• I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...

Virus Help- Google Results are redirected

Graphics2u

New Member
Been fighting a problem on my home computer all week end. It got a fake AV virus last week, used Malwarebytes to clean up and it seemed fine, until every once in a while a random adware site would open in a new browser window. Then noticed that when I did a google search the correct results would be displayed on google's page but when you click on them you are redirected to more of theses random adware sites trying to sell you security software and misc other junk. Since this is going on those sites will install more malware and I've done several scans with Malwarebytes and Microsoft Security Essentials and they always clean up everything except what ever is causing the redirects in Google.

Getting really frustrating! Any good suggestions on what to try for scan software to try and locate what is causing this.

It's not fake sites on google, their results are correct and if I type the address of the results into the address bar it goes right to it. but if I click on the link in google you're off to who knows where!

Thanks for any Ideas you may have.

It's a XP Machine. with IE8.
 

Malkin

New Member
That is sometimes referred to as a browser hijacker.

This program could be helpful in finding the processes that are causing the issue, but you need to be very careful not to delete anything that your system needs.
http://free.antivirus.com/hijackthis/

Also, IE bites. as in, the big one.
Use something else, anything.
 

Graphics2u

New Member
That is sometimes referred to as a browser hijacker.

This program could be helpful in finding the processes that are causing the issue, but you need to be very careful not to delete anything that your system needs.
http://free.antivirus.com/hijackthis/

Also, IE bites. as in, the big one.
Use something else, anything.
I downloaded Hijackthis last night but didn't get to use it yet. I have tried it once before but was a little worried about deleting something I needed!
 

Malkin

New Member
I've used it many times...

once I did make a mistake and took out the wrong thing....never did fix that machine.
 

AUTO-FX

New Member
try AVG free virus software download. it will help- we had it last week. between that and microsoft malware it got fixed. that virus you have alters registry files. avg will identify the virus for you and then you can do a search on micrsoft website for a fix. i think the only way to TRULY eliminate it is to wipe out and reload windows.
 

Graphics2u

New Member
try AVG free virus software download. it will help- we had it last week. between that and microsoft malware it got fixed. that virus you have alters registry files. avg will identify the virus for you and then you can do a search on micrsoft website for a fix. i think the only way to TRULY eliminate it is to wipe out and reload windows.
Thanks I may give AVG a shot.
 

Replicator

New Member
If you know what the name of the virus is that you had and you research how to fix it on another computer . . .

It will tell you to fix it using malware bytes, but it should also tell you how to go through
and delete all the other components of the virus without harming your system.
 

MikePro

New Member
I've fixed this before without software... Just make note of what the popups are displaying and get on a clean computer to google it. There's a buncha discussions about this kind of virus and which filed to delete in safe mode.

from what I remember, it's actually designed like an actual antivirus program, so your norton/whatever never picks up on it's processes. Not to say the malwarebytes won't work tho.
 

jtrainor56

New Member
http://www.bleepingcomputer.com/virus-removal/remove-security-tool
Automated Removal Instructions for Security Tool using Malwarebytes' Anti-Malware:

Go to the above link and section, download RKILL.COM, download Malwarebytes and then back to the document and download Malwarebytes EXE(this saves the exe to name the does not recognize). These should be downloaded from another PC to a zip or thumb drive.

start the infected pc in safe mode, run RKILL, install Malwarebytes and copy the Malwarebytes exe to the malwarebytes folder... run the quick scan and that should help. You may need to do this more then once.
 

Baz

New Member
I got the same thing a couple of months ago on my home pc. After many systems scans with AVG, Spybot search and destroy, Malwarebytes and AdAware .. Combofix and Trend Microsystem's cleaner fixed the problem for me. I was infected with a couple of rootkits.
 

choucove

New Member
I have seen this happen a couple times. One time the person couldn't figure it out and ended up doing a system restore back a ways and ended up solving the issue. The second time the person noticed that there had been several of the links to these redirect sites entered into the HOST file on his system. Removing them as an administrator from the HOST file fixed the issue. However, I can't guarantee that this will fix the issue for you directly, but it worked in their situation.

