Computer Support Forum

Odd URL typo redirect...

Question: Odd URL typo redirect...

I mistyped a url earlier (I believe i typed 'radiosahck' instead of radioshack) and was redirected to a strange website (something about internet surveys I believe) I closed it right away and did a quick scan with malwarebytes to make sure nothing was wrong, and it came up empty. I'm probably being a bit paranoid here, but is this anything to really worry about?

Relevance 100%
Preferred Solution: Odd URL typo redirect...

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Odd URL typo redirect...

Redirects can be something to worry about, as you have no idea what content is being hosted on the re-direct. Most popular anti virus programs, have real-time scanning, where it's constantly scanning your computer, and as soon as you're redirected to a bad website, it will block any content that's harmful to your computer. I use Eset and it does this.

1 more replies
Relevance 46.74%
Question: Is this a typo?

the help infomation about bitlocker on windows 7 ultimate, i found this while reading through it, correct me if im wrong but its meant to be you right?

Answer:Is this a typo?

  
Quote: Originally Posted by F1FAN


the help infomation about bitlocker on windows 7 ultimate, i found this while reading through it, correct me if im wrong but its meant to be you right?


You have found one

1 more replies
Relevance 46.74%
Question: typo

For my typo read "explanatory". What am I up to?

Answer:typo

..

3 more replies
Relevance 46.33%
Question: Password Typo

I only have 1 password for all my docs but I have 4 of them which I can't open. Propably a typo when I saved these docs.

They are in OpenOffice writer format

Anyway for a back door?

Thanks
 

Answer:Password Typo

Please refer to the forum rules. We cannot assisst with password issues so I have to close this thread.

Passwords - Please do not ask for assistance with forgotten passwords and/or bypassing them. As there is no way to verify the actual situation and/or intentions, no assistance will be provided and any such threads will be closed.
 

1 more replies
Relevance 46.33%

A few people have commented on the typing / grammar used in the forum, just for a bit of fun I thought you might like to read this:Aoccdrnig to a rscheearch at an Elingsh uinervtisy, it deosn't mttaer in > > waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht > > frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses > > and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed > > ervey lteter by it slef but the wrod as a wlohe

Answer:On the subject of typo's

looks normal to me:-)

10 more replies
Relevance 46.33%
Question: Typo error

Sorry.... 22%

More replies
Relevance 46.33%

Okay helping a friend via long distance phone calls and the random email. This is the only info I have, if someone could shed some light on this and help, we both would appreciate it. Here is the email she was able to send:

"Still messing with that damn trojan. AVG sees it and asks the usual, delete, heal, or move to vault. No matter how many times I choose delete, or heal or even move, it comes back again and again. This is what was causing my IE to try and dial out (at least, that's what I get from looking online for info on this damned thing) and share my info with the hacker. Avast does not seem to see...this file. It is saving itself (and apparently restoring itself) in my Windows folder as a dll file. prntsvr.dll to be exact.

The name AVG gives is PSW.Dumarin.C. The last thing I tried was to turn my
system restore off, delete the file and re-start... but guess what? lol, Yep, it is still there. *sigh* Why do people have to make these things???"

------------end of message--------------
Looking around for info I found only ONE place (so far) that had any info about it, and that is assuming she misspelled the name of the thing...

Name: [email protected]
Aliases: W32.Dumaru.B/C | [email protected] | W32/Dumaru-B

I think she mis-spelled the name, because Google found nothing about her original file name..

I found info here: http://www.bitdefender.com/bd/site/virusinfo.php?menu_id=1&v_id=160

And a free removal tool here, which I've... Read more

Answer:PSW.Dumarin.C (possible typo)

16 more replies
Relevance 46.33%
Question: Microsoft Typo

Microsoft made a typo in their WinSAT application, How can we let them know about it?

Answer:Microsoft Typo

Hi Steven,

You can try contacting them by following the link below. Whether or not you will get a response I cannot say. I have managed to locate the error in the 'WinSAT.exe' file (notice the space between the letters), and you can edit it to replace the erroneous 'o' with an 'i', however by doing so you will probably cause it to fail an SFC scan. In my opinion, it is such a minor error that it is probably best left ignored.
Dwarf




https://support.microsoft.com/contac...&WS=aufeedback

6 more replies
Relevance 45.92%

I was trying out a freeware security suite and i encountered this typo that might make you laugh or not
 

Answer:security suite typo

Looks like an application I would have been involved with judging by the typo! dependant on where the app was developed it depends on the native language and who translated it possibily as I noticed many strange word in manuals translated to engwish over the years.

BTW what is the app you trying "swift"???
 

5 more replies
Relevance 45.92%
Question: Typo in Event 8003

Apparently, this bug (typo) was not fixed for several years!!! Still it read "bowser" instead of "browser". I see this in 64-bit Windows 7/Computer Management/Event Viewer/Windows Logs/SystemLevel "Error", Source "bowser", General "Log Name:      SystemSource:        bowserDate:          3/11/2010 2:07:25 PMEvent ID:      8003Task Category: NoneLevel:         ErrorKeywords:      ClassicUser:          N/AComputer:      NORMAN-CPDescription:The master browser has received a server announcement from the computer MEDIACENTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7D3A7E95-23A7-42BA-B071-81703C4348F5}. The master browser is stopping or an election is being forced.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">  <System>    <Provider Name="bowser" />    <EventID Qualifiers="49152">8003</EventID>    <Level>2</Level>    <Task>0</Task>    <Keywords>0x80000000000000</Keywords>    <TimeCreated SystemTime="2010-... Read more

Answer:Typo in Event 8003

Hi,I think the following website explains the story:http://blogs.msdn.com/larryosterman/archive/2006/03/14/551368.aspx

3 more replies
Relevance 45.92%

So I was browsing around in Windows Defender (Windows Settings > Update & Security > Windows Defender > Open Windows Defender Security Center > Virus & threat protection > Virus & threat protection settings, then scroll down to Controlled folder access.)

The sentence "Protect your files and folders from unauthorized changed by unfriendly applications" has a typo in it.
(Refer to the attached picture)

Either:
? The word "changed" has a typo in it and should be the word "changes" (with an 's' instead of a 'd'), or
? There is at least one missing word in between the words "unauthorized" & "changed"
Somebody should inform Microsoft about this typo.

But Also: I noticed that this is a new option, since the last time I was browsing around in there. What does this option exactly do? It was originally off, but I turned it On. Yet I must say that I have seen a few messages pop up in the right corner of the screen, stating that Windows Defender blocked some programs from making changes. One of them showed explorer.exe from modifying the Favorites folder without me doing anything with Favorites. Exactly what does this option do? Is it kind of like some sort of strict "Firewall"? Because if so, then I like that.

Answer:HAH, I Found A Typo In Windows!

Originally Posted by pepanee


The sentence "Protect your files and folders from unauthorized changed by unfriendly applications" has a typo in it. ...



Mine says 'unauthorised' (but then it should in the UK) - still has the typo though






But Also: I noticed that this is a new option, since the last time I was browsing around in there. What does this option exactly do?



Blocks access to your files and documents by unknown apps (malware/ransomware). It's off by default because not all 'good' apps are in it's 'trusted' list. It takes a bit of fiddling to get all your apps to work after you turn it on.

Change Windows Defender Controlled Folder Access Settings - Windows 10

4 more replies
Relevance 45.92%

Hi can someone please help clear up my concerns because I accidentally interned the wrong DNS address on my new router.
After entering this typo I almost immediately that my connection was unstable especially on Linux and yesterday evening when I logged back into my router the DNS settings were set to there defaults. But I was able to surf the web kinda in Windows though it timed out often and certain webpages wouldn't even open, and now when ever I enter the correct DNS settings it disconnects from the internet.  
 
Here's what I entered
 
222.67.222.222
220.67.220.220
 
Instead of
 
208.67.222.222
208.67.220.220
 
I'm really feeling uneasy and stressed about this, any advice?
 
 
 
Why does stuff like this happen whenever your in poor health or any other of life's trials and complications?

Answer:Open DNS typo on router

Two things you might check:
 
1. In Windows, do your Network Properties have a DNS Server entry(s) that point(s) to your router (probably 192.168.1.1 or close) or do they point to the published OpenDNS IP addresses? Easy check: From an Elevated Command Prompt: ipconfig /all
 
2. After you corrected the DNS router entries, did you have the router do a cold reboot?
 
I believe you shouldn't overly stress yourself over this if you didn't make any financial transactions. But new passwords could be needed.

6 more replies
Relevance 45.92%
Question: typo on home page

The current Maxthon is 3.1.4.1000
You have 3.1.3.xxxx
just ab fyi. the download is right 314. just not the home page listing.:wave
 

More replies
Relevance 45.92%

Is there any way I can report this?

This is just my first post and I'm tryna help out a bit

Answer:I just found a typo in Windows 10 TP

skippr said:

Is there any way I can report this?

This is just my first post and I'm tryna help out a bit



Hey skippr, welcome to TenForums!
Try the Feedback App.
What'd ya find?

11 more replies
Relevance 45.92%

Hello everyone,

I am experiencing the red typo lines when there are no typos. This happens on occasion when I'm typing emails and posting or responding to forums. It seems to occur when there is an actually typo and I correct the error. After that the entire post/email from that point on will have the red typo lines.

For example it is happening now... I'll try to post a pic for a better understanding.

Has anyone experience this as well and most importantly does anyone know of a solutions to this?

My unit is new and I have yet to DL Office 365 so I don't have Word. Not sure if that will matter.

Any input is greatly appreciated. Thanks

Answer:Red typo lines when no typos

Language settings?

8 more replies
Relevance 45.92%

OneDrive has over 7x that amount buy giving everyone that uses it 15GB.

More replies
Relevance 45.1%

Just got a news system built and am getting a CTL.dll error whenever I turn on my HDMI display ...not sure what is doing it.... I have attached the dump file as a zip..help is greatly appreciated.

Windows 7 64 bit Ultimate retail
All new hardware
OS build Service Pack 1 less than a month

I have attached my dump file and the system file checker results and any help is appreciatted... one thing to note is the system file checker results I get a
Could not reproject corrupted file [ml:60{30},l:58{29}]"\??\C:\Windows\SysWOW64\en-US"\[l:28{14}]"iassdo.dll.mui"; source file in store is also corrupted


Thank you for your help

Answer:TYPO I meant CTL.DLL ERROR BSOD

  
Quote: Originally Posted by etanas


Just got a news system built and am getting a CTL.dll error whenever I turn on my HDMI display ...not sure what is doing it.... I have attached the dump file as a zip..help is greatly appreciated.

Windows 7 64 bit Ultimate retail
All new hardware
OS build Service Pack 1 less than a month

I have attached my dump file and the system file checker results and any help is appreciatted... one thing to note is the system file checker results I get a
Could not reproject corrupted file [ml:60{30},l:58{29}]"\??\C:\Windows\SysWOW64\en-US"\[l:28{14}]"iassdo.dll.mui"; source file in store is also corrupted


Thank you for your help


Memory corruption caused by an unknown driver. Please run memtest and driver verifier.

Download a copy of Memtest86 and burn the ISO to a CD using Iso Recorder or another ISO burning program.

Boot from the CD, and leave it running for at least 5 or 6 passes.

Just remember, any time Memtest reports errors, it can be either bad RAM or a bad motherboard slot.

Test the sticks individually, and if you find a good one, test it in all slots.





Quote:
I'd suggest that you first backup your stuff and then make sure you've got access to another computer so you can contact us if problems arise. Then make a System Restore point (so you can restore the system using the Vista/Win7 Startup Repair feature).

In Windows 7 you can make a Startup ... Read more

8 more replies
Relevance 45.1%

NAME: Googkle
ALIAS: Googkle.com

Summary


F-Secure staff has found a malicious website that utilizes a spelling error when typing the name of the popular search engine - 'Google.com'. If a user opens a malicious website, his/her computer gets hijacked - a lot of different malware gets automatically downloaded and installed: trojan droppers, trojan downloaders, backdoors, a proxy trojan and a spying trojan. Also a few adware-related files are installed.

The name of the malicious website is 'Googkle.com'. PLEASE DO NOT GO TO THIS WEBSITE! Otherwise your computer will get infected! We have reported the case to the authorities.

Detailed Description


Our investigation revealed that the whole infection starts from the 'googkle.com' website. This website, as well as a few related websites are owned by people with Russian names. Also several malicious files that are downloaded from these websites have Russian texts.

When the 'googkle.com' is opened in a browser, it shows 2 popup windows that are linked to the following websites:


www ntsearch.com
toolbarpartner.com

The 'ntsearch.com' website downloads and runs the 'pop.chm' file and the 'toolbarpartner.com' website downloads and runs the 'ddfs.chm' file. Both files are downloaded using exploits and they contain exploits themselves to run embedded executable files. One of the webpages of the 'toolbarpartner.com... Read more

More replies
Relevance 45.1%

I have a Dell XS 15z Laptop
I am getting a windows 10 Recovery Message ( your PC couldn't start correctly )
I am attemting to create and use a recovery USB using the link below.
https://www.dell.com/support/article/us/en/19/sln298442/how-to-create-and-use-the-dell-recovery--restore-usb-drive?lang=en
Everything seems to work except I don't have the "Secure Boot" option in my Bios.
Anytime I try to boot the USB I get the message:
Operation System not found

Please advise.

Answer:Operation System Not Found ( not a typo )

Are you creating the recovery USB on a different PC?
I hope so.

1 more replies
Relevance 45.1%

I'm just setting up a new computer, and not used to the keyboard. When I was installing the operating system I was asked for a User name. Before I had a chance to do anything it had accepted the name GREU and moved on to the next step. No back button! Bloody i7's, so fast!

I've tried doing a search in regedit for GREU, changed it in one place, but its still showing up all over. Is there a complete fix to this or should I resign myself to being known as Greu for the next few years?
 

Answer:Typo when entering user name - I'm now Greu!

6 more replies
Relevance 45.1%

Hi,

I am having a problem when i misspell URLs.

When i type things like google.con instead of .com, i am redirected to a host of different search sites, including searchathand.com, and daplaces.com. I am pretty sure i must be infected with something, but i have ran several online and offline spyware and malware scanners and nothing seems to find a problem.

I am running Firefox version 1.5.0.6, but the problem also occurs in IE as well.

Advise please!

Cheers

Joel

Edit: I seem to have found what i think is the culprit for this...but this leads to another problem.

There is a HJT entry stating
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2EA3617-0DD4-4C7B-89EC-1F1FB24D96E1}: NameServer = 85.255.114.7 85.255.112.174

I have removed this on a couple of occasions and it only returns a few minutes later.

Help please!!!
 

Answer:Solved: Typo browser hijacks

16 more replies
Relevance 45.1%

Hi... I wasn't exactly sure where to post this, I'm posting it both here and in the linux forum

I accidentally made an ext2 filesystem (mke2fs) on top of my pre-existing Windows XP partition (accidentally typed /dev/sdb1 instead of /dev/sda1)... so now it won't boot, and I can't seem to mount it on any OS. Anyone have any ideas on how data on it could be recovered, or if there's any way to get it working again as-is?

Answer:ext2 + typo = dead WinXP

Pull the drive and put it into an External USB Enclosure/Adpater. Mount it on a working computer and copy the files you want.

2 more replies
Relevance 45.1%

My correct email address is logged with my Microsoft account, but typo is showing on my windows phone Microsoft account under email+accounts, message says attention required.  Click on message tried to correct using 'fix it here' then get message
There's a temporary problem, getting this message for 2 days now.  Help

More replies
Relevance 45.1%

I think this is a virus behavior. Recently whenever I type in microsoft waord or notepad or fill up webforms in IE, the cursor jumps anywhere in the previous sentences, or highlights the last some letters somewhere and the entire type goes haywaire. Now Also this is getting typed anywhere and I have to delete, retype. very painful. I have Norton antivirus 2005, zerospyware (after reading the latest article in your mag only), adware, spybot and zone alarm, all fully updated. and none have been able to pick up a virus/spyware after a thorough system scan. I am going crazy typing, especially when i am prescribing medicines to my patients. I don't want to reload windows and all my applications again.Pl HelpDr Alok Modi MD

Answer:Typo errors due to cursor jumping

Go into Device Manager and uninstall your Mouse then restart computer

10 more replies
Relevance 45.1%

for your information:

Spyware authors and phishing fraudsters yanked an old scam out of the playbook Wednesday by directing malicious code at Internet users who may be prone to typing or spelling deficiencies, according to security researchers.

Finnish security firm F-Secure said they discovered an attack aimed at Web surfers attempting to land on Google's (Quote, Chart) homepage, but who may have mistyped the Web address.

Internet users who punch in "Googkle.com" are treated to a host malicious code, as the computer gets slammed with a heap of the unwanted software that is automatically downloaded and installed. The malware includes: Trojan droppers, Trojan downloaders, backdoors, a proxy Trojan and a spying Trojan. A few adware-related files are also installed, the firm said.

Google Typo Crashes Systems
 

More replies
Relevance 45.1%

I installed Adobe 8 and now all of my Desktop icons have the Adobe logo and will only open up Adobe, not my usual shortcuts, like word, excel, games etc...I tried uninstalling Adobe, which fixed the problem, but when I re-installed it came back again. I don't knw how to fix this...I'm new to all this! I'm running windows vista Help!
 

Answer:Adobe error {fixed typo}

I'm not sure why that is happening but you can try and fix the icons by right clicking on the programs that are displaying the incorrect icons, select properties>change Icon and find the correct one
 

3 more replies
Relevance 45.1%

Purchased a new laptop and skipped making the MS email but created a password for my account.When I booted up my pc later on I was greeted with an incorrect password message. I must have made a typo in the pw set up because it does not work.I also didnt create a recovery disk because I had literally only used it for 30 mins before turning it off and this problem was the last thing I ever expected to happen.There is only one account and it's the one that is locked. A to rendered a $600 purchase obsolete until I can fix it.All help is appreciated.

More replies
Relevance 44.69%

Heads up about a string of blogs using familiar names like FileHippo and Softpedia in their URL, when searching for software downloads. I cannot guarantee their legitimacy, or safety to visit or download from these rip-off blogs.

Searching "avast 2017" in Google Search Engine crops up with many blogs using SEO techniques to distract users from the real FileHippo and Softpedia sites.



oFileHippo



downFileHippo



theFileHippo



eSoftpedia



Happy Safe Browsing!
 

Answer:Typo Squatting - Fake FileHippo, Softpedia and more!

Download links seem legit.. I love the tactic by the way.
I will take o-malwaretips.net lol
 

0 more replies
Relevance 44.28%

Is there a way to tell Microsoft Word to "guess" what I mean every time I make a typo? For example, I type "tsanding," and instead of changing it to "standing," it underlines it red. I know I can then right-click it, and select AutoCorrect > standing, so that, from now on, if the same exact typo arises in the future, in which I accidentally type "tsanding," it'll change it to "standing." I've thus far collected *hundreds* of specific typo corrections in this way. But that's very time-consuming, and is only a weak attempt at preventing typos I may be likely to make in the future (based on the fact that I made the exact typo at least once before). Is there any way to establish that I want Microsoft Word to go ahead and correct every single "underlined red" occurrence from now on, based on its best guess as to what I meant? (except in cases where the typo was so bad that it has no guess at all) That way, when it corrects something I *didn't* want corrected, I can then go back and add what I wanted to its dictionary, to tell it not to consider that word an accident from then on.

Answer:Is there a way to tell Microsoft Word to "guess" what I mean every time I make a typo?

Found this in the Word Help files. On the Tools menu, click AutoCorrect Options. In the Replace box, type a word or phrase that you often mistype or misspell ? for example, type usualy. In the With box, type the correct spelling of the word ? for example, type usually. Click Add. Is this what you're talking about?

2 more replies
Relevance 44.28%

Hello, is some one know where finding free Helvetica and Time family typo ?
thank Kidkodak 57

Answer:Finding free Helvetica and Time family typo

Helvetica Fonts - DownloadFontsFree.Net
Regarding "Time family", you need to be more specific.

2 more replies
Relevance 43.87%

So I decided to buy Windows 7 from eBay. I didn't trust the people selling product keys only, so I purchased a brand new retail package. When I shop on eBay, I always look for sellers that are really close to me so shipping is fast. So I found a seller, said to be located in Maryland (which is two states away from me), with a great price and great feedback for his W7 sells. I was pissed because when the guy sent me the tracking number, I found out that the item was coming from Beijing, China, not Maryland! But I figured, well at least he shipped it.

THEN, I get an email from eBay saying the listing for the item I just purchased because the copyright holder reported that the item may be a counterfeit. At first I was pissed at eBay because now I had to record of the transaction in my eBay account and could not contact the seller directly from within the item invoice, since eBay deleted. Plus, he had several other sells of this same item, all with positive feedback of the W7 package, and eBay did not remove the listings for them. So I was like, why me? Luckily, I had his email from paypal and contacted him. He assured me that he is the legal owner of the item and that he sent proof to eBay saying so. Still never got my records back.

Anyway, this prompted me to search counterfeit Windows 7 retail packages. I found some interesting info, but my package doesn't fit any of the counterfeit profiles Microsoft says to look out for. The top hologram is built onto the ... Read more

Answer:My Windows 7 copy looks fake. Typo on back cover. Came from China.

Have you tried contacting ebay?:

eBay Buyer Protection

James

9 more replies
Relevance 43.46%

When I first open Google, in the Search Box is a typo which I cannot delete.Any ideas? Many thanks. pianojoe
 

Answer:Solved: how to delete typo which remains in Google search box when I first open Googl

6 more replies
Relevance 43.05%

So I decided to buy Windows 7 from eBay. I didn't trust the people selling product keys only, so I purchased a brand new retail package. When I shop on eBay, I always look for sellers that are really close to me so shipping is fast. So I found a seller, said to be located in Maryland (which is two states away from me), with a great price and great feedback for his W7 sells. I was pissed because when the guy sent me the tracking number, I found out that the item was coming from Beijing, China, not Maryland! But I figured, well at least he shipped it.

THEN, I get an email from eBay saying the listing for the item I just purchased because the copyright holder reported that the item may be a counterfeit. At first I was pissed at eBay because now I had to record of the transaction in my eBay account and could not contact the seller directly from within the item invoice, since eBay deleted. Plus, he had several other sells of this same item, all with positive feedback of the W7 package, and eBay did not remove the listings for them. So I was like, why me? Luckily, I had his email from paypal and contacted him. He assured me that he is the legal owner of the item and that he sent proof to eBay saying so. Still never got my records back.

Anyway, this prompted me to search counterfeit Windows 7 retail packages. I found some interesting info, but my package doesn't fit any of the counterfeit profiles Microsoft says to look out for. The top hologram is built onto the cds, no... Read more

Answer:My Windows 7 copy looks counterfeit. Typo on back cover. Came from China (eBay). Pics

It's fake, that's pretty obvious. The hologram thing is most likely a sticker on top of the actual disc surface - you can use a fingernail or razor blade at the very edge and lift it up a bit, that's 100% proof. The part numbers don't seem to match up with the actual Windows 7 Ultimate part number, and it just has a fake quality all the way around.

If you contact Microsoft, show them the pics, explain where you bought it from and your situation, there is a small - small but it exists - chance they'll provide you with a key just for making the report and identifying the seller you got it from.

No guarantees, but at the moment you're better off reporting it to them and going from there. Sure can't hurt to let them know, either way.

I'd report it, personally, without even really thinking about it. It just SCREAMS fake.
 

38 more replies
Relevance 31.16%

Msn search is redirected.Pop-ups in hotmail.com

Answer:browser redirect; infected with redirect virus., doesn't show up in scans

Page is redirected from msn search to various other search sites eg. ``K Directory.''Pop- up box appears directing to install Adobe Flash player , when it is already installed from adobe site.DDS (Ver_10-03-17.01) - NTFSx86 Run by Gerry at 0:18:41.23 on Mon 06/07/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1215.253 [GMT -4:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Microsoft&... Read more

3 more replies
Relevance 31.16%

I too am experiencing google links redirect to random sites, just like the DaddySouth who posted "Google links redirect to random websites, Requesting help fixing redirect problem". I've tried applying the instructions given to DaddySouth and I cannot fix this myself. So, I am hoping desperately that someone here at my bleepingcomputer.com can help me.

Please help!

Thank you,

vincamato

Answer:Another: Google links redirect to random websites, Requesting help fixing redirect problem [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

3 more replies
Relevance 31.16%

I some sort of malware (could be more than one) that: 1) causes all Google search results to be redirected (not exactly redirected as the link in the status bar of the browser will actually be changed also). The links sometimes randomly change to different sites or will show adwords.securegroup.com. 2) I entered credit card info for bill payment to a perfectly credible site (it did show lock and https) and when I submitted the form, a seperate window popped up with a title something like "additional credit card information", and didn't appear secure (didnt have address bar or anything though) telling me basically to re-enter all of my credit card and bank info. It was a page at 209.222.6.227. I closed it with the "X" without entering anything

More replies
Relevance 31.16%

This has been happening for sometime but I haven't thought anything of it til now. Whenever I search google, when I click on a link I get redirected to a new page. More recently however, it will redirect me to a page saying this site is known for attacks and asks if I want to get out of there or ignore. I know this is obviously a fake but I have no idea why it is being directed to this. I have scanned with Nortan and Spybot Search and Destroy with no avail. I also looked through some sites and it sounds like a problem that is best left to a professional. Please help.

Answer:Google Search Redirect and Fake Security Risk Redirect

Hi ZJ88 and welcome to Bleeeping Computer.Have you tried scanning with MBAM?Let me have the reports from these 2 steps and then we'll take it from there.Step 1Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the... Read more

1 more replies
Relevance 31.16%

I am infected with a version of the Google Redirect malware problem:- When I click on one of the results from a search on any major search engine, I am redirected to other websites, usually commercial websites such as monstermarketplace.com. I can reach any website if I copy the address in the address bar; I only get redirected when I click directly on the link in the search results page.- Occasionally, a new tab pops up when I am in iGoogle, Gmail, or a Google search page. The new tab's address is www.google.com/webhp. In two occasions a new tab has opened with a commercial website. I always close the windows and have never searched on the google.com/webhp page.Some history:- I was originally infected with the AV Security Suite virus this weekend while downloading the platform for the online game "Battlefield Heroes" (www.battlefieldheroes.com). I tried going online while this virus was active and clicked on some of the pop-ups and alerts, sometimes saying "Yes" and sometimes "No" when it would ask if I wanted to allow access to the home page website. I believe this may have enabled the current redirect malware.- I removed the AV Security Suite virus (at least partly) by renaming and deleting the folder from which it was acting within my Local Settings folder. The current infection must therefore be a leftover of that initial infection.- I ran SpyBot and Ad-Aware, both of which found and removed cookies. I uninstalled both programs a... Read more

Answer:Infected with Google Redirect / Search Engine Redirect Malware

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

13 more replies
Relevance 31.16%

Hi
Recently, when I click a link brought up from a Google search it opens a new window and the first time I click the link it takes me to a different site than the link should. This happens in Safari 4.0.5 and IE8.
Also, my wife purchased a train ticket online and 1 hour later we had a phone call from the bank suggesting fraudulent use of the card detailed she had entered. I do not know if this is related but am very concerned. I was running AVG but uninstalled as it was showing no errors and Combofix didn't want it running when it was scanning.

I have found a few similar posts and therefore have down loaded and run:

Combofix.exe - ran this first and theno I rebooted
Hijackthis - ran this, have not rebooted since

The problem appears to be resolved as the links open in the same window correctly now but here are the logs from my scans, can you please confirm if I have removed all the malicious software?

Combofix log:
ComboFix 10-05-08.03 - Mat 09/05/2010 13:05:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1180 [GMT 1:00]
Running from: c:\users\Mat\AppData\Local\Temp\af9jj5r9.tmp\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe3201.dll
c:\windows\system32\spool\prtprocs\w32x86\0000421c.tmp
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((... Read more

Answer:links redirect open new window and redirect to advertising site

Hi
Have I supplied incorrect information on this thread or are there no issues remaining with the PC?

Any assistance anyone can provide would be much appreciated?
Thanks
 

1 more replies
Relevance 31.16%

I some sort of malware (could be more than one) that: 1) causes all Google search results to be redirected (not exactly redirected as the link in the status bar of the browser will actually be changed also). The links sometimes randomly change to different sites or will show adwords.securegroup.com. 2) I entered credit card info for bill payment to a perfectly credible site (it did show lock and https) and when I submitted the form, a seperate window popped up with a title something like "additional credit card information", and didn't appear secure (didnt have address bar or anything though) telling me basically to re-enter all of my credit card and bank info. It was a page at 209.222.6.227. I closed it with the "X" without entering anything. Recently have noticed when I open IE, it always tells me the last session closed unexpectedly; always "goto home page" but did try the other option once. It opened 4 pages ive never been to before and mtch the urls in: Recent topicMy DDS.txt:DDS (Ver_10-10-10.03) - NTFSx86 Run by Owner at 22:20:26.98 on Tue 10/19/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.132 [GMT -5:00]AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC... Read more

Answer:Google Search Result Redirect/CC Info Entry Redirect

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

25 more replies
Relevance 31.16%

Two issues using both IE7 and Firefox3.0.4:1. Google results redirecting via copy-book.com (can be seen connecting to copy-book.com via status bar)2. Windows Update redirects to msn.com------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.30Database version: 1419Windows 5.1.2600 Service Pack 316/12/2008 7:06:20 PMmbam-log-2008-12-16 (19-06-20).txtScan type: Quick ScanObjects scanned: 61572Time elapsed: 3 minute(s), 38 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 6Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.105 85.255.112.186 1.2.3.4 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d9d40769-8208-4e7a-936c-859fc057bd18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.105 85.255.112.186 1.2.3.4 -> Quarant... Read more

Answer:Google Copy-book.com redirect & Windows Update redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Thanks and again sorry for the delay.First,Download GMER Rootkit Scanner from here. Extract the contents of the zipped file to the desktop. Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so. If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO. In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes: Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Now click on the Scan button and wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.Please note that rootkit scans often pro... Read more

1 more replies
Relevance 30.75%

When I perform a google search and hover over a result, there is a sudden appearance of search results that are unrelated to my search.  These unrelated search results also appear in abundance on the right side of the google search screen. 
 
Also, the screen jumps up and down as if I am hitting the page up/page down button as I attempt to click on a link. It often takes several attempts before I can successfully click on the link of the desired search result. 
 
I am also experiencing site redirection and a considerable decrease in browser performance (Chrome). I appreciate any and all help. Furthermore, malwarebytes is constantly having to block potentially harmful sites.
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.13.2
Run by KedrickGarland at 19:53:20 on 2014-02-17
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3241.1003 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Dell\DW WLAN Card\WLTRY... Read more

Answer:Google Search Redirect/Website Redirect Issues

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. Hello there, downwitk I'm Conspire, I'll be glad to help you with your computer problems.Please observe these rules while we work:Read the entire procedureIt is important to perform ALL actions in sequence.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Stick with me till you're given the all clear.Remember, absence of symptoms does not mean the infection is all gone.Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

24 more replies
Relevance 30.75%

When I perform a search in Google, and hover over any result, there is a sudden appearance of more results that are mostly unrelated to my search. It often takes severally attempts to successfully click on the desired link. I am also getting many random search results on the right hand side of the screen that are unrelated to the search. 
 
In addition, I am often being redirected from my intended site to some other site. Chrome is also performing considerably slower than has been its custom. Malwarebytes is consistently having to block potential threats as well. Not sure what the issue is. I appreciate any help. 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.13.2
Run by KedrickGarland at 19:53:20 on 2014-02-17
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3241.1003 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Wind... Read more

Answer:Google Search Redirect/Website Redirect Issues

Hello downwitk I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

3 more replies
Relevance 30.75%

As instructed in another post. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic409507.html ~ OB Here are my Defogger, DDS and GMER logsDefogger Log;defogger_disable by jpshortstuff (23.02.10.1)Log created at 20:24 on 15/07/2011 (AEI)Checking for autostart values...HKCU\~\Run values retrieved.HKLM\~\Run values retrieved.Checking for services/drivers...-=E.O.F=-DDS log:DDS (Ver_2011-07-14.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385Run by AEI at 20:26:42 on 2011-07-15.============== Running Processes ================.C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exeC:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exeC:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exeC:\Program Files (x86)\ooVoo\ooVoo.exeC:\Users\AEI\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Lenovo&... Read more

Answer:Internet redirect - possible google redirect?? Unable to remove

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

37 more replies
Relevance 30.75%

My computer, running Windows XP is infected with the Redirect Virus. Primarily, links in Google and other search tools are redirecting to unrelated sites. This is manifest in Firefox and Internet Explorer. I have also noticed an increase in popup ads, but that may be unrelated.

My Norton Anti-Virus does not detect anything wrong. I have attempted to remove virus with TDSS Killer, but that does not find anything on my system. Also, both Malwarebytes' Anti-Malware and Microsoft's Malicious Software Removal tool have failed as well.

I have also reset my router to factory settings, but that did not solve the problem either.

Thanks for taking the time to look into this.

DDS log is below:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Jeremy at 15:05:32.71 on Fri 02/18/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.445 [GMT -6:00]

AV: Norton AntiVirus *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
... Read more

Answer:Infected with Redirect Virus - Google links redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".Gringo

16 more replies
Relevance 30.75%

I never use Microsoft Internet Explorer 8, though it is loaded on my machine. I use Firefox.
 
In the last week or so Internet Explorer 8 has been loading all by itself, generating ads coming from redirect.cpvrdr.com. I have searched far and wide to find others with this problem and have come up empty.
 
I have used virus scanners from eset.com, Avast, SpyBot Search and Destroy and Exterminate It. Nothing finds the source of this problem.
 
I have tried System Restore, which will not permit me to restore to ANY earlier point, likely because of the associated Malware hidden somewhere in my system.
 
I have used the content advisor feature in Internet Explorer 8 which has blocked the ads. However, whenever I click on an email or any other feature within Microsoft Outlook the content advisor pops up telling me the ad is attempting to load.
 
Following is my Hijackthis log from a few moments ago:
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:21 AM, on 5/7/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Sof... Read more

Answer:Internet Explorer 8 redirect virus from redirect.cpvrdr.com

Hello BorisBadenough I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the... Read more

44 more replies
Relevance 30.75%

slow running, people connected to google chrome yet no sharing settings. firefox alerts saying "this page is trying to redirect", certificates were out of date, did an avast scan 2 months ago, and scanned network, and result said your network is being redirected to a malicious server. Everything is running at a crawl.I have previously ran scans all that showed up was a cvf exploit 2013...
i reinstalled windows and formatted hard drive from dell dvd, was ok for 1 day, and im so tired of this i really dont have the will to write
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by rass (administrator) on DREADS on 03-06-2015 06:03:24
Running from C:\Users\sellassi\Desktop
Loaded Profiles: rass & sellassi (Available Profiles: rass & sellassi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.... Read more

Answer:js/downloader-fcv, w32autorun.inf network redirect browser redirect

FireFox:
========
FF ProfilePath: C:\Users\rass\AppData\Roaming\Mozilla\Firefox\Profiles\8k4b4w1h.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-01] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-06-03]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunde... Read more

17 more replies
Relevance 30.75%

I get redirected when doing a Google search or will just suddenly go to a page I didn't click on or type in.

Here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:40 PM, on 11/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:... Read more

More replies
Relevance 30.34%

This started last night after java (or supposedly java, anyway) asked to update. I haven't used my laptop in a while, so it seemed like it needed an update. After allowing it, every link I clicked on google redirected. Links that I click anywhere tend to redirect, but it has a 100% occurrence with google links and only a partial occurrence with links from other websites, like this one.
I ran AVG, and that found nothing. Microsoft's malware removal tool found a trojan (didn't write down the name, sorry. I would know it to read it, though.) and said it was partially removed, and recommended microsoft security essentials. I installed & ran microsoft security essentials, which found two more trojans, some malware, and adware (but again, I didn't write the names down, thinking that would be the end of it...) and said those were completely healed. But there are still these redirects. I tried Malware bytes, which also removed a couple trojans and some malware. Still getting redirects.

So then I came here and followed these steps.
Here are the logs:

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_22
Run by Rachel at 17:11:41 on 2011-09-03
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3061.1694 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG... Read more

Answer:Google redirect (link redirect in general)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

16 more replies
Relevance 30.34%

I have run TDSSKiller, Malwarebytes, Sophos, Super antispyware, and my McAfee AV. All new scans have come back clean, but I still have some redirects. When I first noticed the issues, I ran Malwarebytes and it found and supposedly cleaned Trojan.Medfos. DDS log attached.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by Robert at 12:39:41 on 2012-05-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.8788 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system3... Read more

Answer:Google redirect virus (does not redirect all links, only some)

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

20 more replies
Relevance 30.34%

So I take it I'm not the only one with this problem? >:

I go to search for something on Google, and within the first couple of links I click redirect me to a fake browsing system called Happili, or something of the like. Also my virus protection has been popping flags left and right about Trojans something along the lines of: "...Local\Temp\0.8967750632949711.exe" etc.

I'm running on a Windows 7, Dell Latitude D830
Browser: Firefox
Antivirus: AVG and Malwarebytes

any help you could offer would be more than appreciated. :3
Hijackthis Report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:17:24 PM, on 4/23/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nara\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize... Read more

Answer:Google Redirect Trojan >: (Happili redirect)

by the way, I don't know why avg still had a pop up for AV and SP. :\ I did a complete uninstall of the program as well as ran the the avg_remover for the 32 bit version. Because of which i still have avg9 and avg 10 in my program files but all the actual files are empty, and it looks like the only files it kept was the 'avg safe search' task bar for Chrome and Firefox. I could not find any copies of the actual program to use the temp. disabling process for running ComboFix, and it looks like for the most part that the process was able to complete alright. *shrug*
 

10 more replies
Relevance 30.34%

My PC is a bit messed up. If I could get some help that would be great. I tried Malwarebytes but didn't remove it. I get redirected randomly to a web site that pretends to scan my pc then tells me to download security tool. Also when I go to google sometimes when I select a link it redirects me to a random site.Here is the DDS.txt file and I attached ARK.txt and Attach.txt files.Thanks in advanceDDS (Ver_10-03-17.01) - NTFSx86 Run by mbernard at 15:33:03.48 on Fri 10/01/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.227 [GMT -4:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\ngvpnmgr.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Pro... Read more

Answer:Sercurity Tool Redirect and Google Redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

2 more replies
Relevance 30.34%

Hello. I've been having issues with some trojans and malware and whatnot on my computer. It started when my computer began running slowly, then I got Antivirus Soft. I used Malwarebytes to get rid of it, but it seems another version of it (which runs as "ave.exe") has popped up. Malwarebytes, a system restore flush, and CCleaner slim seems to have rid me of this problem, but ya never know with these things, and I'd rather be safe than sorry.Also, around the same time, I began noticing all my google links redirect themselves. I use FireFox and Chrome, and apparently this only effects Firefox. Sometimes, it will show the normal URL in green under the google description, but sometimes it shows a fake URL, the most common of which is "Ave99.com", which makes me wonder if they're related. Here's a screen shot of what it looks like when the URL is fake (searched for "I'm doing a google search"):ALSO, I've been having a problem with logging into PayPal. When I went to log in, it redirected to a https which asked for my name, address, SSN, ATM PIN, etc. Obviously I didn't fill any of it out and left the page immediately. Here's what that looks like:I've run Spybot, but that doesn't bring any problems up. I also use Avira, which has caught a few trojans named "Cosmu.mjj", "FakeRean.A.473" (also with other numbers at the end), "PCK.Katusha.J.431" (also with other numbers at the end), and... Read more

Answer:Several problems... ave.exe / google redirect / paypal redirect

UPDATE:
ave.exe returned, and I'm pretty sure it has something to do with the google redirect. I was using Firefox to search for something and without thinking, clicked a link for wikipedia. It redirected me to a page with a strange symbol on it. I didn't get to screen shot it, or see the whole url, but it started with "bengaltigerrose.com". I didn't get to see the whole thing or screen shot it because Firefox closed immediately, and the fake antivirus screens popped up.

1 more replies
Relevance 30.34%

I have been having redirect problems for over a month now, sometimes it it a redirect as soon as I click a link, sometimes it is after 5 or 10 seconds after arriving on a new page while I am trying to read it.I am currently running Windows 7 pro.I was having problems with the redirects and tried a reformat with no help to the problem.I suspect a possible rootkit, but I cannot find it or fix it.Thanks for any help.AVG does not show anythingTDSSkiller does not show anythingWindows defender does not show anythingsuperantispyware doesn't show anythingMBAM does not show anything but it will not update giving a MBAM_ERROR_UPDATEING (12007,0,winhttpsendrequest) error.GMER and DDS files attached DDS (Ver_10-10-10.03) - NTFSx86 Run by oem at 0:04:11.63 on Sun 10/10/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Enterprise N 6.1.7600.0.1252.1.1033.18.3326.2188 [GMT -4:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\Sys... Read more

Answer:google redirect/firefox redirect problems

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

33 more replies
Relevance 30.34%

Ok, I'm relatively new here. I've tried to follow the rules, but I apparently keep posting in the wrong areas. The following are my logs from DDS and Combofix (I know I wasn't supposed to run combofix on my own, and I ran it before I ran DDS). I also ran hijack this, that log is at the bottom. GMER cannot be run on my machine as I am running Window7 64bit. I've tried a lot of things before resorting to bleeping computer, too numerous to list at this point. I would consider myself an above average user, and I am generally able to get rid of viruses on my own. This is different, I have an idea about whats going on, but realize it's beyond my current level of expertise. Thanks in advance for your help.
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Marriott at 1:31:18.10 on Fri 12/24/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1918.1056 [GMT -5:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe... Read more

Answer:Google Redirect in IE and Yahoo Redirect in Firefox

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

29 more replies
Relevance 30.34%

I have a Dell Inspiron E1505 with XP. The hibernation on my laptop redirects back and search results let it be Bing, Google, or Yahoo usually redirects me to some strange site. The redirecting appears to redirect several sites before settling for a final site. I have ran Malwarebytes, Adaware, McAffee, Norton, and Trend Micro and this problem cannot be cleared.

Please help me resolve this problem.

Thanks

Answer:Hibernate redirect & search result redirect

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 30.34%

About a week ago, my searches on google began redirecting me to random sites that looked like other search engines or other sites that were totally unrelated to my real search. Shortly after, my computer got another virus that kept popping fake antivirus warnings up. I was able to remove that fake antivirus problem as it has happened several times in the past. I used malwarebytes to remove that antivirus program virus. After the malwarebytes fix, however, google and yahoo were still redirecting me to random sites. That problem won't go away. I tried finding a solution by googling the problem with a different computer and I was led to a site that asked me to download combofix. I did download combofix, but I had no idea how to use it and I don't think it ran correctly. I think I need help using combofix correctly or downloading a better version of the program. I have Windows XP. I've had several viruses over the years and malwarebytes usually corrects the problem. This google and yahoo redirect issue is nasty. I'd appreciate any professional help.

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 22:32:10 on 2011-06-16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1529 [GMT -5:00]
.
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k Dc... Read more

Answer:Google redirect and other search engines redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

18 more replies
Relevance 30.34%

I have a Dell Inspiron E1505 with XP. The hibernation on my laptop redirects back and search results let it be Bing, Google, or Yahoo usually redirects me to some strange site. The redirecting appears to redirects several sites before settling for a final site. I have ran Malwarebytes, Adaware, McAffee, Norton, and Trend Micro and this problem cannot be cleared.


I DO NOT have a Windows Install Disc nor Boot CD.


Below is the DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Frank Bui at 23:24:11.71 on Tue 06/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1352 [GMT -7:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\sys... Read more

Answer:Hibernate redirect & search result redirect

Hi,

Please do the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it ... Read more

19 more replies
Relevance 30.34%

Every search engine redirects me to various search sites, spyware removal sites, online scanners, coupon sites, etc... Have read forums with other people dealing with the same problem, followed the instructions given to them, but still have the problem. Have run SuperantiSpyware, Malwarebytes, Spybot, Ad-aware, Ccleaner, ATF cleaner, and my mcafee virus scan - still have the problem. Would greatly appreciate someone's expertise for my situation. Tremendous thanks. Log posted below:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Anthony West at 11:06:44.48 on Tue 08/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.510 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctf... Read more

Answer:Google Redirect (all search engines redirect)

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Relevance 29.11%

I have tried over the last month to do everything I could to fix this issue myself. To start I am running wqindows 7 and I use internet explore. I have run spy bot, avg, tdsskiller, hijack this,clean up, hitman pro, and a few others I have since deleted..All to no avail. I am being redirected with every search I perform, even if i go directly to the sight and not using a search engine I am still redirected. The time it takes me to get a site fully loaded is getting longer and longer as well. I am at my wits end and can no longer try to figure this out on my own. I have not removed anything because all the scans have come up with nothing. It seems to be affecting some of the programs as well, steadily getting worse. Just now I tried to run hijack this so i could post a new log and it came up with an errorFor some reason your system denied write access to the hosts file. If any hijacked domains are in this file, hijack this may not be able to fix this. If that happens you may need to edit the file yourself. to do this ...blah blah blah..Problem being is I cannot write nor delete to my hosts file either it does not allow.Here is my host file:# Copyright © 1993-2009 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and ... Read more

Answer:Redirect 5-Google redirect issue

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

2 more replies
Relevance 29.11%

Hi,
Ive read some different threads on this forum and tried lots of different steps ive found on the web. I even paid for the "fixredirectvirus.com (or something) with no luck. Ive tried malware bytes, ms saftey scan,combofix,dns flush, and also tried to manually remove it. I changed the password on my router also and now have it set to warn me of bad websites that could be a virus or not. So, after completing all the steps above I still have my cisco router warning me of bad websites and when I look at the address bar I can see that its trying to go to the same "redirect" sites ive been having problems with for the past few weeks. Alos, if I click on a link for a website it usually would go to that site very fast since I have comcast cable. Now it just sits there , if I click "back" and then try again it usually will go to the website but without clicking back and retrying it will sit there for a minute and then finally load (most of the time)
At this point I do not know what to do, hopefully someone can help me.
Thank you

More replies
Relevance 29.11%

Hello,
I have a problem that seemingly a lot of people on here have, where my Google and Yahoo searches get redirected to unrelated websites. This almost always happens on Yahoo, however, sometimes I have the problem with Google and sometimes I don't. Additionally, when I visit certain websites (like when I actually type in the name of a website) or click on certain links I am also redirected to unrelated pages and have to use the back button and try again several times before I am taken to the correct page. This happens more for certain websites than others. The page that I seem to get redirected to most often is something like "premium.amazonaws.com." I've only had this computer for about a month and a half, and have had this problem since like the second day I had it, and I had and still have the same issue on my old laptop. I am currently using Mozilla Firefox, and have the same problem when I use Google Chrome or Internet Explorer. Below is my DDS log; I didn't do I GMER scan because I run a 64 bit operating system.
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Ana at 23:05:15.81 on Sun 02/27/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3758.2130 [GMT -5:00]

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E84... Read more

Answer:web pages redirect/google redirect

Hello,Lets attempt to reset your router and see if that fixes the issues:Router ResetPlease read this: Malware Silently Alters Wireless Router Settings

Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

Then rest your router to it's factory default settings:

"If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds)"

This is the difficult part.
First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
Fill in the password you have already found and you will get the configuration page.
Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
You can also call your ISP if you don't have your initial password.
Don't forget to change the routers default password and set a strong password. Note down the password and keep it... Read more

2 more replies
Relevance 29.11%

Hi.
Every time I restart my system or turn on from a shut down, this website "http://www.msftconnecttest.com/redirect" opens automatically in microsoft edge and obviously it dont go anywhere just saying chek your firewall and network Diagnostics. I have search alot but couldnt find a useful solution.
Any idea how to stop this from poping up every time windows starts? its really annoying.
Any help on this would be really appreciated.thx

Answer:redirect to msftconnecttest.com/redirect in startup

http://www.markwilson.co.uk/blog/201...-icon-ncsi.htm

1 more replies
Relevance 29.11%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:40:35 PM, on 4/3/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Program Files\AVG\AVG9\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\... Read more

Answer:browser redirect/google redirect

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!If you have since resolved the original problem you were having, we would appreciate you letting us know.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your ... Read more

2 more replies
Relevance 29.11%

Right now, I'm having a issue because, in Firefox, when I go to nbcnews.com I occasionally (maybe one out of five times) get redirected to kanoodle.com (with I guess an identifying string of numbers at the end). This also happens sometime if I happen to leave a tab open and nbcnews.com auto-refreshes. It only happens when going to that one site.I also used to get occasional redirects from Google search results to one or more of the following:bliss.comscour.comgethotresults.comThat hasn't happened in the last couple of weeks, so hopefully I fixed that problem and the two issues are unrelated. (Either that or I just haven't been doing much Googling)I would greatly appreciate any insight into what is going on.Log files as follows:# AdwCleaner v2.009 - Logfile created 11/27/2012 at 20:58:36# Updated 24/11/2012 by Xplode# Operating system : Windows 7 Home Premium  (64 bits)# User : NAMES - DESKY# Boot Mode : Normal# Running from : C:\Users\NAMES\Desktop\adwcleaner.exe# Option [Delete]***** [Services] ********** [Files / Folders] ********** [Registry] ********** [Internet Browsers] *****-\\ Internet Explorer v9.0.8112.16421[OK] Registry is clean.-\\ Mozilla Firefox v16.0.2 (en-US)Profile name : defaultFile : C:\Users\NAMES\AppData\Roaming\Mozilla\Firefox\Profiles\3rbk7fra.default\prefs.js[OK] File is clean.*************************AdwCleaner[R1].txt - [1472 octets] - [23/11/2012 21:44:03]AdwCleaner[R2].txt - [1532 octets] - [23/11/2012 21:44:42]AdwCleaner[R3].tx... Read more

Answer:kanoodle.com redirect (also, possible google redirect)

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************You only have 1.16 Gb of free space on your computer. Windows requires at least 15% (137 Gb) in order to function properl... Read more

14 more replies
Relevance 29.11%

My laptop was recently host to the AV Security Suite virus. I ran Malware bytes in safe mode; this took care of the virus symptoms of blocking the internet, preventing programs from starting, and AV Security Suite pop-ups. What remained were two issues:1. When using search engines I am redirected to different sites other than the ones I click on. This happens randomly although when it does the sites I am redirected to are reoccurring. 2. Typing my destination in the URL I am redirected to the Microsoft Search Engine "Bing" instead of directly to the designated website. Before I would just type "Facebook" into the URL and it would forward to Facebook's main page or "Wikipedia" and it would forward to Wikipedia's main page. I am now redirected to Bing's Search Engine results for whatever is typed into the URL. Now I must include ".com" to my URL search or the full address to be forwarded to the correct site. The Programs I have installed and ran are:CSShredderMalware BytesSpybot S & DMicrosoft Malicious Software Removal ToolAd AwareWebroot Spy SweeperCCleanerRegistry Defrag Also I have Uninstalled/Installed/ and run three different Anti Virus Programs:AVG Anti VirusEset Nod 32Webroot Anti VirusAlthough all of these programs have found some Trojans,Viruses, Adware and removed them; those two issues still persist.I am currently back to using AVG Anti Virus. The laptop is running Widows Vista, SP2. I've also taken the tim... Read more

Answer:URL Redirect and Google Link Redirect

I received no response so I read through a few of the similar posts.
Downloaded rkill, FixEXE, and Superantispyware. I would link to the thread here that I saw this in but cant seem to find it. Everything seemed to work fine after restart but soon those two issues resurfaced again.

I've also checked to make sure DNS was set properly.

2 more replies
Relevance 29.11%

I've been lurking around this site for a while, so when AV security showed up on my desktop, this was the first place I came. Thanks to Grindler for posting an awesome AV security removal guide. I haven't had any problems with AV Security since performed the removal, but now I get redirected constantly and I am quite literally going insane. To make matters worse, it even seems to be redirecting me when I use Firefox! I thought for sure I could just use firefox until I got my IE issues worked out but I guess not I've ran Malwarebytes, SUPERAntispyware, AVG, Spybot, Ccleaner, and a host of other scans that I can't even remember now. Please help me before I completely lose my mind. Any help from anyone at any time would be much appreciated. Here's the hijackthis log if you need it:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:16:39 AM, on 7/3/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\av... Read more

Answer:Redirect, redirect, redirect, really getting sick of this

Hello justin1981, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Ask Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know as stated in the following Articles:http://www.benedelman.org/spyware/ask-toolbars/http://vil.nai.com/vil/content/v_185490.htmI suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Ask Toolbar.2.Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (gen... Read more

12 more replies
Relevance 28.29%

I am presently attempting to fix my grandfathers computer, and unfortunately this thing has a ton of issues, but that's simply because he *thinks* he knows what he's doing. It's so bad I've actually brought his desktop home with me and I've been working on it for the better part of the past 4-5 days. Thus far, I've removed over 20 different toolbars, add-ons, etc. that have no purpose, but I can't seem to get rid of these two.

In regards to the Babylon toolbar, I've tried everything I can think of, but it's still showing up all over Mozilla Firefox. I have removed Babylon Toolbar from the control panel, I've changed the FireFox homepage back to the default, I've removed Babylon as a search provider, and I've attempted to uninstall Babylon from the FireFox Add-on tab. However, there are still Babylon entries all over the about:config page and google searches somehow automatically become Babylon tabs. I've also tried completely uninstalling FireFox (using Revo Uninstaller), however after re-installing Firefox, the about:config is still riddled with Babylon entries.

And it's pretty much the same thing with Funmoods and IE. I've uninstalled Funmoods through the control panel, and I can't find it anywhere else, but any search automatically redirects through funmoods.

Thus far, I've run (individually over the past few days): Avast! full scan (both running and through startup), Malwar... Read more

Answer:Babylon Toolbar/Redirect Removal (FireFox) & Funmoods Toolbar/Redirect (IE)

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.



REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.




In regards to the Babylon toolbar, I've tried everything I can think of, but it's still showing up all over Mozilla Firefox.Click to expand...

We are going to be uninstalling your old version of FireFox and installing the new version. So do the below to save bookmarks:


Run FireFox and click Bookmarks.
Then select Organize Bootmarks.
Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.
Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla FireFox

You will need exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

Start by uninstalling FireFox (USE REVO UNINSTALLER!!!) and then reboot. Do not skip the reboot.
After reboot, delete the below folders:

C:\Program Files (x86)\Mozilla Firefox
C:\users\UserAccount\AppData\Roa... Read more

9 more replies
Relevance 27.47%

Hello. I've been infected with the Google Redirect virus. When it first happened, I did a search and found that there would be a wdmaud file in my Windows System 32 folder. Indeed, that was true. (although I don't believe it has the .sys extention. It's labeled as a device driver) I've run PC Tools Spyware Doctor. Found some viruses but didn't fix the problem. Downloaded McAfee and ran it but didn't find anything. Did another search which suggested using OTM to first remove wdmaud and then to download and use malware. I did it. It actually found some infections and I deleted them - but still, the virus remained. I downloaded SpyHunter and superspy something and they both didn't do anything. Please note - all of the spyware was downloaded after I was affected.

I cannot reboot in safemode. It won't let me. I keep getting a blue screen with error messages.

Any help? And if I just reinstall Windows XP will it be a quick fix or will it not fix the problem?

I'm a cartoonist, not a programmer, so bear with me.

Thanks in advance for any help. I did just download ComboFix but this site said to not run it without being asked by a helper. So here I am.

Edit - I forgot to add that one site told me to turn off System Restore and try malware which I did and did not help. But that means I lost my System Restore info.

Edit2 - Also - forgot to add that I also tried Unhack Me and that didn't help either.

Answer:Google Redirect/wdmaud virus, the dreaded redirect virus

if I just reinstall Windows XP will it be a quick fix or will it not fix the problem?It will need to be a complete install not a repair installWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

1 more replies
Relevance 27.06%

I had a trojan that I got rid of & was having problems with Firefox re-directing me when I had a URL without a protocol specified.

Firefox no longer does the redirect, but my Hijack This log shows redirect registry entries.
Any advice would be appreciated.

Thanks;
Dan

Answer:Redirect entries in HJT, but they DON'T redirect

If you want to post the HJT log, please do so (following all instructions for that forum) at BC Virus, Trojan, Spyware, and Malware Removal Logs - http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/.This forum does not deal with malware issues, since the more qualified personnel to do such...are available at our various malware forums.Note the Preparation Guide - http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/, posted at the top of the forum page.Louis

2 more replies
Relevance 27.06%

I use Active Directory on 2003 Standard, and in the group policy settings I have set up folder redirection for the 'my documents' folder.

I have set it up as 'Basic' redirect to the following location

X:\

And when the user logs on, a bat file connects X:\ to "\\server\users\%username%\my documents"

However, the my documents folder is full of little icons saying offline folder, and then when the user logs off, everything is backed up into the correct folder.

IS there any way of making it connect my documents to the actual folder live. Without offline folders.

Cheers
 

Answer:Redirect doesn't redirect =o|

I don't understand why you would redirect folders to a mapped drive rather than use the UNC but I'm sure you have your reasons. All I've found is this from Microsoft however it does say that it's disabled in Windows 2003 by default.
"Redirected Folders automatically made available offline

By default in Windows XP and Windows Server 2003, any redirected shell folders such as My Documents, Desktop, Start Menu, and Application Data are automatically made available offline. This is in contrast to Windows 2000, which required administrators to configure the Administratively assigned offline files policy setting to ensure all files in the redirected folders were always available offline. This setting was difficult to use with advanced folder redirection, and involved extra administrative overhead.

The default behavior can be overridden by enabling the Do not automatically make redirected folders available offline policy. This setting can be found in the Group Policy Object Editor in the User Configuration\Administrative Templates\Network\Offline Files section.

Note that on Windows Server 2003 Offline files are disabled by default."
Joe
 

3 more replies
Relevance 26.24%

Hi,
I have been having a redirect problem for about a month now, and I can't seem to get rid of it. Every time I try to google search something the links I click are not the links I want to be opened. I either get redirected to some site called elocals.com or google-analytics. I am using Google Chrome. Any help would be appreciated, thanks!

DDS (Ver_10-11-27.01) - NTFSx86
Run by Jem at 10:17:46.47 on Sat 12/04/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1917.1123 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C: ... Read more

Answer:Infected with Google Redirect/ Google Analytics Redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

15 more replies
Relevance 21.73%
Question: IE redirect

Windows XP Home the IE keeps being redirected to vnmxjcx.com when trying to goto web sites. Any help will be appreciated

THANKS
Leo
 

Answer:IE redirect

Hi and welcome

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

3 more replies
Relevance 21.73%
Question: IE redirect

First of all thank you in advance for your help. I don't know what else to do, and it's reassuring to know there are people out there willing to help. Thank you so much!

While using IE, I'll go to google and do a search. For example, pencil, wiki. I'll click the link from google to go to the wikipedia page for pencil, and I'll actually go to a different website. It's a different one each time, but Tazinga! has come up a couple of times.

I use AVG, but recently downloaded Avast. Avast found a redirect trojan, "JS-Redirector-L[Trj]." Even though it found the problem, it didn't seem to fix it. I've since deleted Avast according to your instructions.

I can get my hands on an install disc or a boot CD.


