Articles

Solved every time i click on a google search link, it redirects me!

January 10, 2013 at 14:53:40
Specs: Windows XP, Pentium 4 3.40 Ghz/2.99 GB

Basically, every time i try to do a search on google and follow the result links; it takes me to a random page.

it happens most of the time. at first i was using chrome and then i uninstalled it.
now i am using ie8 but still the same problem occurs.

i tried to system restore but it does not work.
i have added Norton Antivirus and it is up-to-date.
I have also installed Malawarebytes -Anitmalaware and it also detected nothing.
i have done the run>cmd>ipconfig /flushdns and that did not work either.
i have looked for the TDSSserv.sys file but that doesnt exist in my folders at all!

once i was looking through my add ons in IE and found there were two googles and i deleted both of them.

whatever i try to do, the problem still persists!!

my computer is a INTEL {R}
PENTIUM {R} 4 CPU,
3.40 Ghz,
2.99GB of RAM

I dont know what to do! Please help me :(


See More: every time i click on a google search link, it redirects me!

Report •


#1
January 10, 2013 at 15:02:49

See #7 on here:
http://www.computing.net/answers/wi...

Even if this cures the symptom you might still need someone to go through your system to ensure it is as clean as possible.

Always pop back and let us know the outcome - thanks


Report •

#2
January 10, 2013 at 15:05:59

Please copy & paste instructions into a text file, print steps & info. You will need them, as they are hard to remember, for when you are offline.

Note: Is your important stuff backed up, including your emails & address book. Anything can happen, during the clean up.

The badies are always ahead of the goodies, be aware, this can be a very long process, involving many different tools to clean up an infected comp.
Some infections are irremovable.
Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc.
The use of the computer is the primary factor in the decision whether to re-format and re-install, or just disinfect.
http://www.dslreports.com/faq/10063
How to report ID theft, fraud, drive-by installs, hijacking and malware?
http://www.dslreports.com/faq/10451
Change your router password if it is not strong or still uses the default one.
Hack lets intruders sneak into home routers
http://tinyurl.com/4pz64fc
http://compnetworking.about.com/od/...

If you do decide to reinstall, make sure you delete ALL partitions & format to NTFS.
D to Delete the selected partition ( XP )
http://www.blackviper.com/os-instal...
W7 - Click on > Drive options (advanced) Then highlight each partition & hit > Delete.
http://www.blackviper.com/os-instal...
http://www.blackviper.com/os-instal...
Here are some examples of why you delete all partitions.
http://forums.spybot.info/showthrea...
http://forums.whatthetech.com/index...
http://blog.eset.com/2011/10/18/tdl...

As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These then we have to repair later.

If any program won't run ( due to the infection ) let me know. Post the log/logs after each run.
Screenshots ( SS ) may also requested, or if you want to illustrate a point yourself, use the uploader.
If any of the logs are too large, upload them to a site of your choosing or, all can be done with this. I use Imgur.com
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use
http://i.imgur.com/rr0p9.gif
http://i.imgur.com/zsqmE.gif
http://i.imgur.com/OA9LW.gif
http://i.imgur.com/PujnZ.gif
For other files.
http://i.imgur.com/C1qBB.gif
http://i.imgur.com/wqOKq.gif
Or,
http://i.imgur.com/KT4wS.gif
http://i.imgur.com/wAG3q.gif

After each fix or change we make, let me know how the comp is running. Example: Still getting redirected.


Report •

#3
January 10, 2013 at 15:08:59
✔ Best Answer

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

2: Reboot

3: Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; please post the contents of that document.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

4: Run Hitman Pro
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.surfright.nl/en/HitmanPro
http://www.surfright.nl/en/hitmanpro/
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (32-bit)
http://dl.surfright.nl/HitmanPro35.exe
Download now (64-bit)
http://dl.surfright.nl/HitmanPro35_...
Review
http://www.youtube.com/watch?v=WmPQ...


Report •

Related Solutions

#4
January 12, 2013 at 11:49:05

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
[color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color]
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
Antivirus up to date! (On Access scanning [b]disabled[/b]!)
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.70.0.1100
Adobe Reader 10.1.1 [color=red][b]Adobe Reader out of Date![/b][/color]
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Norton ccSvcHst.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C:: 3%
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#5
January 12, 2013 at 12:14:40

OMG - its actually work!
HitMan Pro is amazing!
it found this trojan in the system32 called cmdlibz.dll and once i removed it- thank god all websites are directed to the right place

thank you soo much for helping me with this issue!


Report •


Ask Question