Go Back  PPRuNe Forums > Misc. Forums > Computer/Internet Issues & Troubleshooting
Reload this Page >

Adware/Spyware issues: Google search result redirect

Wikiposts
Search
Computer/Internet Issues & Troubleshooting Anyone with questions about the terribly complex world of computers or the internet should try here. NOT FOR REPORTING ISSUES WITH PPRuNe FORUMS! Please use the subforum "PPRuNe Problems or Queries."

Adware/Spyware issues: Google search result redirect

Thread Tools
 
Search this Thread
 
Old 5th Feb 2010, 12:44
  #1 (permalink)  
Thread Starter
 
Join Date: Dec 2001
Location: GA, USA
Posts: 3,226
Likes: 0
Received 23 Likes on 10 Posts
Adware/Spyware issues: Google search result redirect

For two days know I've been battling some tenacious adware (I guess).
Suddenly started after a Google search, results pop up normal but when clicking on the links it gets redirected to random ad pages; furniture, car parts, make-up, rugs....just totally random without any resemblance to the original search topic. Using the back page function will almost always get me to a website that tells me my computer is infected and it starts a scan on a "fake" windows age.
The only thing that works is if I copy and paste the actual search result URL into the browser window.

Here are my stats:
  • Windows XP
  • Firefox browser (latest updates)
  • Windows XP firewall
  • Avira antivirus

Have downloaded and run the following:
  • Spyware Doctor ( paid version)
  • SuperAnti Spyware (professional version free trial)
  • HitManPro 3.5 (free trial version)

All of them have "found" stuff, Trojans, bugs, beetles, crabs, whatever they're called.
Remove, contain/isolate, quarantine whatever it calls for I do it.
Ran a Windows LIve online scan (took all night) stuff found, stuff removed problem still persists.

Changed search engines in the tool bar, no change
Tried Internet Explorer, same results after a Google search.
Have done a disc clean up and registry scrub.

I've run out of ideas.........any help appreciated.
B2N2 is offline  
Old 5th Feb 2010, 13:05
  #2 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes on 0 Posts
Usual advice - safe mode, malwarebytes scan. Also, find an AV prog that offers a boot-time scan - Avast is one. This catches the bu***s before they get loaded too far into memory.
BOAC is offline  
Old 5th Feb 2010, 13:10
  #3 (permalink)  
 
Join Date: Aug 2000
Location: Patterson, NY
Age: 66
Posts: 436
Likes: 0
Received 0 Likes on 0 Posts
I second BOAC's suggestion of running Avast. When all else fails Avast most always finds the culprit. Download it and run it.
rgbrock1 is offline  
Old 5th Feb 2010, 14:58
  #4 (permalink)  
Thread Starter
 
Join Date: Dec 2001
Location: GA, USA
Posts: 3,226
Likes: 0
Received 23 Likes on 10 Posts
Thanks for the quick replies.
Will the free version of Avast be good enough?

Regards,
B2N2 is offline  
Old 5th Feb 2010, 15:35
  #5 (permalink)  
 
Join Date: Aug 2000
Location: Patterson, NY
Age: 66
Posts: 436
Likes: 0
Received 0 Likes on 0 Posts
I've been running the free version of Avast for years. And it does the job quite nicely.
rgbrock1 is offline  
Old 5th Feb 2010, 15:54
  #6 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes on 0 Posts
Yes, the free is fine. I suggest you do not tick the option to 'enable skins' in the setup panel, but leave it on the simple interface. There is the option to enable a bootup scan. Reboot when you have selected it, and it will run. It will not run again until you select the option.

