Debaira - PC Security
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Search results being redirected!

Go down

Search results being redirected! Empty Search results being redirected!

Post  Admin Mon May 19, 2008 2:22 am

If your searhces are being redirected to other sites. Please post your problems.

Admin
Admin

Posts : 2
Join date : 2008-05-19

https://pc-security.board-directory.net

Back to top Go down

Search results being redirected! Empty Search results being redirected!

Post  debaira Mon May 19, 2008 2:55 am

When I search for something in Ixquick or Ask.com with Internet Explorer (version 6.0, 7.0), Firefox ( version 2.0 ) in a lot of cases I am being redirected to other sites.

Code:

Here's the Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:45 AM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ixquick.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec
Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec
Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Palm MulitUser Config] C:\Program Files\Palm\Configtool.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://echo.bluehornet.com
O15 - Trusted Zone: http://*.insurancejournal.com
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) -
http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176551855953
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B29ABBE-57DF-474C-B737-FF08262B4EC3}: NameServer = 85.255.113.204,85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\..\{39F59BEA-326A-47E2-A8C2-629EF367CBB7}: NameServer = 85.255.113.204,85.255.112.99
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.99
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.99
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program
Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 9092 bytes

Any help would be appreciated.

Thanks,
Debaira

debaira

Posts : 1
Join date : 2008-05-19

Back to top Go down

Search results being redirected! Empty Search results being redirected!

Post  Admin Thu May 22, 2008 10:17 am

Hello Debaira,

To help us solve your problem, could you please follow these suggestions and let me know:

Background:

Clicked, if searches are being redirected to incorrect sites/pages. It means, your computer is infected by Spywares/Adwares, it could be causing of the search redirection problems (i.e. when clicked on search results link, redirects to other sites, not which you are looking for). If your PC is infected by spywares/adwares, this kind of problems could be with any of search engines/sites.

*** To fix the search indirection problem ***

Please follow the steps below in order to eliminate the infection and clean up your computer.

1. Download the "HijackThis" Installer from this link: http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe, and install it. Then, create a log file of possible malware with HijackThis so you can analyze the results ( if you are unable to do so, post the log in text reply ).

2. Download the Pocket KillBox Pocket, Spybot - Search & Destroy ( free available ) and BlackLight Rootkit ( detects objects that are hidden from users and security tools ). You will need them later to delete parasite-related files and folders.

- You can grab Spybot Search and Destroy download from The home of Spybot-S&D! ( http://www.safer-networking.org/en/download/index.html ) and

- Blacklight from the LINK (ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe).

3. Howto create a HiJackThis Log:

To create a log file, open HijackThis, and from the QuickStart window click "Do a system scan and save a logfile". This will create a log file of POSSIBLE malware and save it as hijackthis.log in your HijackThis directory. You can then either analyze ( by yourself, if you are unable to do so, post in relpy text ) this log file as needed to get assistance on what items you can keep and which items need to remove.

Here's the brief steps towards creating HiJackThis Log:

- Download the "HijackThis" Installer from this link and install it. http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

- Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.

- Click "Save log" to save the log file and then the log will open in Notepad.

- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

4. Use HijackThis to fix suspect entries and check those which are suspected ( if you are unble to identify them, please post the log in text reply. I will let know which files you have to fix ). After you check suspect items, close all browsers and windows except for HijackThis, then click the Fix Checked button. Reboot after fixing.

5. Clean all your Cookies, Recycle Bin and Temporary Internet Files.

6. Run the PANDA online virus scan ( available at http://www.pandasoftware.com/products/activescan.htm )

OR EWIDO anti-spyware micro scanner ( available are http://www.ewido.net/en/onlinescan/ ).

For EWIDO:

- Before running the Ewido scan, please make sure your browser settings allow ActiveX controls. If your browser has ActiveX controls disabled, then

To enable ActiveX Controls, please follow below steps:

1. Click on Tools > Internet Options > Go to Security tab > Select Internet > Click on Custom Level

2. Enable below components related to ActiveX Controls:

a) Run ActiveX controls and plug-ins. b) Script ActiveX controls marked safe for scripting.

For PANASCAN:

- Once you are on the PANDASCAN site click the Scan your PC button

* A new window will open...click the Check Now button * Enter your Country - Enter your State/Province * Enter your e-mail address and click send * Select either Home User or Company * Click the big Scan Now button * If it wants to install an ActiveX component allow it * It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) * When download is complete, click on Local Disks to start the scan - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Finally, restart your computer once more.

7. Once in Safe Mode, run Pocket KillBox that helps to delete those annoying files that will not let themselves be deleted, no matter what you do.

8. Now run Spybot program, it will detect and remove the spywares/adwares infection from your computer. Reboot your computer again.

9. Then, run BlackLight Rootkit ( it detects objects that are hidden from users and security tools ) and it scans your computer for rootkits. I mean, BlackLight is a tool that detects files, folders and processes that are hidden from the user and other programs and is also able to remove hidden malware by renaming them.

If you will follow the mentioned steps, search redirection problems will be cured.

If you still have problems please post HijackThis log in text reply.

Thanks,
Rakesh

Admin
Admin

Posts : 2
Join date : 2008-05-19

https://pc-security.board-directory.net

Back to top Go down

Search results being redirected! Empty Re: Search results being redirected!

Post  Sponsored content


Sponsored content


Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum