quagmire02 All American 44225 Posts user info edit post |
i'm at a loss...i've run malwarebytes' anti-malware, ccleaner, spybot, and ESET and nothing is found
my google search results are randomly hijacked so that when i click on a result it will sometimes (maybe 1 time out of 5) redirect me to a secondary "search engine" like questbooster.com, wait-direct.com, and searchfindsite.com (most of them look exactly the same...there are others, though, that look like different sites, but i can't remember what they are)
sometimes that search engine will actually redirect me to the correct site (perhaps getting some sort of compensation for their direction?), and sometimes it drops me onto an empty page
anyway, it doesn't happen when i use dogpile.com to search...i haven't tried other search engines
i've searched for answers, but can't really seem to find any...suggestions (other than to stop using google)?
[Edited on January 6, 2010 at 12:14 PM. Reason : .] 1/6/2010 12:14:09 PM |
FroshKiller All American 51913 Posts user info edit post |
Are you stealing wireless? 1/6/2010 1:56:25 PM |
ncstatepimp All American 1781 Posts user info edit post |
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Go there, download combofix from them and run it -- its free to use and will very likely fix this issue for you if its related to any sort of malware on your system -- this program has cleaned up and fixed issues that just about every other scanner has missed -- its now the 1st program I run when I have to cleanup any malicious software on peoples machines. 1/6/2010 2:05:37 PM |
darkone (\/) (;,,,;) (\/) 11611 Posts user info edit post |
check your HOSTS file 1/6/2010 2:09:45 PM |
ncstatepimp All American 1781 Posts user info edit post |
^If his host file has a ton of crap redirecting to various sites, he likely has an infection of some sort as well -- combofix will reset your host file as part of its removal process as well -- learned that the hard way 1/6/2010 2:11:54 PM |
FroshKiller All American 51913 Posts user info edit post |
bing it 1/6/2010 2:18:45 PM |
quagmire02 All American 44225 Posts user info edit post |
Quote : | "Are you stealing wireless?" |
no...it's mine and it's encrypted
thanks for the heads up...i'll check that out when i get home
yikes, no...bing isn't bad, but nothing beats the austerity of a simple google search (in my opinion, anyway)
[Edited on January 6, 2010 at 2:25 PM. Reason : .]1/6/2010 2:25:17 PM |
fdhelmin All American 1058 Posts user info edit post |
does the redirect go through go.google.com? when I worked the graveyard shift as a front desk attendant, one of the computers had this problem. It would even disable anti-malware/spyware apps from being installed. A few fixes you might wanna try that worked for me...
Disable TSDSSserv.sys (part of the common trojan that causes your issue):
Click Start --> Right click on My Computer --> Click Manage --> Click on Device Manager on the left panel --> Under View menu, click on Show hidden devices, you will see a bunch of Non-plug and play drivers appear --> scroll down to find TDSSserv.sys --> Right click on it and Disable --> You should be done, just restart the comp.
Or
Rename Malwarebytes after saving the exe to your comp. Or google "go.google.com malware fix" and save, rename that exe.
Let us know what happens
[Edited on January 6, 2010 at 3:08 PM. Reason : .] 1/6/2010 3:06:20 PM |
quagmire02 All American 44225 Posts user info edit post |
^ i came across a lot of that when i was searching...i don't think that's it
combofix doesn't work on windows 7, apparently...compatibility mode won't work because it doesn't like 64-bit
hosts file looks clean, though 1/7/2010 10:58:49 AM |
LimpyNuts All American 16859 Posts user info edit post |
1. Don't use Internet Exploder 2. Don't run executable code from the intarwebs. 3. Back your shit up so when crap happens, you can just restore a recent backup.
