search engines take me to wrong link

May 22, 2012 at 17:57:27
Specs: Windows 7
I am running windows 7 Explorer takes me to wrong link. Please help, i am not very tech savy

See More: search engines take me to wrong link

Report •

#1
May 22, 2012 at 18:57:28
to clarify, when i search google and click on a site, it takes me to the wrong site. Windows malitious software removal did not find anything..

Report •

#2
May 24, 2012 at 05:34:03
This might be malware/rootkit infection, which might survive scan with Windows malicious software removal tool. In such cases I would recommend TDSS Killer.
It also could be semi-malicious browser add-on, proxy, hosts file or malicious dns server. For this, check following guide : http://www.2-viruses.com/how-to-fix...

Report •

#3
May 24, 2012 at 06:44:11
Thank you. I ran TDSS last night as well as Malwarebytes (both in normal mode, not safe mode). TDDS did not find anything but Balwarebytes generated this report.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

5/23/2012 8:18:00 PM
mbam-log-2012-05-23 (20-18-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 319655
Time elapsed: 27 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Owner\AppData\Local\Temp\wpapry.dll (Trojan.Medfos) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wpapry (Trojan.Medfos) -> Data: rundll32.exe "C:\Users\Owner\AppData\Local\Temp\wpapry.dll",lMain -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Owner\AppData\Local\Temp\wpapry.dll (Trojan.Medfos) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Temp\wpbt0.dll (Exploit.Drop) -> Quarantined and deleted successfully.

(end)

After I rebooted, google was still redirecting me to the wrong sites. Any idea what Medfos this is and how to get rid of it easily? Thank you for your help


Report •

Related Solutions

#4
May 25, 2012 at 23:20:34
Use this step by step guide.

http://www.selectrealsecurity.com/m...


Report •

#5
May 26, 2012 at 06:46:07
Thank you for the help. I am not sure what you mean by checking the host. I opened it in notepad and just showed "127.0.0.1 localhost". I have run pretty much every antimalware program and none have solved my problem. The most recent one which found something was superantispyware. Log is below. It found many cookies that track.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/25/2012 at 10:06 PM

Application Version : 5.0.1150

Core Rules Database Version : 8650
Trace Rules Database Version: 6462

Scan type : Complete Scan
Total Scan Time : 00:37:07

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 598
Memory threats detected : 0
Registry items scanned : 65022
Registry threats detected : 0
File items scanned : 43506
File threats detected : 100

Adware.Tracking Cookie
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Y7SN8EMS.txt [ /atdmt.com ]
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\H9T8GG0P.txt [ /thefind.com ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\H51140KY.txt [ Cookie:owner@caloriecount.about.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\YVRMCX2Q.txt [ Cookie:owner@bs.serving-sys.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\4RNEF34X.txt [ Cookie:owner@www.castleinthecountry.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\TSYZSSEU.txt [ Cookie:owner@realmedia.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\QAH3ABWT.txt [ Cookie:owner@harborcountryvacationrentals.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\VBUTHN85.txt [ Cookie:owner@liveperson.net/hc/57386690 ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\CDDOC9R7.txt [ Cookie:owner@www.harborcountryvacationrentals.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\AK2HAWK8.txt [ Cookie:owner@www.googleadservices.com/pagead/conversion/1068037294/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\1UQYS42F.txt [ Cookie:owner@google.com/accounts/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\RWPBX3QO.txt [ Cookie:owner@adserver.adtechus.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\O0CTL52G.txt [ Cookie:owner@collective-media.net/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\8XABPYQY.txt [ Cookie:owner@adbrite.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\DPRJGJLB.txt [ Cookie:owner@andomedia.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\F8IWUXAA.txt [ Cookie:owner@accounts.google.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\QOGG5V1D.txt [ Cookie:owner@coupons.thefind.com/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\WHO3VT2K.txt [ Cookie:owner@www.googleadservices.com/pagead/conversion/1071957919/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\2PH1NH0N.txt [ Cookie:owner@doubleclick.net/ ]
C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\E3RN4B3F.txt [ Cookie:owner@serving-sys.com/ ]
.atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
click.get-answers-fast.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
click.get-answers-fast.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.aei.122.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
click.scour.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
click.scour.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
static.freewebs.getclicky.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.totalrecipesearch.dl.mywebsearch.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
.mywebsearch.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J9OAAPX3.DEFAULT\COOKIES.SQLITE ]

I am going to try johnw's link above. But any other help would be great. Anyy help with the host file is also welcome. I will let you know if Johnw's link works for me


Report •

#6
May 26, 2012 at 09:02:54
Johnw - I was following the guide you posted but my computer does not have a link to "system protection" in contol panel/all control panel/system. Non of the virus scans show anything. Thanks

Report •

#7
May 26, 2012 at 12:15:07
"Please help, i am not very tech savy"
You probably need a savy friend to help you.

"I was following the guide you posted but my computer does not have a link to "system protection" in contol panel/all control panel/system"

system protection is turned off

http://is.gd/w5oY8g


Report •

Ask Question