i'm at a loss...i've run malwarebytes' anti-malware, ccleaner, spybot, and ESET and nothing is found

my google search results are randomly hijacked so that when i click on a result it will sometimes (maybe 1 time out of 5) redirect me to a secondary "search engine" like questbooster.com, wait-direct.com, and searchfindsite.com (most of them look exactly the same...there are others, though, that look like different sites, but i can't remember what they are)

sometimes that search engine will actually redirect me to the correct site (perhaps getting some sort of compensation for their direction?), and sometimes it drops me onto an empty page

anyway, it doesn't happen when i use dogpile.com to search...i haven't tried other search engines

i've searched for answers, but can't really seem to find any...suggestions (other than to stop using google)?

[Edited on January 6, 2010 at 12:14 PM. Reason : .]

1/6/2010 12:14:09 PM

Are you stealing wireless?

1/6/2010 1:56:25 PM

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Go there, download combofix from them and run it -- its free to use and will very likely fix this issue for you if its related to any sort of malware on your system -- this program has cleaned up and fixed issues that just about every other scanner has missed -- its now the 1st program I run when I have to cleanup any malicious software on peoples machines.

1/6/2010 2:05:37 PM

check your HOSTS file

1/6/2010 2:09:45 PM

^If his host file has a ton of crap redirecting to various sites, he likely has an infection of some sort as well -- combofix will reset your host file as part of its removal process as well -- learned that the hard way

1/6/2010 2:11:54 PM

bing it

1/6/2010 2:18:45 PM

Quote :

"Are you stealing wireless?"

no...it's mine and it's encrypted

Quote :

"http://www.bleepingcomputer.com/combofix/how-to-use-combofix"

thanks for the heads up...i'll check that out when i get home

Quote :

"bing it"

yikes, no...bing isn't bad, but nothing beats the austerity of a simple google search (in my opinion, anyway)

[Edited on January 6, 2010 at 2:25 PM. Reason : .]

1/6/2010 2:25:17 PM

does the redirect go through go.google.com? when I worked the graveyard shift as a front desk attendant, one of the computers had this problem. It would even disable anti-malware/spyware apps from being installed. A few fixes you might wanna try that worked for me...

Disable TSDSSserv.sys (part of the common trojan that causes your issue):

Click Start --> Right click on My Computer --> Click Manage --> Click on Device Manager on the left panel --> Under View menu, click on Show hidden devices, you will see a bunch of Non-plug and play drivers appear --> scroll down to find TDSSserv.sys --> Right click on it and Disable --> You should be done, just restart the comp.

Or

Rename Malwarebytes after saving the exe to your comp. Or google "go.google.com malware fix" and save, rename that exe.

Let us know what happens

[Edited on January 6, 2010 at 3:08 PM. Reason : .]

1/6/2010 3:06:20 PM

^ i came across a lot of that when i was searching...i don't think that's it

combofix doesn't work on windows 7, apparently...compatibility mode won't work because it doesn't like 64-bit

hosts file looks clean, though

1/7/2010 10:58:49 AM

1. Don't use Internet Exploder
2. Don't run executable code from the intarwebs.
3. Back your shit up so when crap happens, you can just restore a recent backup.

Consider it a lesson learned. Format, reinstall, don't be stupid.

1/9/2010 12:48:17 PM

I have the same problem using google chrome as the browser. Its very annoying.

1/9/2010 3:13:50 PM

^^

1. i don't use IE except to test any coding i do...it certainly isn't used to browse
2. i don't run exe's from teh intarwebs...that's asking for trouble
3. everything is backed up...but the machine was recently reformatted, so the only value in a reformat now would be getting rid of this intermittently annoying virus/whatever, and i'd much rather know what's causing it

^ i was just thinking...this all started (i think) about the time i installed WAMP server on my laptop, so that i could test some wordpress sites i was setting up for a friend...i had downloaded some themes, too...i'm wondering if any of that is connected to the redirect malarkey...have you done anything like that recently?

it's happening in all browsers, so i keep thinking it MUST be something in the hosts file, but i don't see anything (there's a lot in there, though, because of spybot)...i specifically searched for any google-related entries since it only appears to be happening with google search results, but there's nothing

[Edited on January 10, 2010 at 9:13 AM. Reason : .]

1/10/2010 9:09:41 AM

1/22/2010 9:36:13 AM

I had the google redirect issue as well. Ended up posting in the bleepingcomputer.com forums and let someone walk me through the removal. It took about a week because of the way that they handle requests for help, but it's worth it, as my laptop is completely clean now.

1/22/2010 4:51:33 PM

^ can you...give me a link?

1/22/2010 5:02:41 PM

http://www.bleepingcomputer.com/forums/topic34773.html

http://www.bleepingcomputer.com/forums/forum22.html

1/22/2010 5:12:11 PM

tampering with DNS possibly?

1/22/2010 6:33:18 PM

maybe...it seems to be java/javascript related, though...i turned off javascript and it SEEMED make it stop...if you do a search and hover over the link, it shows the correct URL...if you click on it and it redirects you, when you go back and hover over the link again, it shows the redirect instead

*shrug*

1/22/2010 6:40:00 PM

^ im thinking it's java related too, I have yet to see a surefire fix anywhere for it yet

1/24/2010 8:07:27 PM

Just did some more research... it's cookie related. Delete all of your cookies and it should fix. That makes sense as to why it fixed in one browser and not the other for me when I was tinkering.

1/24/2010 8:09:46 PM

i'll try that...though i'm pretty sure i've cleared the cookies both through the browser and through ccleaner

1/24/2010 8:46:08 PM

I am giving up. On top of the google hijack, I have a virus that I can not get rid of. Windows will tell me it has to reboot because some core process has terminated automatically. AGV sees the virus but can not get rid of it, malwarebytes can not find anything, spybot S & D can not find anything. I also can not boot into safe mode for some reason, It just keeps restarting every time I select safe mode.

Time to format, and install a fresh copy of windows.

1/24/2010 9:53:08 PM

DCOM failure right?

if you get that you can goto start run and type cmd then type shutdown -a

it will abort the auto shutdown. it's one and the same. I haven't had either happen since i cleared all cookies and turned off cookie support

1/24/2010 11:07:49 PM

it's not cookie-related...i cleared everything (and furthermore disabled the acceptance of third-party cookies) and it's still problematic

1/25/2010 4:29:51 PM

Not sure why that fixed it for me then, hmm

1/25/2010 6:09:26 PM

i THINK i got rid of it...i uninstalled FF 3.5.7 and manually deleted the remaining folder...i checked the registry and roaming/local profiles for any remaining FF and didn't find any...i then uninstalled java completely...i then opened IE and had it clear everything

after all of that, i ran ccleaner, but it didn't find any cookies or temp files or leftover registry entries, either

i then installed FF 3.6 (which, btw, i really like) and disabled third-party cookies before doing any browsing

after that, i reinstalled java 6u18 (i was running 6u17)

so far, so good...no idea what, if any, of that got rid of the problem, but the hijack APPEARS to be gone

2/1/2010 7:39:58 AM