For the last month or so, whenever I try to do a search on GOOGLE, the links given by the search do not match the search I was doing. For example when I search "The Villages" I get links for BIZRATE.com and other shopping and ad websites, etc. Only happens on one of my computers. The other one is fine. Has anyone else experienced this problem. Is there a solution. I've run Norton antivirus and AdAware anti spyware on the computer where this happens but I still get redirected.

Thanks.

-Dave-

Yes your search engine has been hijacked. Normal anti spyware programs will not kill it no matter what they say - I tried!

I ended up using some very powerful but basic kill programs (Hijack this, Killbox etc.) that will get rid of them but these programs are not for the novice and they do not work automagically like the others.

I'd suggest that you contact the midstate PC guy on this thread to help you out or just save your personal files and kill your hard drive and reload Windows etc. Again not for the novice!

Russ

Most likley 'not' a virus but the Google site may have been hijacked. Use freeware like "NoScrihttp://noscript.netpt" ... which works with the browser 'Firefox' ... to control these malicious scripts.

http://noscript.net/

Yes your search engine has been hijacked. Normal anti spyware programs will not kill it no matter what they say - I tried!

I ended up using some very powerful but basic kill programs (Hijack this, Killbox etc.) that will get rid of them but these programs are not for the novice and they do not work automagically like the others.

I'd suggest that you contact the midstate PC guy on this thread to help you out or just save your personal files and kill your hard drive and reload Windows etc. Again not for the novice!

Russ
Thanks, Russ, for the info. I'm not an IT but can work around computers. Who is the midstate PC guy on this thread?

-Dave-

Most likley 'not' a virus but the Google site may have been hijacked. Use freeware like "NoScrihttp://noscript.netpt" ... which works with the browser 'Firefox' ... to control these malicious scripts.

http://noscript.net/
That's what I suspected. A highjacking should affect both computers not just one though. I'll try that link you sent me. Thanks.

-Dave-

Yes your search engine has been hijacked. Normal anti spyware programs will not kill it no matter what they say - I tried!

I ended up using some very powerful but basic kill programs (Hijack this, Killbox etc.) that will get rid of them but these programs are not for the novice and they do not work automagically like the others.

I'd suggest that you contact the midstate PC guy on this thread to help you out or just save your personal files and kill your hard drive and reload Windows etc. Again not for the novice!

Russ

Russ,

I found the midstatePC website. Also found the "hijack this" web site. If you run HIGHJACK THIS just for a scan, you will get a list. How did you find out what was malware on that list? Is there a reference web site that tells you what to look for?
Thanks.

-Dave-

I remember just doing enough searches to find the name of the malware that caused this type of mislead. I then searched my PC for the .exe listed and found it. The tough part was killing it. You couldn't just delete because it reinstalled itself. That's when I used the Killbox freebie application to permanently remove it.

Without being there it's hard for me to know which search hijacker it is.

I have been in contact with Dave through email. I offerd to review the list generated by hijackthis! and report back any entries that looked suspicious.
I also recommend to anyone the program "spybot search and destroy" I've used it for years and It has saved many a computer from the "reinstall shuffle"

http://www.safer-networking.org

Thanks for the recommendation of that program. Best of all it is FREE!

I didn't have the problem mentioned in this thread but it did notice others and cleaned them up.

Russ

If you've only had the problem for a few weeks or so can't you do a system restore to a date 4 to 6 weeks ago??? Just a thought....GN

If you've only had the problem for a few weeks or so can't you do a system restore to a date 4 to 6 weeks ago??? Just a thought....GN

I thought of that. But before that, I scanned the hard drive with Ad-Aware and it found these three malwares and deleted them.


Deep scanning and examining files (C)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Rootkit.Agent Object Recognized!
Type : File
Data : A0088412.sys
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP559\

FileDescription : System Audio WDM Filter


Win32.Trojan.Agent Object Recognized!
Type : File
Data : A0090373.pmt
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP567\



Win32.Rootkit.Agent Object Recognized!
Type : File
Data : A0090426.sys
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP568\

FileDescription : System Audio WDM Filter

The malware appeared to be hidden in the directory that System Restore uses.

Tried to use System Restore for a restore point six weeks ago but it reported that it could not restore to that point. So I don't know if Ad-Aware, when it deleted those files, compromised the system restore function.

-Dave-

If you have spybot installed, try that. it may need to scan at startup, so you will have to go through it twice. but it has a chance of killing it.

