How do i stop search redirects

March 29, 2011 at 20:13:27
Specs: Windows XP
Have trawled various forums, manually hacked away at the superfluous, used malwarebytes' anti-malware, superanti-spyware, sophos anti-rootkit and unhack me, tried disabling javascript, checked dns, hosts, and proxy settings, and scoured the filesystem for dozens of the usual suspects. My search results still redirect me almost unswervingly towards a goingonearth version of whichever result i've clicked. Likely point of infection was mj1.exe and mj2.exe though not sure of where they originated. Close to initiating a total re-install but refuse to be beaten, now 8hrs in and need to sleep. D

See More: How do i stop search redirects

Report •

#1
March 29, 2011 at 21:42:06
Did you try running Malwarebytes or SuperAntiSpyware in safe mode?

Report •

#2
March 30, 2011 at 12:34:44
I've run all i've got in normal and safe modes but still no luck.
There are no other symptoms of the infection, just search result redirects, and i'm curious as to the computation that causes it, is a process or corrupted file being referred to when i click a result? I thought it some form of internal corruption of firefox but IE has same issue (first time i've used it). Currently having to use proxy sites for all searches but none of the restrictions others have referred to. 2 potential supects sptd.sys and sapi0.dll both inaccessible and undeletable but nothing wants me to get rid of them. D

Report •

#3
March 30, 2011 at 12:44:51
Lets try running the following programs, download them to your desktop.
Rkill to stop malware running:
http://www.bleepingcomputer.com/for...
TDSSkiller to remove redirect trogans:
http://support.kaspersky.com/viruse...
At this point update and run Malwarebytes again:
Lastly download HitmanPro3.5:
http://download.cnet.com/Hitman-Pro...

Report •

Related Solutions

#4
March 30, 2011 at 12:54:44
p.s. addons seem fine nothing i haven't installed and none flagged by any anti-* scans, also yahoo search appears unaffected yet bing and google are. D
Edit:
p.p.s. didn't see reply before posting, cheers for help rkill ended grpconv.exe, tdss flagged sptd.sys and seems to have deleted it but problem persists post reboot mbam found nothing gonna reboot then use hitman

Report •

#5
March 30, 2011 at 14:02:21
If still no joy after HitmanPro check your Host File, Home Page and proxy settings.

Report •

#6
March 30, 2011 at 14:11:02
Hitman caught sapi0.dll and problem appears solved, no redirects in over 20 result clicks, though file remains, was it simply a corruption of the file that was flagged?
I selected delete and on reboot got a #3 Fail */sapi0.dll message, would quarantine have been a better option?
Not important, redirect free searching is mine once more, thanks very much for your help, will repost if if a rootkit resurrection takes place. Cheers. D

Report •

#7
March 30, 2011 at 14:13:16
Your most welcome thanks for letting me know.
Run a cleaner like CCleaner to clean things up.

Report •

Ask Question