(Msg. 1) Posted: Wed Feb 27, 2008 8:54 pm
Post subject: Google search results redirected?? Archived from groups: alt>comp>virus (more info?)
I am trying to help someone that is having a problem with Google search
results being redirected to other pages. For instance if I try a Google
search for Microsoft and click on a link I get a page that takes me to
Microsoft search results on Ebay. Some search results go to pages for other
lesser known search engine pages. other results take the user to pages with
lots of advertisements. If I enter a URL in the address bar it takes me to
the right place. Google is the user's homepage and in IE properties it shows
http://www.google.com . Intersting is that when http://www.google.com shows
in the address bar instead of the Internet Explorer symbol just to the left
of the http there is a different symol which is red in color.
The computer is XP Pro SP2 using Internet Explorer 7 with all current
Microsoft security updates and default IE settings. The AV was Symantec AV
that had expired in 10/07. I replaced with Trend Micro 2008 AV and using
Spyware Doctor from http://pack.google.com . The problem does not happen
with Firefox but the user still wants to use IE for some things. Otherwise
the computer performs well with no other know issues.
Things I have tried:
Booting into Bart's PE, deleted temp files and scanned with Trend Micro
Sysclean and McAfee command line using latest definition files. A few
trojans were found and removed by each. Reran each to make sure nothing else
was found. Booted into Safe Mode and used Autoruns to check everything shown
including dlls removing anything suspicious other than Microsoft items. Did
the same with hijack this. Disabled all addons in IE. Checked Control Panel
add and remove programs and removed anything not needed and suspicious and
checked services.msc for anything suspicious. Ran full scans with AdAware
SE. Spyware Sweeper, Spyware Doctor, and AVG spyware all of which found
some things that were removed. Reran programs again until they came up as
clean and also did in regualr mode. In Safe mode ran Smitfraudfix, Vundofix,
Winsockfix, CWshredder, and Fixwareout. Checked hosts file which was default
anyhow after Winsockfix and the trusted zone in IE for anything that should
not be there.
As of now all spyware and AV scans come up clean yet the Google search
redirect problem still exists. There are no pop ups or other problems seen
on the computer. One thing I forgot to do which I will try next time is to
reinstall Interent Explorer and see if the problem exists in Safe Mode with
networking. I may also try creating a new profile for the user. Anyone have
any idea what is causing the Google search redirects or what else to try to
remove the problem or to try and identify it?? Unfortuneatly I am not going
to be able to try repairs again until later next week so I can't report back
any results sonner than that but I would appreciate any advice, experience,
or ideas. The user can not correlate any events such as software install,
downloads, or any updates to the time that the problem began.
(Msg. 2) Posted: Thu Feb 28, 2008 3:04 am
Post subject: Re: Google search results redirected?? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"Steve" <> wrote in message
snip
I didn't see where you disabled system restore.
Disable system restore, do your clean boot and
command line virus/spyware/trojan scan.
Now boot to normal and do another scan.
Finally, re-boot and enable system restore, if
symptoms are gone.
(Msg. 3) Posted: Thu Feb 28, 2008 3:04 am
Post subject: Re: Google search results redirected?? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Thanks for that tip. I will try it.
Steve
"Russg" wrote in message
>
> "Steve" <> wrote in message > snip
> I didn't see where you disabled system restore.
> Disable system restore, do your clean boot and
> command line virus/spyware/trojan scan.
> Now boot to normal and do another scan.
> Finally, re-boot and enable system restore, if
> symptoms are gone.
>
>
(Msg. 4) Posted: Fri Feb 29, 2008 5:00 pm
Post subject: Re: Google search results redirected?? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Steve wrote:
> I am trying to help someone that is having a problem with Google search
> results being redirected to other pages. For instance if I try a Google
> search for Microsoft and click on a link I get a page that takes me to
> Microsoft search results on Ebay. Some search results go to pages for other
> lesser known search engine pages. other results take the user to pages with
> lots of advertisements. If I enter a URL in the address bar it takes me to
> the right place. Google is the user's homepage and in IE properties it shows
> http://www.google.com . Intersting is that when http://www.google.com shows
> in the address bar instead of the Internet Explorer symbol just to the left
> of the http there is a different symol which is red in color.