DDS (Ver_09-10-12.01) - NTFSx86
Run by Laura at 14:07:49.82 on Mon 10/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.362 [GMT -5:00]

AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\System32... Read more

Answer:IE redirect

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.Open Spybot Search & Destroy.
In the Mode menu click Advanced mode if not already selected.
Choose Yes at the Warning prompt.
Expand the Tools menu.
Click Resident.
Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
If TeaTimer gives you a warning that changes were made, click the Allow Change box when prompted.
In the File menu click Exit to exit Spybot ... Read more

5 more replies
Relevance 21.73%
Question: www Redirect

I am a new member of this forum.
My home PC appears to be infected.
System:
OS: Windows XP SP3
Protection: BitDefender IS 2009

Symptoms:
- frequent redirects to highly suspicious looking web sites (non only from Google searches but also from Bing and Yahoo searches)
- Google Chrome browser: all pages unresponsive, including settings
- application tdsskiller.exe does not run

Solutions attempted so far
- scans in normal and safe mode using Spyware Doctor, Malware Bytes, Spybot S&D, Emmisoft

I would be very grateful for any help your moderators could provide and undertake to follow their instructions to the letter.

Answer:www Redirect

Hello.

What happens when you try to run tdsskiller.exe?

~Blade

7 more replies
Relevance 21.73%
Question: Redirect????

I have been having redirect issues with Yahoo and Google on Firefox and IE. Microsoft Essentials hasn't picked up anything and (4 times)Malwarebytes freezes and can't complete a scan. Eventually Malware shuts down and I get a blue screen with a full page of text. I read the following link and it sounds like me.http://www.bleepingcomputer.com/forums/ind...amp;hl=redirectbut not 100% sure. Can you help me. I have searched and searched the internet for help but to no avail.

More replies
Relevance 21.73%
Question: Redirect and Lag

Anytime we us a search engine we are redirected to pages that have nothing to do with what we are searching for. We have major internet lag. As well, it seems to take a long time to launch anything from the desktop.

Hope you can help.

LadyBaugham

I hope you don't mind the way I sent it in. I tried to send it by the directions but I kept getting a RELOAD Error with my internet when I tried to send it the way you asked for it.

I had to attach my files I could not post with it in the body of the message.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-13 13:40:47
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\JEFF~1.BAU\LOCALS~1\Temp\fwddqpod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xAAE39370]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xAAE37420]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateKey [0xAAE2A7A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xAAE390A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kasper... Read more

Answer:Redirect and Lag

Bump Please

16 more replies
Relevance 21.73%
Question: IE Redirect

I have XP and am having problems with my Internet Explorer browser. The home page comes up fine as well as many other sites. However quite a few pages get redirected to a "www.incredifind.com" site and then I cannot access the site I want at all. Any suggestions?
 

Answer:IE Redirect

Please DO NOT post duplicates.

Reply here:

http://forums.techguy.org/t214993/s.html

Closing duplicate.
 

1 more replies
Relevance 21.73%
Question: IE Redirect

I am having a redirect issue in IE 8. Whenever searching (Yahoo,Google) clicking on a link gets redirected to random sites. I have run multiple spyware removers to no avail. I have already run Kasperky so it doesn't look like it's the TDSS variant. Here is the COMBOFIX logfile. Any help is appreciated:
ComboFix 11-02-05.01 - Martin 02/05/2011 15:34:03.1.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4054.1841 [GMT -5:00]
Running from: c:\users\Martin\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64&... Read more

Answer:IE Redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

5 more replies
Relevance 21.73%
Question: redirect

Hi,

After a search on Yahoo or Google , I click on one of the returned results and get redirected to shopping sights

I have run Ad Aware and Spybot killer and AVG Spywayre but the problem continues

here is my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 1:38:26 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Thomson\Lyra Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Fil... Read more

Answer:redirect

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.
 

3 more replies
Relevance 21.73%

Hi! I recently had a run in with the Windows XP Repair bug, and was able to fix my computer, get the windows repair bug off, etc., but I am still left with the redirect virus, that doesn't just affect google, but yahoo and any other browser as well, in both internet exlorer and firefox. When I click on search results it will redirect me to a random website, and it has blocked anti-redirect websites from my searches. Sometimes, even when not running internet explorer, the "Internet Explorer has crashed" box will pop up.

I have an Acer laptop, with Windows XP. Any help would be much appreciated!

Oh! I almost forgot, I have tried running TDSSkiller, and it will not run! The hourglass appears for a moment, disappears, and then nothing happens.

Answer:Ah, yet again, redirect bug

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Set... Read more

15 more replies
Relevance 21.73%
Question: redirect

Hello, I'm wondering if anyone can help me with an issue. When ever I go to google and click on a link, it redirects me to a different page. I've looked everywhere on here for this with now luck. My malwarebytes doesn't find anything but keeps blocking access to a ip address from csrss.exe. I am running Windows 7 64bit and have been using Firefox.

Answer:redirect

I'm probably going to get scolded for being the first replyer, but allow me to redirect you to another post, and save the admin some time :3

I believe this
http://www.bleepingcomputer.com/forums/topic416845.html
is your card? (so to speak)
There a quite a few of problems like this popping up, I have the same one but I don't have MBAM pro so It's not blocking anything from anywhere.

2 more replies
Relevance 21.73%
Question: IE8 redirect

Hi

I'm having problems similar to a lot I've read about where when I click a link from a google search I randomly get some other site. It can happen every time I click the link or not at all, sometimes I get a blank tab then a random site. When I first noticed it I tried to run a virus scan but found that Comodo Anti Virus was disabled and wouldnt start, I reinstalled it and ran a scan, removed an issue it found but still have the same problem.

Text and files attached as requested


DDS (Ver_10-03-17.01) - NTFSx86
Run by Home at 22:50:06.87 on 20/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2048.1168 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL... Read more

Answer:IE8 redirect

Hi,

Please do the following:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

14 more replies
Relevance 21.73%
Question: redirect

when i log in to this site its gets to the page saying you are now logged in and will be redirected in a couple of seconds, i am not redirected and have to go and click on the redirect button i know this takes no effort but i was just wondering why i dont get automatically redirected as before

Answer:redirect

problem righted itself

1 more replies
Relevance 21.73%

I have run all the remove melware programs. Attached is the logs from them.

TIA
 

Answer:Help Redirect 63.209.69.107

I didn't post my specs in fors post sorry.

eMachine T612
AMD Athlon 64 processor 3200+
2.75GB ram
Windows XP Home
Version 2002
Service pack3
 

4 more replies
Relevance 21.73%
Question: IE7 Redirect

For the last coupe of days i am haivng the same problem as 'Railtja'

http://forums.techguy.org/malware-r...563113-solved-ie7-search-redirect-hijack.html

I have managed to 'clean up' my machine as mch as possible but in IE7, right click 'open a new tab' and i get redirected to another radndom page. IE 7 also seems to have slowed alot.

can anyone help??

Many thanks
Mack
 

More replies
Relevance 21.73%
Question: redirect

Hello!
I've been redirected to a about:blank page
where SpywareQuake appears.
Can you please help me?

Logfile of HijackThis v1.99.1
Scan saved at 21.45.32, on 20/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\backup250405\programmi_scaricati\hijackers\ewido\ewido anti-malware\ewidoctrl.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Quick Time\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\re... Read more

Answer:redirect

Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix.zip and extract the content (a folder named SmitfraudFix) to your desktop.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Download Ewido Security Suite at http://www.ewido.net/en/download/

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you might get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on start update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can... Read more

3 more replies
Relevance 21.73%
Question: redirect

i get redirecred in firefox and random pop ups.any help would be greatly appreciated.

Answer:redirect

thanks for the reply to my redirect problem,but i may have a bigger problem.I am getting so far and then i get bsod.im on a differant computer now to post this.
what do do now any help will be greatly appreciated.

16 more replies
Relevance 21.73%
Question: redirect

Using IE google search, when I select a search result, I get redirected to another page that has nothing to do with the search result. If I "go back" from the redirected site and try again it will take me to the page requested.

HJt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:06 PM, on 3/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program ... Read more

More replies
Relevance 21.73%
Question: help with redirect

i.m having a problem with web sights being redirected on opening. I have a hijackthis log file (see below) I'm running windows xp home edition. I have zone alarm pro and have run anti spy and anti virus with no luck. Any suggestions would be appriciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:21 PM, on 2/7/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 ... Read more

Answer:help with redirect

No help with this?

4 more replies
Relevance 21.73%
Question: Redirect help

hello, thanks for the help im having a problem with my computer redirecting me to websites when i search something on a search engine. example: i search something on google and click on a link and it opens a new window to some random page if i close the page and re open the link it works fine. it also tells me i have a connection problem when i go to some sites and i have noticed my cp running rather slow. im new to this forum, if i left off anything u need let me know. thanks again for the help


DDS (Ver_10-03-17.01) - NTFSX64
Run by Kye at 16:16:44.65 on Mon 09/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1535 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program... Read more

Answer:Redirect help

Bump!!

19 more replies