Google links redirect me to random sites

July 17, 2009 at 07:01:29
Specs: Windows XP

Whenever i do a search in google it redirects me to very random sites. One time it redirected me to quiznos.com. Also whenever i try to run malwarebytes or hijackthis, it just wont open. Please help me as soon as possible before this problem gets out of hand.

See More: Google links redirect me to random sites

Report •


#1
July 17, 2009 at 07:31:26

if you are using Chrome this is a bug in it, one of the reasons I took it off my machine
If not, run a complete thorough scan with trend micro: http://housecall.trendmicro.com/

Report •

#2
July 17, 2009 at 17:01:31

it isnt on chrome its on mozzila and internet explorer because
those are the ones that are on my computer

Report •

#3
September 20, 2009 at 11:50:21

Download and run Kaspersky AVP tool in safe mode: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool in safe mode:
# Check below options:

    * Select all the objects/places to be scanned. 
    * Settings > Customize > Heuristic analyzer > Enable deep rootkit search

# Click Scan
# Fix what it detects
# Zip/Rar Scan log/Summary and upload it to rapidshare.com. Post download link in your next message.

Illustrated tutorial: http://img32.imageshack.us/img32/76...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

Related Solutions

#4
September 21, 2009 at 01:08:38

Use Spyware Doctor free version from Google pack website:
http://pack.google.com/intl/en/pack...

Report •

#5
September 22, 2009 at 02:42:04

I scanned my computer and finished it it found 21 things and couldn't delete one of them.
The link is
http://rapidshare.com/files/2833868...

Report •

#6
September 22, 2009 at 11:05:32


Report •

#7
September 22, 2009 at 11:57:15

Nope it still didn't solve the problem

Report •

#8
September 23, 2009 at 07:53:34

Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode and make sure you are connected to internet. If avz.exe doesn't start, then try to rename the file avz.exe to game.pif and try to run it again. Pause/Stop your antivirus, firewall software (if any), close games, text editors and all other programs; leave Internet Explorer/Firefox running, before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility.

--> Please navigate to "File" => "Custom Scripts". Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteAVUpdate;
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script.

--> Choose from the menu "File" => "Standard scripts" and mark the "Healing/Quarantine and Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip. Upload virusinfo_syscure.zip to rapidshare.com and paste the link here.
* It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

In your next reply, please include download links to the following:
[*] virusinfo_syscure.zip
[*] DDS Logs

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#9
September 23, 2009 at 13:07:26

There is no healing and quarantining in the standard scripts.

Report •

#10
September 26, 2009 at 11:11:33

New version changed it its now called: Advanced System Analysis with malware removal mode enabled

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#11
September 26, 2009 at 12:49:19

OK ill sen it in a bit

Report •

#12
September 27, 2009 at 10:50:44

Finished the AVZ scan and the I didn't know which file you wanted so here are 4

http://rapidshare.com/files/2857484...

http://rapidshare.com/files/2857486...

http://rapidshare.com/files/2857487...

http://rapidshare.com/files/2857491...


Report •

#13
September 27, 2009 at 11:06:59

I finished the DDS thing and here is:
DDS.txt:

http://rapidshare.com/files/2857543...

Attach.txt:

http://rapidshare.com/files/2857545...


Report •

#14
September 27, 2009 at 13:07:44

Hi All,

I have the same problem, have been following the forum. Very usefull tips. Looks like the virus has evolved itself.

When I try to run BlackLight or HijackThis tool, the tool stops itself after couple of mins. Also the access rights for the tool is revoked as well. Tried in SafeMode as well, still no luck. Please help...


Report •

#15
September 27, 2009 at 13:18:03

Yeh i have your files i see a rootkit i will help you remove tomm or tuesday. Really busy till Tuesday. Don't do anything take a break from a computer till then :).

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#16
September 29, 2009 at 07:57:44

Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DeleteService('xnetvmfi');
 StopService('xnetvmfi');
 QuarantineFile('C:\WINDOWS\system32\drivers\lcsodyf.sys','');
 QuarantineFile('\\?\globalroot\systemroot\system32\gxvxcnemkglnrgwllkibngsfaaapubuyupqpp.dll','');
 DeleteFile('\\?\globalroot\systemroot\system32\gxvxcnemkglnrgwllkibngsfaaapubuyupqpp.dll');
 DeleteFile('C:\WINDOWS\system32\drivers\lcsodyf.sys');
 ExecuteRepair(13);
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

2) Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

3) Please zip up C:\qoobox\quarantine and upload it, to a filehost such as http://rapidshare.com/ Then, Private Message me the Download links to the uploaded files.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#17
September 30, 2009 at 12:53:00

Hey i finished the scan for avz and combofix. After running combofix it said i still had mcafee viruscan running but i checked and mcafee wasnt installed so i let it run and at the end it told me to ron chkdsk and when i restarted it automatically ran. the link to the compofixlog is

http://rapidshare.com/files/2870526...


Report •

#18
October 1, 2009 at 12:33:55

Uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok.

Then follow:

1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#19
October 2, 2009 at 12:43:45

I dont understand

Uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok.

this part of the directions


Report •

#20
Report •

#21
October 3, 2009 at 14:45:28

I gather JDK wanted you to use this link as a reference to shutting down AV and spyware prog processes ;)
http://www.bleepingcomputer.com/for...



Report •

#22
October 5, 2009 at 12:06:12

I cant disable mcafee virus scan because the M in the quick launch doesn't show up.

Report •

#23
October 5, 2009 at 20:13:38

its ok continue with rest of the steps.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •


Ask Question