Consider it a lesson learned. Format, reinstall, don't be stupid. 1/9/2010 12:48:17 PM |
mikey99cobra All American 1138 Posts user info edit post |
I have the same problem using google chrome as the browser. Its very annoying. 1/9/2010 3:13:50 PM |
quagmire02 All American 44225 Posts user info edit post |
^^
1. i don't use IE except to test any coding i do...it certainly isn't used to browse 2. i don't run exe's from teh intarwebs...that's asking for trouble 3. everything is backed up...but the machine was recently reformatted, so the only value in a reformat now would be getting rid of this intermittently annoying virus/whatever, and i'd much rather know what's causing it
^ i was just thinking...this all started (i think) about the time i installed WAMP server on my laptop, so that i could test some wordpress sites i was setting up for a friend...i had downloaded some themes, too...i'm wondering if any of that is connected to the redirect malarkey...have you done anything like that recently?
it's happening in all browsers, so i keep thinking it MUST be something in the hosts file, but i don't see anything (there's a lot in there, though, because of spybot)...i specifically searched for any google-related entries since it only appears to be happening with google search results, but there's nothing
[Edited on January 10, 2010 at 9:13 AM. Reason : .] 1/10/2010 9:09:41 AM |
quagmire02 All American 44225 Posts user info edit post |
1/22/2010 9:36:13 AM |
craptastic All American 6115 Posts user info edit post |
I had the google redirect issue as well. Ended up posting in the bleepingcomputer.com forums and let someone walk me through the removal. It took about a week because of the way that they handle requests for help, but it's worth it, as my laptop is completely clean now. 1/22/2010 4:51:33 PM |
quagmire02 All American 44225 Posts user info edit post |
^ can you...give me a link? 1/22/2010 5:02:41 PM |
craptastic All American 6115 Posts user info edit post |
http://www.bleepingcomputer.com/forums/topic34773.html
http://www.bleepingcomputer.com/forums/forum22.html 1/22/2010 5:12:11 PM |
Prospero All American 11662 Posts user info edit post |
tampering with DNS possibly? 1/22/2010 6:33:18 PM |
quagmire02 All American 44225 Posts user info edit post |
maybe...it seems to be java/javascript related, though...i turned off javascript and it SEEMED make it stop...if you do a search and hover over the link, it shows the correct URL...if you click on it and it redirects you, when you go back and hover over the link again, it shows the redirect instead
*shrug* 1/22/2010 6:40:00 PM |
HiWay58 All American 5111 Posts user info edit post |
^ im thinking it's java related too, I have yet to see a surefire fix anywhere for it yet 1/24/2010 8:07:27 PM |
HiWay58 All American 5111 Posts user info edit post |
Just did some more research... it's cookie related. Delete all of your cookies and it should fix. That makes sense as to why it fixed in one browser and not the other for me when I was tinkering. 1/24/2010 8:09:46 PM |
quagmire02 All American 44225 Posts user info edit post |
i'll try that...though i'm pretty sure i've cleared the cookies both through the browser and through ccleaner 1/24/2010 8:46:08 PM |
mikey99cobra All American 1138 Posts user info edit post |
I am giving up. On top of the google hijack, I have a virus that I can not get rid of. Windows will tell me it has to reboot because some core process has terminated automatically. AGV sees the virus but can not get rid of it, malwarebytes can not find anything, spybot S & D can not find anything. I also can not boot into safe mode for some reason, It just keeps restarting every time I select safe mode.
Time to format, and install a fresh copy of windows. 1/24/2010 9:53:08 PM |
HiWay58 All American 5111 Posts user info edit post |
DCOM failure right?
if you get that you can goto start run and type cmd then type shutdown -a
it will abort the auto shutdown. it's one and the same. I haven't had either happen since i cleared all cookies and turned off cookie support 1/24/2010 11:07:49 PM |
quagmire02 All American 44225 Posts user info edit post |
it's not cookie-related...i cleared everything (and furthermore disabled the acceptance of third-party cookies) and it's still problematic 1/25/2010 4:29:51 PM |
HiWay58 All American 5111 Posts user info edit post |
Not sure why that fixed it for me then, hmm 1/25/2010 6:09:26 PM |
quagmire02 All American 44225 Posts user info edit post |
i THINK i got rid of it...i uninstalled FF 3.5.7 and manually deleted the remaining folder...i checked the registry and roaming/local profiles for any remaining FF and didn't find any...i then uninstalled java completely...i then opened IE and had it clear everything
after all of that, i ran ccleaner, but it didn't find any cookies or temp files or leftover registry entries, either
i then installed FF 3.6 (which, btw, i really like) and disabled third-party cookies before doing any browsing
after that, i reinstalled java 6u18 (i was running 6u17)
so far, so good...no idea what, if any, of that got rid of the problem, but the hijack APPEARS to be gone 2/1/2010 7:39:58 AM |