Google search links redirect to other website

Custom / P5k se
January 19, 2011 at 08:42:06
Specs: Windows XP SP3, 2.999 GHz / 3071 MB
I found this exact problem here and hope someone can help me too.

I have downloaded the script and run it and saved the results.

Right after that AVG found Trojan horse Generic20.BYQB in C:\Documents and Settings\Kelly\Application Data\Sun\JAVA\Deployment\cache\6.0\18\4fb75c12-4881a4cb.

Is it strange that Java version 6 update 18 is referenced in step #6 if the other solution.

I used to be a compu-tech, but traded my screwdriver and boot disk for graphic design/print shop gig. I have totally lost tough with all of these techniques. I do know enough to recognize that my system is not behaving properly though. I hope you can help.

See More: Google search links redirect to other website

Report •

January 21, 2011 at 18:51:09
"I have downloaded the script and run it and saved the results"
If you are referring to Combofix, post the log file please.

Report •

January 21, 2011 at 19:05:01
I was actually referring to DDS.scr that was the first step in the other solution that I linked to. Files created were DDS.txt and ATTACH.txt. I can post either or both, but must do it tomorrow as computer in question is at the office.

Report •

January 21, 2011 at 19:46:00
At this stage I prefer the log from here please.

The Tools
1) The Avenger – a full-scriptable, kernel-level driver designed to remove highly persistent files and registry keys/values protected by entrenched malware.
It works ONLY for Windows 2000 and XP. See here for usage and release notes.
If the ZIP compression format poses a problem, a non-compressed EXE is available here.

Report •

Related Solutions

January 22, 2011 at 07:51:45
Okay... so I extracted and ran avenger.exe. Avenger.txt in the root of C: reads as follows, it did produce a few errors that I suspect were cause because my system had removable disks identified, (the drive letters show in my computer) but because they are linked to card readers, there are no disk actually there.

Logfile of The Avenger Version 2.0, (c) by Swandog46

Platform: Windows XP


Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger


Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.


Finished! Terminate.

Report •

January 22, 2011 at 08:12:46
Have you rebooted?

I mainly wanted to see if it found any rootkits.

Without jumping into very powerfull programs, which can lead to other problems, lets try these & see if they fix your problems after a reboot.

Malwarebytes' Anti-Malware
Error codes
Common Issues, Questions, and their Solutions, Frequently Asked Questions.
VIPRE Rescue Program
Try it in Safe mode.
If it won't run, rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
If it still will not run.
1: Go to Control Panel > Programs and Features and uninstall Malwarebytes.
Next redownload Malwarebytes but rename it before you download it to your desktop. As you are in the process of downloading when you get to the point that the "enter name of file to save to" box appears, in the "filename" slot, rename mbam-setup.exe to something.exe, then click Save.
If it installed but will not run, navigate to this folder:
2: C:\Programs Files\Malwarebytes' AntiMalware
At the top of the page, Tools > Folder Options > View, click > Show hidden files and folders and untick > Hide extensions for known file types.
How to see hidden files in Windows
Rename all the .exe files in the Malwarebytes' Anti-Malware folder and try to run it again.
When it opens, update 1st.
If it won't update after installing, update manually.
Download & install.


Report •

January 22, 2011 at 09:11:33
I did that, and still nothing, so I got to thinking and I think I did the thing that you all warn against. The problem happened to me on Wednesday around noon. So, I ran Spybot S&D like I always do, it found 4 problems (log inserted below). So I removed them like I always do, but figured that since the problem keeps returning, I'd Google it up and see what I could found. At which point I stumbled on the post that I linked to initially. From all the logs and multiple steps and such, it seemed like the problem must be far more serious than a few cookies, so I posted my request for help.

My guess now is that it is one of the cookies below that is at issue, and Spybot removed it, and I have not been back to what ever website it is that keeps infecting me. So I guess I have another question. How can I prevent this, it's really irritating.

I used Spybot's Immunize option in hopes of preventing further infections, but that doesn't seem to have worked. I am running AVG and I see now that it has options for scanning for Tracking Cookies in its Resident Shield and in the Scanner. Will turning that on be enough? Is there a better option.

I appreciate any insight you might have in this area. And thank you for your time, sorry for having wasted it a bit...



--- Report generated: 2011-01-19 12:32 ---

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

Report •

January 22, 2011 at 12:13:39
I don't have AVG installed on any of my comps & don't think blocking tracking cookies will help with your problem, but lets eliminate that issue with AVG.

What browser are you using?

AVG scanning for Tracking Cookies in its Resident Shield

Report •

January 22, 2011 at 12:41:13
Did you update your Java?

Run this program.

UnHackMe is a first bootwatch antirootkit.

The Hosts file is an area of attack from the badies.
Do a search for the hosts file ( In Windows\system32\drivers\etc ) & rename to > hosts.txt or hostsold.

Report •

January 22, 2011 at 14:57:51
I'm home for the weekend now, but I'll see what I can do on Monday. Unfortunately my system is also the data serve for the office, so multiple reboots makes me an unappreciated colleague. Thanks for all the info so far.

With respect to your previous post, AVG did keep finding tracking cookies, but I was able to find and remove them all, and now it doesn't find them. Oddly (or maybe not) when I do the Spybot scans, it found cookies in Chrome (which I use intermittently) and in IE (which I use for site testing) but not in FF. I think maybe it is unable to scan the FF cookies file since they are using a strange database system I think called "squite". With AVG installed, I could load Chrome and no cookie errors were reported, but with FF, it found tons. My browser use is basically FF 1st as my main browser, Chrome for personal browsing (it syncs bookmarks, etc, with my home laptop) and IE very rarely, basically only for sites that FF and Chrome won't handle correctly. The problem I have been experiencing only happens in FF as far as I can recall.

Report •

January 22, 2011 at 17:42:39
"I think maybe it is unable to scan the FF cookies file since they are using a strange database system"

spybot firefox

Immunizing Firefox does not work

Report •

Ask Question