WARNING: If you have a deep-rooted infection, it is more than possible that the AVAST boot scan will delete some of your Windows system files IF they are infected. You correct this with your Windows XP disc - you need to run sfc from the 'run' box.
BOAC is offline  
Old 5th Feb 2010, 16:12
  #7 (permalink)  
 
Join Date: Aug 2000
Location: Patterson, NY
Age: 66
Posts: 436
Likes: 0
Received 0 Likes on 0 Posts
I've experienced that myself BOAC. I ran Avast after encountering some
questionable behavior on the part of my Windows PC. Avast found a couple of infected .dll files. Not wanting to mess any further with it I had Avast delete the suspect .dll's.

I then restored the dll's using the XP system disk and all was good again in Windows Land!
rgbrock1 is offline  
Old 5th Feb 2010, 17:20
  #8 (permalink)  
Thread Starter
 
Join Date: Dec 2001
Location: GA, USA
Posts: 3,226
Likes: 0
Received 23 Likes on 10 Posts
Hmm...somehow can't get Avast to run is Safe mode.
Downloaded the free version and registered for 30 days.
It comes up with a window that a path is missing or something similar.
B2N2 is offline  
Old 5th Feb 2010, 20:07
  #9 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes on 0 Posts
A bit of confusion here. No need for 'safe mode' for Avast boot scan. Just run the prog as normal and set for a boot scan and reboot.

Out of interest, can you access safe mode at all?
BOAC is offline  
Old 5th Feb 2010, 23:26
  #10 (permalink)  
Thread Starter
 
Join Date: Dec 2001
Location: GA, USA
Posts: 3,226
Likes: 0
Received 23 Likes on 10 Posts
Yes I can access safe mode.
Never did get Avast to run, not even in normal mode.
Will try a reinstall.
This is starting to get aggravating, Task manager doesn't work now.
B2N2 is offline  
Old 6th Feb 2010, 01:33
  #11 (permalink)  
Chief Tardis Technician
 
Join Date: Jan 2001
Location: Western Australia S31.715 E115.737
Age: 71
Posts: 554
Likes: 0
Received 0 Likes on 0 Posts
I have been getting these as well.

The problem lies not with your puter, as it seems certain sites are the target of search redirects that take you to those fake scan your pc sites.

Some search results will respond properly if you hover over the link right click and choose open in another window/tab.
Avtrician is offline  
Old 6th Feb 2010, 05:13
  #12 (permalink)  
 
Join Date: Dec 2005
Location: Wellington,NZ
Age: 66
Posts: 1,678
Received 10 Likes on 4 Posts
Avast should be downloaded, and Avira stopped and uninstalled via "add/remove programs" before Avast is installed.
You cannot run two resident AV's together. Almost always.
The current Avast version is 5.0.396. It's a new version, and a few releases on from that new version, as many bugs have needed fixing.

Some users are still experiencing problems with the new version, and of these, some are (or seem) inexplicable.

I recommend the latest old version (I'm still running it, and in no hurry to upgrade.) It is 4.8.1368, and can be got at Filehippo. Near the top right of that page, look at "old versions" and select the second. File Hippo is a reputable download site.

MBAM (choose the blue download- free version) should not be run in safe mode. Some of the low level drivers it uses require Windows to be running, to better access the features required to scan for and clean rootkits. It's on a par with SAS, better some days, the same on others, and following a quick scan, will produce a log. Everything should be ticked, and the "remove selected" button pressed. (This quarantines stuff.)
If you receive a prompt to reboot to finish removal, do so promptly.
As with any scanner, it should be updated before running, then it would in some cases be wise to disconnect the machine from the net. At least until after the reboot/rescan. (Yes, reboot it then rescan.)
If the same stuff - or similar - is still present, you're going to need more specialist help at a removal forum. Or a format and reinstall. Or you could keep attempting a fix using various demand scanners, or a BART CD.

Avira, DrWeb, and Kaspersky provide free downloads for the file needed to create and burn a BART CD, for which you will need a healthy computer with a disk burner.

Demand scanners that have a good rep at this sort of thing include DrWeb's Cureit, SAS, MBAM. AndyManchester's site provides good links and brief info concerning various security tools. Worth a look.
Tarq57 is offline  
Old 6th Feb 2010, 07:48
  #13 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by Tarq
MBAM (choose the blue download- free version) should not be run in safe mode.
- thanks for that - added to the 'fixit list'.

B2N2 - there are several 'infections' which shut down safe mode and av/firewalls, bagle being just one. See post #9 of mine in the top sticky 'FAQ' to try and fix safe mode. Google has lots of help too.
BOAC is offline  
Old 6th Feb 2010, 08:09
  #14 (permalink)  
 
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes on 0 Posts
As a side topic, to what extant can progs such as MBAM (just ran it myself) be used in place of "full" AV programs?

I have installed Kaspersky on every laptop and desktop I have built for the last few years, and recommended it to many more, and while it doesn't suffer from the issues seen on Symantec's stuff, it slows down the startup on my Thinkpad laptop massively.

Normally I wouldn't bother with AV on a travelling laptop which is used mostly for flight planning and a bit of email/www, but recently a nunch of websites have been infected including some pilot sites.
IO540 is offline  
Old 6th Feb 2010, 08:23
  #15 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes on 0 Posts
Malwarebytes MBAM, and other similar, 'find' and try to eliminate viruses once the machine is infected. The idea behind AV programmes is to stop the infection getting in. The two concepts are mutually supportive but not exchangeable.
BOAC is offline  
Old 6th Feb 2010, 08:35
  #16 (permalink)  
 
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes on 0 Posts
Malwarebytes MBAM, and other similar, 'find' and try to eliminate viruses once the machine is infected.
It is probably easy to write a virus to disable programs like this, though.

I've seen a number of cases where AV software was quite obviously crippled by some trojan.

I've never caught anything but my kids have; my teenage son was once found to have 13 trojans on his laptop. Now he doesn't allow anybody to look at his laptop (due to top secret Facebook etc communications) so I have banned him from internet connectivity at home, allowing him to access the web only via a specially configured AP which blocks all ports except 80, 443 and 59 I think (DNS). Normally he lives with my ex who doesn't care what he does I think installing AV software on a machine in that condition, infected by relatively recent viruses, may be a partly wasted exercise.
IO540 is offline  
Old 6th Feb 2010, 23:00
  #17 (permalink)  
Thread Starter
 
Join Date: Dec 2001
Location: GA, USA
Posts: 3,226
Likes: 0
Received 23 Likes on 10 Posts
I installed Avast and had to un-install several times as after a scan I lost internet access somehow. Firefox wouldn't start nor IE.
So I'd have to F8 during start-up and go to the "start with latest settings that worked".
So whatever Avast cleared up got undone I guess.
Ran two scans with Malwarebytes.org
un-installed Firefox and restarted, ran another "long" MBAM scan, restarted and reloaded Firefox.
Everything seems to work fine now but this was surely some tenacious little bugger as it's taken me 3 days. Steep learning curve here for a computer illiterate.

Thanks for all your help, great stuff...
B2N2 is offline  
Old 7th Feb 2010, 07:27
  #18 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes on 0 Posts
Did you run sfc after the Avast boot scan?
BOAC is offline  
Old 7th Feb 2010, 14:31
  #19 (permalink)  
Thread Starter
 
Join Date: Dec 2001
Location: GA, USA
Posts: 3,226
Likes: 0
Received 23 Likes on 10 Posts
Never did manage to get Avast to do a boot scan and what is sfc?

So everything seems to be working now and I have the following installed/active:
  • Windows Firewall
  • Avira
  • Spyware Doctor
  • MBAM

Sufficient?
B2N2 is offline  
Old 7th Feb 2010, 15:00
  #20 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes on 0 Posts
Good news then.

The idea was to install Avast, set it to run a boot scan, reboot and then run System File Checker (QV). No internet or browser required. All these shenanigans are often best run disconnected from the internet.

Never mind - job done hopefully. Don't forget to update your virus scanners before you run them.
BOAC is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.