If you have spybot installed, try that. it may need to scan at startup, so you will have to go through it twice. but it has a chance of killing it.

Thanks. That's my next plan of attack, using SPYBOT. Meanwhile, SYSTEM RESTORE doesn't seem to be able to restore to an earlier point. It functions OK then reports back that it can't restore. All of this stuff was funtioning normally a month ago. Ad-Aware scans were OK up to yesterday when it found those three malwares. Otherwise, it was just finding data mining cookies only.

-Dave-

You might want to also give a look-see at MalwareByes.org (http://www.MalwareByes.org) -- their software is great at cleaning up various malware/trojans. I've found Ad-Aware to not be as up-to-date as their product.

The other great source for all things evil and their fixes on the internet is the BleepingComputer (http://www.bleepingcomputer.com/forums/) forums.

They have a tool - ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) - that is also specifically designed to fix DNS hijacking but it too is not meant to be used by the faint of heart as it is pretty sophisticated.

Good luck!

If you have spybot installed, try that. it may need to scan at startup, so you will have to go through it twice. but it has a chance of killing it.

Hi Ted,

I installed and ran SPYBOT as you suggested.

It scanned and found several cookies and also found WildTangent both in the windows directory and registry. It deleted these items.

After all this, I still have the same problem with the GOOGLE search engine.

So that's where things stand right now.

-Dave-

I was asked if ComboFix was free or not. Since my reply also included additional info about the difficult time I personally had removing this DNS hijacking malware, I thought I'd post it to forewarn others....
------------------------------------------------------------------------
------------------------------------------------------------------------
I'm pretty sure it is still free-ware. I had to use it a week or so ago to fix my niece's college PC that got corrupted with both a DNS hijack and the bogus "AntiVirus 2009" malware programs. While the MalwareBytes tool is straight-forward, easy to run, and fixes the AntiVirus 2009 problem, I had a heck of a time with getting ComboxFix to clean up the DNS hijacking problem.

I kinda knew going in that it was going to be difficult after reading some other users' posts on various forums but figured worse case, I would just have to re-install the whole XP operating system - and was prepared to do so since she needed to head back to school with her PC. I downloaded the ComboFix software from the link in my previous message posting, disregarded their warning about not running it w/o working with one of their folks (I've been playing with PC's since before IBM came out with the XT in the 80's and used to work in internet security so I felt pretty comfortable), and took a chance.

I ended up having to run it 3 times to get it clean. To be honest though, while it was running the first time, I did not really pay attention and missed an error message. After running it each time, I then tested going to an internet link. It was not until after that 3rd time - about 2 hours later - that it was successful.

CAVEAT:
These various hijacking malware programs seem to be the "latest thing" in nuisance, kiddie script programs and they tend to play leapfrog with the fixes. So while one solution may work for one person's PC, you may have to scour the various forums for the latest tool to resolve what may be a more complicated issue in your specific case. How's that for a disclaimer-:)
-------------------------------------------------------------------------
--------------------------------------------------------------------------

That's what i meant earlier when I said that spyware/malware programs don't always ID the problem and/or fix them. Some of these malwares are very stubborn and it takes multiple approaces. I used the Spybot program and it did find many errors for which I'm grateful but new malware showed up yesterday. Not a biggie but it is tough to stop and prevent everything.

I use Firefox most of the time and it keeps most of the bugs away but it's only a matter of time. I guess that's why people like Midstate stay in business:bowdown:

Agreed -- definitely!!
I'm hoping he'll need some part-time help by the time we're ready to move down-:)

Yesterday I just signed us up with TV guest coordinator for a 6-night visit to check things out the last week in March....can't wait!!!

That's what i meant earlier when I said that spyware/malware programs don't always ID the problem and/or fix them. Some of these malwares are very stubborn and it takes multiple approaces. I used the Spybot program and it did find many errors for which I'm grateful but new malware showed up yesterday. Not a biggie but it is tough to stop and prevent everything.

I use Firefox most of the time and it keeps most of the bugs away but it's only a matter of time. I guess that's why people like Midstate stay in business:bowdown:

Here's an update. I ran the HIGHJACKTHIS program and it didn't find anything definitively serious. When I looked at the list, I could pretty much identify each item and the legitimate program it belonged to. I even saw a change or two that I myself had done. So, I think I'll give it a rest for awhile unless I develope a major problem.

-Dave-