Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Network wide google redirect


  • Please log in to reply

#1
hndc

hndc

    New Member

  • Member
  • Pip
  • 1 posts
This one is giving me a heap of trouble, and you guys seem to have some experience fighting these things.

I have a wireless network (through a combination modem/router from the cable company) with 3 computers connected (2 running vista 64, 1 running xp 32), and all are getting the standard google redirect symptoms. All searches point to a link that starts with results5.google.ca, and opens up advertising in a new tab. Oddly, refreshing the page brings up the proper google page, with normal links. I'm pretty sure the bug is hiding on my netbook (running xp). I've followed both the general malware guide and the google redirect guide, and the other two computers come up clean on TDSS killer, MBAM and Microsoft Security scans.

The netbook comes up clean on GMER, but MBAM and MSSE hang when quick searching. I can only use it in safe mode now, because on a normal boot, dozens of system processes open up for a particular .dll file. It's in the OTL log, here.

(For some reason I can't post the log. Will try to reply to this with it.)

Every time I try to post my log, the forum says "you must enter a post" and won't let me post. I've tried a new topic, I've tried editing this one, and I've tried replying. Is this a length issue?

Edited by hndc, 06 August 2010 - 09:54 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,136 posts
  • MVP
It sounds like your modem/router has been infected. You are probably right that the XP netbook is also infected but it is common these days for a bug to also infect the router if it doesn't have a password or if it uses the default password. I would turn off the one you think might be infected then reset the router. (There is usually a reset button which you need to hold down for 10-30 seconds depending on model. You will need to logon to the router (best to plug directly into it), change the password and redo your wireless encryption.)

There is a limit on the size of a post and I don't think the forum software is very good about telling you that a post is over limit so you might try breaking the OTL log up into smaller pieces and see if you are able to post that way. Some malware has also figured out a way to keep you from posting. You might try attaching the post and see if that works. If you click on my name there is a link to my email. If all else fails try sending it as email text or attachments.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


Download but do not yet run ComboFix until you have read all of the instructions.
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus program at this time :!:


Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP