Adware/Spyware issues: Google search result redirect
 

For two days know I've been battling some tenacious adware (I guess).
Suddenly started after a Google search, results pop up normal but when clicking on the links it gets redirected to random ad pages; furniture, car parts, make-up, rugs....just totally random without any resemblance to the original search topic. Using the back page function will almost always get me to a website that tells me my computer is infected and it starts a scan on a "fake" windows age.
The only thing that works is if I copy and paste the actual search result URL into the browser window.

Here are my stats:

• Windows XP
• Firefox browser (latest updates)
• Windows XP firewall
• Avira antivirus

Have downloaded and run the following:

• Spyware Doctor ( paid version)
• SuperAnti Spyware (professional version free trial)
• HitManPro 3.5 (free trial version)

All of them have "found" stuff, Trojans, bugs, beetles, crabs, whatever they're called.
Remove, contain/isolate, quarantine whatever it calls for I do it.
Ran a Windows LIve online scan (took all night) stuff found, stuff removed problem still persists.

Changed search engines in the tool bar, no change
Tried Internet Explorer, same results after a Google search.
Have done a disc clean up and registry scrub.

I've run out of ideas.........any help appreciated.

Usual advice - safe mode, malwarebytes scan. Also, find an AV prog that offers a boot-time scan - Avast is one. This catches the bu***s before they get loaded too far into memory.

I second BOAC's suggestion of running Avast. When all else fails Avast most always finds the culprit. Download it and run it.

Thanks for the quick replies.
Will the free version of Avast be good enough?

Regards,

I've been running the free version of Avast for years. And it does the job quite nicely.

Yes, the free is fine. I suggest you do not tick the option to 'enable skins' in the setup panel, but leave it on the simple interface. There is the option to enable a bootup scan. Reboot when you have selected it, and it will run. It will not run again until you select the option.

WARNING: If you have a deep-rooted infection, it is more than possible that the AVAST boot scan will delete some of your Windows system files IF they are infected. You correct this with your Windows XP disc - you need to run sfc from the 'run' box.

I've experienced that myself BOAC. I ran Avast after encountering some
questionable behavior on the part of my Windows PC. Avast found a couple of infected .dll files. Not wanting to mess any further with it I had Avast delete the suspect .dll's.

I then restored the dll's using the XP system disk and all was good again in Windows Land!

Hmm...somehow can't get Avast to run is Safe mode.
Downloaded the free version and registered for 30 days.
It comes up with a window that a path is missing or something similar.
:mad:

A bit of confusion here. No need for 'safe mode' for Avast boot scan. Just run the prog as normal and set for a boot scan and reboot.

Out of interest, can you access safe mode at all?

Yes I can access safe mode.
Never did get Avast to run, not even in normal mode.
Will try a reinstall.
This is starting to get aggravating, Task manager doesn't work now.

I have been getting these as well.

The problem lies not with your puter, as it seems certain sites are the target of search redirects that take you to those fake scan your pc sites.

Some search results will respond properly if you hover over the link right click and choose open in another window/tab.

Avast should be downloaded, and Avira stopped and uninstalled via "add/remove programs" before Avast is installed.
You cannot run two resident AV's together. Almost always.
The current Avast version is 5.0.396. It's a new version, and a few releases on from that new version, as many bugs have needed fixing.

Some users are still experiencing problems with the new version, and of these, some are (or seem) inexplicable.

I recommend the latest old version (I'm still running it, and in no hurry to upgrade.) It is 4.8.1368, and can be got at Filehippo. Near the top right of that page, look at "old versions" and select the second. File Hippo is a reputable download site.

MBAM (choose the blue download- free version) should not be run in safe mode. Some of the low level drivers it uses require Windows to be running, to better access the features required to scan for and clean rootkits. It's on a par with SAS, better some days, the same on others, and following a quick scan, will produce a log. Everything should be ticked, and the "remove selected" button pressed. (This quarantines stuff.)
If you receive a prompt to reboot to finish removal, do so promptly.
As with any scanner, it should be updated before running, then it would in some cases be wise to disconnect the machine from the net. At least until after the reboot/rescan. (Yes, reboot it then rescan.)
If the same stuff - or similar - is still present, you're going to need more specialist help at a removal forum. Or a format and reinstall. Or you could keep attempting a fix using various demand scanners, or a BART CD.

Avira, DrWeb, and Kaspersky provide free downloads for the file needed to create and burn a BART CD, for which you will need a healthy computer with a disk burner.

Demand scanners that have a good rep at this sort of thing include DrWeb's Cureit, SAS, MBAM. AndyManchester's site provides good links and brief info concerning various security tools. Worth a look.

- thanks for that - added to the 'fixit list'.

B2N2 - there are several 'infections' which shut down safe mode and av/firewalls, bagle being just one. See post #9 of mine in the top sticky 'FAQ' to try and fix safe mode. Google has lots of help too.

As a side topic, to what extant can progs such as MBAM (just ran it myself) be used in place of "full" AV programs?

I have installed Kaspersky on every laptop and desktop I have built for the last few years, and recommended it to many more, and while it doesn't suffer from the issues seen on Symantec's stuff, it slows down the startup on my Thinkpad laptop massively.

Normally I wouldn't bother with AV on a travelling laptop which is used mostly for flight planning and a bit of email/www, but recently a nunch of websites have been infected including some pilot sites.

Malwarebytes MBAM, and other similar, 'find' and try to eliminate viruses once the machine is infected. The idea behind AV programmes is to stop the infection getting in. The two concepts are mutually supportive but not exchangeable.

It is probably easy to write a virus to disable programs like this, though.

I've seen a number of cases where AV software was quite obviously crippled by some trojan.

I've never caught anything but my kids have; my teenage son was once found to have 13 trojans on his laptop. Now he doesn't allow anybody to look at his laptop (due to top secret Facebook etc communications) so I have banned him from internet connectivity at home, allowing him to access the web only via a specially configured AP which blocks all ports except 80, 443 and 59 I think (DNS). Normally he lives with my ex who doesn't care what he does :) I think installing AV software on a machine in that condition, infected by relatively recent viruses, may be a partly wasted exercise.

I installed Avast and had to un-install several times as after a scan I lost internet access somehow. Firefox wouldn't start nor IE.
So I'd have to F8 during start-up and go to the "start with latest settings that worked".
So whatever Avast cleared up got undone I guess.
Ran two scans with Malwarebytes.org
un-installed Firefox and restarted, ran another "long" MBAM scan, restarted and reloaded Firefox.
Everything seems to work fine now but this was surely some tenacious little bugger as it's taken me 3 days. Steep learning curve here for a computer illiterate.

Thanks for all your help, great stuff...:ok:

Did you run sfc after the Avast boot scan?

Never did manage to get Avast to do a boot scan and what is sfc?:O

So everything seems to be working now and I have the following installed/active:

• Windows Firewall
• Avira
• Spyware Doctor
• MBAM

Sufficient?

Good news then:ok:.

The idea was to install Avast, set it to run a boot scan, reboot and then run System File Checker (QV). No internet or browser required. All these shenanigans are often best run disconnected from the internet.

Never mind - job done hopefully. Don't forget to update your virus scanners before you run them.