

    Using task manager to try to fix it makes as much sense as putting it in the dishwasher.
     
  20. Graphics2u

    Graphics2u Very Active Member

    1,841
    2
    38
    Jan 31, 2007
    Iowa
    Fixed!!!!!! I Hope

    Last night I got Microsoft Security Essentials to find a virus called Win32:Alureon.H, it kept "disinfecting" the file but couldn't remove it. Malwarebytes didn't find it at all. Started searching internet for that virus name and found several posts saying it can not be removed. Then found one that said they fixed it with help from Microsoft and gave the instructions they received and it seems to have worked.

    Here's what I did:

    enter in safe mode with networking,

    Go to start run, Type in temp, Click OK, delete all temp files that are found,

    Go to start run, Type in prefetch, Click OK, delete all that are found,

    Go to start run, Type in %temp%, Click OK, delete all that are found.

    search Files and folders for - protection center, (search for that in the box that says a word or phrase in the file) (I found a file named local.ini that was created exactly the day and time that the troubles began), delete all,

    run microsoft online Malicious Software Removal Tool at http://www.microsoft.com/security/malwareremove/default.aspx

    then download and run zip file athttp://support.kaspersky.com/viruses/solutions?qid=208280684 The program is called TDSSKiller.exe I think this is the key to removing it

    fix your registry athttp://www.sunbeltsoftware.com/download (i didn't do this because the link is not working correctly)

    After this everything is woking normally.

    This virus also stopped Microsoft Security Essentials from being able to update itself. That is fixed now also.

    The file that was infected on mine was C:\Windows\System32\Drivers\ochi1394.sys

    Anyway back up and running for now!

    Thanks for all the input. There are probably other methods and cleaners that will work but this helped me.
     
Loading...

 


Loading...