Search results being hijacked and redirecting

July 6, 2011 at 18:43:48
Specs: windows 7
My search results on both firefox and internet explorer browsers are redirecting to the wrong sites on both google and yahoo. I picked up A couple trojan clicker viruses from A forum last week that caused many of my folders to become hidden and there was an iframe that popped up to try and get me to pay for removal. pcmatic was supposably able to remove the viruses. But ever since that point my search results are still redirecting elsewhere.

So yesterday I decided to restore my cpu to factory settings thinking this would fix the issue. But after restoring to default the search results are still redirecting and the malware scanners such as malwarebytes and unhackme and kaspersky are not detecting any infections. Meanwhile the search results are still redirecting and I cant find A fix! Please let me know if you have any ideas because even a factory restore did not solve the problem and scanners are not detecting the problem.


See More: Search results being hijacked and redirecting

Report •

July 6, 2011 at 21:22:56

If the scans are coming up clean, and a factory restore did not solve the problem, please try the following:

Please download BootKit Remover:

Save it to the Desktop.
Extract the remover.exe file from the RAR file using a program capable of extracting RAR compressed files.

If you don't have an extraction program, you can use 7-Zip:
Double click its icon on the Desktop to install the program.

Now, right-click bootkit_remover.rar, and select 7-Zip > Extract files...
If running Windows 7 or Vista, right-click the remover.exe file inside the new folder created on the Desktop, and select:' Run as Administrator' to run the program.

When the program is done, right-click the black screen, and select: Mark
Open Notepad (Start > Programs > Accessories > Notepad)
Right click inside Notepad, and select: Paste (or: Ctrl V)

>>Please provide the report in your reply. <<

Also, what brand/model/number (i.e.: Dell Inspiron 1234) of computer is this? The reason for asking, some computers, like Dell, HP, have a unique Master Boot Record.

Do you have the Windows 7 Installation DVD that came with the computer?

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 6, 2011 at 21:40:16
Hi thanks for replying. For some reason I cant get the bootkit remover out of the rar. It is saying CRC integrity test failed. The archive file is corrupted and can not be opened.

As for the other information. This is A gateway NV52 Laptop. Did not come with A windows 7 disc.

Report •

July 6, 2011 at 22:00:14
For some reason jzip wouldnt extract the file but I installed 7zip and that was able to extract it. However when I try and run it... It is telling me its not A valid win32 application and wont run it.

Report •

Related Solutions

July 7, 2011 at 09:07:49
Try right-clicking the remover.exe file inside the newly created folder, and, to run the program select: 'Run as Administrator'

See how that goes...

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 7, 2011 at 09:37:08
When I right click and select run as admin it still gives me the same error message. It says its not A valid win32 application.


Report •

July 7, 2011 at 13:52:10

Do the following:

(These are diagnostic programs, they do not fix the computer, but, we need to see if they show RootKit activity.)

Download GMER:

[Downloads a randomly named file. (Recommended)]

Disconnect from the Internet and close all running programs.

Temporarily disable any real-time active protection so your security programs do not conflict with gmer's driver.

Double-click on the randomly named GMER file (i.e. n7gmo46c.exe)
Allow the gmer.sys driver to load...

GMER opens to the Rootkit/Malware tab and performs an automatic quick scan when first run. (Please do not use the computer while the scan is in progress.)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your NO

Now, click the >Scan< button.
If you see a RootKit warning, click OK.

When the scan finishes, click the 'Save...' button to save the scan results to your Desktop.

Save the file as >gmer.log<

>>Click the Copy button and Paste the results of the GMER log in your reply.<<

Note: Please, do not take action on any of the information on the GMER report!!

If you encounter any problems, try running GMER in Safe Mode:
If GMER crashes or keeps resulting in a BSODs, uncheck 'Devices' (on the right side) before scanning.

Now, download mbr.exe
Save the file to your Desktop.
Double-click >mbr.exe< and follow the prompts.
When mbr.exe is done, it creates a log.
>>Also copy and paste contents of the mbr.exe log in your reply.<<

Next, download aswMBR:

Save to your Desktop.
Double click the aswMBR.exe icon to run it

Click the Scan button to start the scan

Upon completion of the scan, click the Save Log button
>>Save the aswMBR log to your Desktop, and post it in your reply.<<

Post all of these results:
1. The GMER log
2. The mbr.exe log
3. The aswMBR log

Retired - Doin' Dis, Dat, and slapping malware.

Report •

July 7, 2011 at 13:53:44
Looks like the problem is now solved :) I have been scanning my Laptop with the same software for the past 5 days Kaspersky TDSSKiller and it could not detect anything. Just A few minutes ago I started up the software and it updated itself. I ran the scan and it was able to detect it and cure it. So I must have picked something up that was on the fringe of discovery and the new update was able to detect it. Kaspersky was just A little behind the sickos creating these things.

Thanks for taking the time out to assist me aaflac44

Report •

July 7, 2011 at 17:56:17
Glad you got it working.

If the same redirection problems reappear in the next couple of days, post back.

Retired - Doin' Dis, Dat, and slapping malware.

Report •

Ask Question