>
I've noticed myself that some of the links that google provides
lead to other search engines, and many of them lead to web pages that
dont have what google's synopsis said they had. Before you click a
link in google, hover the mouse over it and look at the status bar
to see where it will lead. And if the link, once you click it, leads
to something stupid, try going back to the googlesearch and glick on
"cached", to see the page that existed when google scanned the site.
The problem might just be web sites that change after google scans
them, or which have misleading keywords causing google to mislist them.
(Or, i suppose its possible you might have malware directing you to a
fake version of google)
(Msg. 5) Posted: Fri Mar 07, 2008 3:32 am
Post subject: Re: Google search results redirected?? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Well I finally fixed it. I found a suspicious O21 - SSODL entry in the
HijackThis for a file named zip.dll. I tried to remove it via HijackThis and
it kept coming back. I found the file, renamed it, rebooted, logged on as
the user and the Google redirected searches via Internet Explorer went away.
After reading more about HijackThis it seems any O21 - SSODL entry found
should be suspected as malicious.
Steve
"Steve" wrote in message
>I am trying to help someone that is having a problem with Google search
>results being redirected to other pages. For instance if I try a Google
>search for Microsoft and click on a link I get a page that takes me to
>Microsoft search results on Ebay. Some search results go to pages for other
>lesser known search engine pages. other results take the user to pages with
>lots of advertisements. If I enter a URL in the address bar it takes me to
>the right place. Google is the user's homepage and in IE properties it
>shows http://www.google.com . Intersting is that when http://www.google.com >shows in the address bar instead of the Internet Explorer symbol just to
>the left of the http there is a different symol which is red in color.
>
> The computer is XP Pro SP2 using Internet Explorer 7 with all current
> Microsoft security updates and default IE settings. The AV was Symantec AV
> that had expired in 10/07. I replaced with Trend Micro 2008 AV and using
> Spyware Doctor from http://pack.google.com . The problem does not happen
> with Firefox but the user still wants to use IE for some things. Otherwise
> the computer performs well with no other know issues.
>
> Things I have tried:
>
> Booting into Bart's PE, deleted temp files and scanned with Trend Micro
> Sysclean and McAfee command line using latest definition files. A few
> trojans were found and removed by each. Reran each to make sure nothing
> else was found. Booted into Safe Mode and used Autoruns to check
> everything shown including dlls removing anything suspicious other than
> Microsoft items. Did the same with hijack this. Disabled all addons in IE.
> Checked Control Panel add and remove programs and removed anything not
> needed and suspicious and checked services.msc for anything suspicious.
> Ran full scans with AdAware SE. Spyware Sweeper, Spyware Doctor, and AVG
> spyware all of which found some things that were removed. Reran programs
> again until they came up as clean and also did in regualr mode. In Safe
> mode ran Smitfraudfix, Vundofix, Winsockfix, CWshredder, and Fixwareout.
> Checked hosts file which was default anyhow after Winsockfix and the
> trusted zone in IE for anything that should not be there.
>
> As of now all spyware and AV scans come up clean yet the Google search
> redirect problem still exists. There are no pop ups or other problems seen
> on the computer. One thing I forgot to do which I will try next time is to
> reinstall Interent Explorer and see if the problem exists in Safe Mode
> with networking. I may also try creating a new profile for the user.
> Anyone have any idea what is causing the Google search redirects or what
> else to try to remove the problem or to try and identify it??
> Unfortuneatly I am not going to be able to try repairs again until later
> next week so I can't report back any results sonner than that but I would
> appreciate any advice, experience, or ideas. The user can not correlate
> any events such as software install, downloads, or any updates to the time
> that the problem began.
>
> Thanks Steve
>
>
>
(Msg. 6) Posted: Fri Mar 07, 2008 3:32 am
Post subject: Re: Google search results redirected?? [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
From: "Steve"
| Well I finally fixed it. I found a suspicious O21 - SSODL entry in the
| HijackThis for a file named zip.dll. I tried to remove it via HijackThis and
| it kept coming back. I found the file, renamed it, rebooted, logged on as
| the user and the Google redirected searches via Internet Explorer went away.
| After reading more about HijackThis it seems any O21 - SSODL entry found
| should be suspected as malicious.
|
| Steve
|
Please submit the renamed DLL to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.
You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN
When you get the report, please post back the exact results.
(Msg. 7) Posted: Mon Apr 27, 2009 11:59 pm
Post subject: help [Login to view extended thread Info.]
Having the same issue, but I cannot isolate a file yet that seems to be causing the issue. Below is my log file from hijackthis. Any help would be GREATLY appreciated. As you'll see, have tried many programs to eradicate this nuisance.
(Msg. 8) Posted: Wed Jun 03, 2009 9:59 am
Post subject: [Login to view extended thread Info.]
How to fix Google search results redirect redirected
I am using Windows XP and Mozilla Firebird as browser
Also affects all users names on computer.
IF you are being redirected to random ad sites then this is the fix that I got after 3 days. Have tried AdWare, S&D, MalWareBytes, SmitFraudFix, 7770Finder, ESET NOD32, CCleaner and a few other scrubs and probably a few I cant remember.
HijackThis did nothing and showed nothing as you can see from ppls post above. NOT to say its not good cause in the past it has worked. Just thik for one this is to new and two its in the registry.
Symptoms: Do a Google search in an actual browser window, NOT THE TOOL BAR %&*$. I would get the results I was looking for with the correct URLs under each result. Like searched Microsoft and it would come up with addresses from microsoft like: http://www.microsoft.com/ - 76k or http://www.microsoft.com/DOWNLOADS/en/default.aspx - 44k -
BUT when clicking a link I would usually get the page that it said the first time but when going back to the search results the next link would be some ad site with usually no WWW at the beginning. And this would last about 4 clicks. That is, by going to stupid ad site then back to results 4x then finally getting the page it was suppose to show.
Reason I am giving you whole speal is because there are alot of so similar ones out there.
Heres the fix. Wish I could give thanks to where I found it but cant find page now. Can remember the guy found it on his own and his last words are something like "kick the computer, format the drive, tell landlady she aint gettin money" or something like that .
Never mind found it with what I said above about his quote in Google that now works correctly. Maybe it did not fix his and thats the reason he said it. But it gave me the direction to fix it, after days of trying everything. http://emptees.com/posts/14105-f-ing-gogoogle-redirection-malware-problem-resolved (http://emptees.com/posts/14105-f-ing-gogoogle-redirection-malware-prob...-resolv)
So DLed the TR software http://www.simplysup.com/ it came up with this registry key. It came up with below registry location with the Kungs...thing.
IF YOU SCREW UP AND MESS SOMETHING UP IN THE REGISTRY YOU CAN HOSE THE WHOLE COMPUTER. SO IF YOU DONT UNDERSTAND OR KNOW WHAT YOU ARE DOING GET SOMEONE THAT DOES.
Heres the key it came up with:
HKEY_CURRENT_USERSoftwareMicrosoftSearch AssistantACMru5603
And the values that were bad:
kungsfaswwqlmq.sys and tdssserv.sys
Now two different ways to do this, you can either delete the key or just he values. "Delete the key. To prevent keeping a history altogether, right click ACMru/Permissions/Deny all users and groups listed." This is from another website: http://www.kellys-korner-xp.com/xp_tweak_bookmarks.htm AND even has a script to do above for you: http://www.kellys-korner-xp.com/ClearRecent.Exe
I really hope this helps. Honestly could not find this anywhere. I guess its something new.
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Home
Forums
Home
FAQ
Search
Profile
Private Messages
Log in
Security