• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Links in searches get redirected

Orphia Nay

Penguilicious Spodmaster
Tagger
Orphia Nay
Joined
May 2, 2005
Messages
52,522
Location
Australia
When I click on a link in a search, the page gets redirected.

It doesn't matter which browser I use (I've tried Firefox, Opera and IE), or which search engine (I've tried Google, Yahoo, Bing, and it happened in a search at at .gov.au website)... the link gets redirected to a different page nearly every time. Most often the page is to some sort of insurance site, but there have been all sorts of unknown pages.

I've scanned the computer with Norton, AVG Free, Spybot S&D, and done a Quick Search using Microsoft Windows Malicious Software tool (my puter was overheating during a full scan).

I'm running XP.

Has anyone seen or heard of a solution to this problem?

I'm due for a massive compy rebuild soon, but I'd like to get rid of this thing before I move files onto the new one.
 
Sounds like you have a new nasty malware to me.

I had to work on a computer that had a very similar one before. I believe the malware was called Antivirus2009. It did exactly what you describe. It was so new that none of the various anti-malware softwares had definitions for it yet (which means they didn't know about it, and hence couldn't search for/remove it.)

I notice you didn't say you tried AdAware yet. I always try them first. Also I try Malwarebytes Anti-Walware third usually. So go ahead and give those 2 a shot. (You did try Spybot S&D which I usually use 2nd...)

Like I said in the first paragraph, if it is new you might have to wait a few days for them to get the definitions for it. There are ways to remove it sooner, but it's much harder.
 
For the overheating, blow the computer out with a vacuum, the vents build up with dust.


You can specify default search engine, maybe that got pointed to a scam site?
 
OnlyTellsTruths said:
I remember that the AdAware site can be confusing (they really want you to get the pay version of course) so here is the link to the free version of AdAware at cnet.
Click to expand...

Thanks tremendously.

I forgot to mention, when I downloaded the Windows anti-malware program (and now AdAware)...
- the download gets cancelled in Firefox and I have to restart it
- when I then double-click on the program, I get a generic-looking error message saying it's not a valid Win32 application, and it won't run
- I have to get Mr Nay to download it and put it on my puter via intranet.

The virus/malware is a real bastard!

I'll let you know how AdAware goes after Mr Nay gets home from work.
 
You should feel proud that you are one of the first people to have the privilege of being infected with that malware....

Gotta look for the silver lining right? :)
 
Orphia Nay said:
When I click on a link in a search, the page gets redirected.

It doesn't matter which browser I use (I've tried Firefox, Opera and IE), or which search engine (I've tried Google, Yahoo, Bing, and it happened in a search at at .gov.au website)... the link gets redirected to a different page nearly every time. Most often the page is to some sort of insurance site, but there have been all sorts of unknown pages.

I've scanned the computer with Norton, AVG Free, Spybot S&D, and done a Quick Search using Microsoft Windows Malicious Software tool (my puter was overheating during a full scan).

I'm running XP.

Has anyone seen or heard of a solution to this problem?

I'm due for a massive compy rebuild soon, but I'd like to get rid of this thing before I move files onto the new one.
Click to expand...

Hi this sounds liek a variation of teh redirect malware:
Um the best I can recommend unless you want to do it yourself is to go to BleepingComputer, MajorGeeks, geekstoGo or a similar site and have someone help you.

But you can try this here:
http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller

This may or may not help, usually what I do:

1. Look at the process list in Task Manager and see if I can identify the process, then look up how to remove the malware. Look for randomly named string.exe files and then kill them, look for process names that are unusual. (I know, what is that, if you don't what they are?)
2. Start in Safe Mode and then remove the known stuff.

Now the problem is that rootkits are hard to blast out, especially when they load into drivers.

So the process then becomes:

1. Run Malwarenytes in Safe Mode, but you have to let it reboot in normal mode.
2. Load SuperAntiSpyware in normal mode, then reboot and run it in Safe Mode.
3. Examine the logfiles and then research what else is on there.
4. Try to remove what is left.
5. Get frustrated.
6. Download and run Combofix.

Combofix is a great program but it can wreck your machine, unless you do so under supervision it can be hard to recover lost data and system files.

Now I have run combofix hundreds of time and it has only blown up two machines, but it is arisk and you have to do it the way they tell you.

I am currently in a malware training program but can't really offer more than that right now.
 
Last edited:
Orphia Nay said:
Thanks tremendously.

I forgot to mention, when I downloaded the Windows anti-malware program (and now AdAware)...
- the download gets cancelled in Firefox and I have to restart it
- when I then double-click on the program, I get a generic-looking error message saying it's not a valid Win32 application, and it won't run
- I have to get Mr Nay to download it and put it on my puter via intranet.

