Search engine redirect problem

[Dave C.]

Happy Monday,

I have asked this question a couple of years ago but have the same
problem again. Everytime I put something in Google, Yahoo, Bing,
etc. and get search results, then click on the search results, I get
taken to some other page.

Does anyone know of a good way to clear this up? I have scanned with
Norton (It's a work computer), Spybot, Housecall (Trend MIco) and have
even downloaded a tool from Symantec's website regarding this issue.
However, nothing has been able to detect what is going on?

Does anyone have any other advice?

It's a Dell Windows XP Professional machine with Pentium 4 and 1 gig
ram

Thanks in advance for any help!

Dave

[Bob Fox]

My wife's pc had the same problem, then my mother-in-laws pc. I spent too much time with not enough results so researching and trying so I re-installed the OS whilst keeping the data files (do not reformat the drive). I do not have time for hunt and peck and then see if it works.

All OS's should be re-installed every 1 to 2 years anyhow. It does make a big difference not only in solving the problem but in noticeable performance increases.

[Kyle Harbinger]

Sometimes the redirect can be a result of a tdss rootkit. Download and run this tool from Kaspersky. It only looks for the TDSS rootkit. 

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Let me know what, if anything, it finds.

Kyle

[edheitzman]

Make sure something hasn't changed your settings to use a proxy server.
Open Internet Options in Control Panel; hit the "Connections" tab then the "LAN settings" button.
There make sure that the option to use a proxy server is NOT checked.

You said that this is a work computer, so if you know a proxy server is required for your work then make sure that the server settings are correct.

If a setting change is your problem then something changed it so you must have (or recently had) malware on the system. Maybe the tools you used removed it without restoring the setting, and maybe not.
The rootkit scanner isn't a bad idea, and maybe download and run Malwarebytes too ( malwarebytes.org ).

- Ed

On Monday, 30 April 2012 13:01:30 UTC-4, Dave C. wrote:

[David]

Hey Kyle,

 

I got some success.   Less redirects.   A lot better than before.   I'm still getting redirected on some results.

 

Thanks,

 

Dave

--
This is a message from the PC TALK Online BBS.
* The BBS is open to all.
* We support all operating systems.
* Get support or just talk with other users at http://BBS.RBLevin.net
Post a message by e-mailing PC...@googlegroups.com
Unsubscribe by e-mailing PCTOL-un...@googlegroups.com

[David Clements]

Someone from my IT department worked on my computer.  It was infected with the S.M.A.R.T. HDD.   She installed Malware bytes on this computer after getting rid of the virus.  However, when I started using the internet, that's when I started noticing the redirects.

--

[David Clements]

No proxy settings are checked.   All good there.

On Mon, Apr 30, 2012 at 3:06 PM, edheitzman <edhei...@gmail.com> wrote:

--

[Kyle Harbinger]

If your IT dept. fixed it initially, they didn't do a very good job. Especially if you're still having problems. Did you let them know about it? 

So, did tdsskiller find anything? If you're still getting redirected, you are still infected. Sometimes a rootkit can re-enable itself when rebooted, especially if it's a bootsector rootkit. Run tdsskiller again, if it finds it again, reboot and run it a third time. If it finds it again after the third time, it's best to backup your data and re-install Windows. It's possible to remove a bootsector rootkit, but in my experience, more than 50% of the time it will make the computer unbootable.

Kyle

On Monday, 30 April 2012 13:01:30 UTC-4, Dave C. wrote:

On Monday, 30 April 2012 13:01:30 UTC-4, Dave C. wrote:

On Monday, 30 April 2012 13:01:30 UTC-4, Dave C. wrote:

[Kyle Harbinger]

Forgot to attach this link...instructions for removing the infection, from bleeping computer.

http://www.bleepingcomputer.com/virus-removal/remove-smart-hdd 

[Dave]

You’re right – they didn’t do a very good job.   I just emailed them to let them know.   I thought I could maybe clear it up myself (I did before), but no go.  Oh well.   

 

By the way, I HATE NORTON ANTIVIRUS – it catches NOTHING!    I got this virus from clicking on what looked to be an innocent link (I was reading an article on the web).   I repeated the same actions at home and my antivirus at home caught it before it had a chance to do anything (NOD32).  

--

[Kyle Harbinger]

I have to disagree with you about Norton. I use it and sell it to my customers. I've sold a couple hundred subscriptions in the past few years and only one person had an issue with a virus...and that was only because a bad hard drive corrupted the program and it wasn't working properly. Do you have Norton anti-virus or Symantec End Point? End point doesn't get updated as often as Norton. I have heard very good things about Eset but haven't used it myself. You're a brave person testing your anti-virus that way...lol

On Monday, 30 April 2012 13:01:30 UTC-4, Dave C. wrote:

On Monday, 30 April 2012 13:01:30 UTC-4, Dave C. wrote:

[Rich M]

I have to disagree with you. Hopefully we both know no one has seen a real virus in years because this malware is not really virus composition. Norton and other Antivirus products
often claim to be able to remove malware but I have never seen one that could and in all the 15+ years in my exposure to Norton Antivirus, its been present and running on the most heavily infected computers
 I have worked on and I have never  seen it remove anything in all those years. When you add to it the number of users fleeced by Symantec selling them upgrades for old programs
 that the program could never possible use, I find much of their activity "quasi criminal" in nature!

[Joe Mezzanini]

http://www.bleepingcomputer.com/combofix/how-to-use-combofix 

combofix 

--

This is a message from the PC TALK Online BBS.
* The BBS is open to all.
* We support all operating systems.
* Get support or just talk with other users at http://BBS.RBLevin.net
Post a message by e-mailing PC...@googlegroups.com
Unsubscribe by e-mailing PCTOL-un...@googlegroups.com

--

 theMezz.com

support.theMezz.com

315-281-9878

“There are two ways to live: you can live as if nothing is a miracle; you can live as if everything is a miracle.”

-Albert Einstein

[hvlp...@yahoo.com]

I've tried all of those you've listed, as well as AVG, AVAST, Spyhunter, Avira, Combofix, Hijack This, and Microsoft Defender. NONE worked. I don't specifically endorse ANY software, but in a last ditch effort I asked a neighbor if he has any ideas (forums are great but I was getting nowhere fast) and he suggested Prevx 3.0. I seriously doubted it would work...but it did! Don't know if you'll have a different experience but I would at least recommend looking into as one alternative. Good luck!

[David Moskowitz]

This is an older thread and I didn't check to see if this was mentioned (and I was also VERY busy at the time and don't believe I responded to this message). My apologies for the late response...  :-)

When this type of hijack occurs, it's sometimes a replaced or overwritten "hosts" file. Some malware tools scan the file (it's a pure ASCII text file) and some don't. If traditional scans don't find anything and you still experience the redirection, then this is very good hint to check this file.

This file can't be changed on Windows Vista and later unless the program attempting to write (re-write) the file is given administrator privilege or user access control is disabled. On Windows XP and prior systems it was trivial.

David