To further clarify, this situation occurred both times after the computer had been infected by the fake anti-virus application. This type of infection is most commonly seen as the Smitfraud/Virtumonde variant, and I've personally removed it off of more than thirty computers in the last six months. However, it is not very common that it also leads to the browser hijack in the cases I've specifically fixed. In the above cases, the fake AV was removed with Malwarebytes Anti-Malware, but the browser hijack still remained behind. So, even if you are able to remove the original cause such as using Malwarebytes, it may not fix the browser hijack, which is probably something more within the registry or again even the HOST file.
 

OldPaint

New Member
if you can open TASK MANAGER, you can fix it. but THIS NOT FOR THE NOVICE COMPUTER OPERATOR.
you need to get TASK MANAGER OPEN......then go to processes.........in there you will find a ******.EXE file of something that is not loaded by windows or you to the computer. CAUTION:REMOVING other files then the malware.........WILL SCREW UP YOUR COMPUTER....so it best to get a pro to do it...............
 

buttons

New Member
if you can open TASK MANAGER, you can fix it. but THIS NOT FOR THE NOVICE COMPUTER OPERATOR.
you need to get TASK MANAGER OPEN......then go to processes.........in there you will find a ******.EXE file of something that is not loaded by windows or you to the computer. CAUTION:REMOVING other files then the malware.........WILL SCREW UP YOUR COMPUTER....so it best to get a pro to do it...............

Task manager won't do a thing! A lot of these programs either embed themselves in an already running task or they just restart themselves after you close the task manager.
 

Techman

New Member
I dream of the day when those who do not know what they are doing, and those who merely muddle and guess their way to a reinstall will stop making diagnosis for computers..
 

gerald

New Member
My daughter got this on her laptop. I eventually had to do a complete reload. It started like this and over a couple days deteriorated to total re-directs. I searched it out and found that a total re-install was the only fix. Hope I'm wrong on your's.
 

Pat Whatley

New Member
It sounds like the Google Hijack virus I had a couple of months ago. Techman is right....$30 spent with my local computer geek would have saved me the hell of a reformat. I followed 5 or 6 different "solutions" offered here and on other sites and it just kept compounding the problem. There's not a "one size fits all" solution to removing it.

Using task manager to try to fix it makes as much sense as putting it in the dishwasher.
 

Graphics2u

New Member
Fixed!!!!!! I Hope

Last night I got Microsoft Security Essentials to find a virus called Win32:Alureon.H, it kept "disinfecting" the file but couldn't remove it. Malwarebytes didn't find it at all. Started searching internet for that virus name and found several posts saying it can not be removed. Then found one that said they fixed it with help from Microsoft and gave the instructions they received and it seems to have worked.

Here's what I did:

enter in safe mode with networking,

Go to start run, Type in temp, Click OK, delete all temp files that are found,

Go to start run, Type in prefetch, Click OK, delete all that are found,

Go to start run, Type in %temp%, Click OK, delete all that are found.

search Files and folders for - protection center, (search for that in the box that says a word or phrase in the file) (I found a file named local.ini that was created exactly the day and time that the troubles began), delete all,

run microsoft online Malicious Software Removal Tool at http://www.microsoft.com/security/malwareremove/default.aspx

then download and run zip file athttp://support.kaspersky.com/viruses/solutions?qid=208280684 The program is called TDSSKiller.exe I think this is the key to removing it

fix your registry athttp://www.sunbeltsoftware.com/download (i didn't do this because the link is not working correctly)

After this everything is woking normally.

This virus also stopped Microsoft Security Essentials from being able to update itself. That is fixed now also.

The file that was infected on mine was C:\Windows\System32\Drivers\ochi1394.sys

Anyway back up and running for now!

Thanks for all the input. There are probably other methods and cleaners that will work but this helped me.
 
Top