The virus/malware is a real bastard!

I'll let you know how AdAware goes after Mr Nay gets home from work.
Click to expand...

Oick, that is a pain, to deal with that you usually have to download the installer on a flash drive on another machine.

Then you start the machine in Safe Mode and try to install it, some will some won't. Then try running it in safe mode. Some times you have to rename the installer so that "Antivius Installer" becomes "fuzzy harmless bunny"
 
Orphia Nay said:
When I click on a link in a search, the page gets redirected.

It doesn't matter which browser I use (I've tried Firefox, Opera and IE), or which search engine (I've tried Google, Yahoo, Bing, and it happened in a search at at .gov.au website)... the link gets redirected to a different page nearly every time. Most often the page is to some sort of insurance site, but there have been all sorts of unknown pages.

I've scanned the computer with Norton, AVG Free, Spybot S&D, and done a Quick Search using Microsoft Windows Malicious Software tool (my puter was overheating during a full scan).

I'm running XP.

Has anyone seen or heard of a solution to this problem?

I'm due for a massive compy rebuild soon, but I'd like to get rid of this thing before I move files onto the new one.
Click to expand...

Try this online antivirus too see what it shows and gets rid of. http://housecall.trendmicro.com/
But if you are not tech savy you'll need help.
http://hjt-data.trendmicro.com/hjt/analyzethis/index.php
And you'll need to download Hijackthis.
http://free.antivirus.com/hijackthis/
 
Domain Name System (DNS) is essentially a huge table of numbers and names that translate a URL -- web address -- into the actual IP address of the site you're trying to reach.

For example, you type in www.google.com and your computer goes to specific servers with this information in it (often your Internet Service Provider has some of these servers too, but there is a system of a few dozen of these major DNS servers world wide), looks it up and then tells your computer to go to 216.239.51.104. I'm simplifying it a bit; in real life Google has many more IP addresses that that one, but hopefully the process I'm illustrating is clear.

Anyway, there is an option on every home computer to be able to manually change which DNS server your computer will go to find this information. Normally, it is set to use whichever DNS servers your ISP uses. I personally do not use my Qwest DNS servers, but instead have manually set OpenDNS's servers which has been a noticeable speed increase when I fetch information.

So what happens in these malware/virus cases is that it will overwrite your local DNS settings which in effect forces your computer to look up website addresses through their questionable servers and therefore redirecting you to sites you never intended on going to. The viruses also overwrite portions of your system registry to turn off things like being able to open the Control Panel and they also have ways to self-replicate. There can be other things that are done to a box to pwn it depending on what the malware writer intends.

All of this combines into a frightful mess and the removals are usually an amazingly painful process. It certainly can be done and some of the online scans mentioned upthread are pretty good.

At any rate, it seems that some suggestions are good as to how you can solve the issue; there's nothing really I can add at this time. I mainly want to be more informative of what the underlying process is and why you're having the troubles you're having.
 
The Norseman said:
Anyway, there is an option on every home computer to be able to manually change which DNS server your computer will go to find this information. Normally, it is set to use whichever DNS servers your ISP uses. I personally do not use my Qwest DNS servers, but instead have manually set OpenDNS's servers which has been a noticeable speed increase when I fetch information.
Click to expand...

Where would that option lurk? In the ISP / router settings?
 
I've had this problem for nearly a year on my Mac.
I just added the "no script" plug in to Firefox and although what ever is making my computer do odd things is still actually there, it's effects on search engine result redirections have been negated.

But again, if anyone has a fix for the Mac (I've already run the DNS Changer Removal Tool from MacScan and it's says nothing was found).
 
Well ,if is is something like TDSS/Alureon/TDL3 rootkit , then resetting the DNS server will not really do it, because the next time the machine reboots or the service/kernel call is made the rootkit will just reset it any how.

It would take some scans with HiJackThis, OTL, DDS and GMER to really see what is happening.

:(
 
Stray Cat said:
I've had this problem for nearly a year on my Mac.
I just added the "no script" plug in to Firefox and although what ever is making my computer do odd things is still actually there, it's effects on search engine result redirections have been negated.
Click to expand...

I just installed No Script, and yay, it seems to be working! Thanks!

I'll rejoice in that win, even though I've given up trying to get rid of the virus/malware/whatever.

We're going to wait till I get my puter rebuilt and see if the problem gets transferred or not. And maybe our computer guy can fix it in the process.
 
necromancy: Hi Orphia!

I was reading arround and with the TDSS infection, it is best to just reformat and reinstall the OS, I know you were not planning on using teh computer again but it may remain comprimised. At least that is what some people on BleepingComputer are saying.
 
You must log in or register to reply here.

Back
Top Bottom