[homeball]

For the last month or so, whenever I try to do a search on GOOGLE, the links given by the search do not match the search I was doing. For example when I search "The Villages" I get links for BIZRATE.com and other shopping and ad websites, etc. Only happens on one of my computers. The other one is fine. Has anyone else experienced this problem. Is there a solution. I've run Norton antivirus and AdAware anti spyware on the computer where this happens but I still get redirected.

Thanks.

-Dave-

[Russ_Boston]

Yes your search engine has been hijacked. Normal anti spyware programs will not kill it no matter what they say - I tried!

I ended up using some very powerful but basic kill programs (Hijack this, Killbox etc.) that will get rid of them but these programs are not for the novice and they do not work automagically like the others.

I'd suggest that you contact the midstate PC guy on this thread to help you out or just save your personal files and kill your hard drive and reload Windows etc. Again not for the novice!

Russ

[Midge538]

Most likley 'not' a virus but the Google site may have been hijacked. Use freeware like "NoScrihttp://noscript.netpt" ... which works with the browser 'Firefox' ... to control these malicious scripts.

http://noscript.net/

[homeball]

Quote:

Originally Posted by Russ_Boston

Yes your search engine has been hijacked. Normal anti spyware programs will not kill it no matter what they say - I tried!

I ended up using some very powerful but basic kill programs (Hijack this, Killbox etc.) that will get rid of them but these programs are not for the novice and they do not work automagically like the others.

I'd suggest that you contact the midstate PC guy on this thread to help you out or just save your personal files and kill your hard drive and reload Windows etc. Again not for the novice!

Russ

Thanks, Russ, for the info. I'm not an IT but can work around computers. Who is the midstate PC guy on this thread?

-Dave-

[homeball]

Quote:

Originally Posted by Midge538

Most likley 'not' a virus but the Google site may have been hijacked. Use freeware like "NoScrihttp://noscript.netpt" ... which works with the browser 'Firefox' ... to control these malicious scripts.

http://noscript.net/

That's what I suspected. A highjacking should affect both computers not just one though. I'll try that link you sent me. Thanks.

-Dave-

[homeball]

Quote:

Originally Posted by Russ_Boston

Yes your search engine has been hijacked. Normal anti spyware programs will not kill it no matter what they say - I tried!

I ended up using some very powerful but basic kill programs (Hijack this, Killbox etc.) that will get rid of them but these programs are not for the novice and they do not work automagically like the others.

I'd suggest that you contact the midstate PC guy on this thread to help you out or just save your personal files and kill your hard drive and reload Windows etc. Again not for the novice!

Russ

Russ,

I found the midstatePC website. Also found the "hijack this" web site. If you run HIGHJACK THIS just for a scan, you will get a list. How did you find out what was malware on that list? Is there a reference web site that tells you what to look for?
Thanks.

-Dave-

[Russ_Boston]

I remember just doing enough searches to find the name of the malware that caused this type of mislead. I then searched my PC for the .exe listed and found it. The tough part was killing it. You couldn't just delete because it reinstalled itself. That's when I used the Killbox freebie application to permanently remove it.

Without being there it's hard for me to know which search hijacker it is.

[midstatepc]

I have been in contact with Dave through email. I offerd to review the list generated by hijackthis! and report back any entries that looked suspicious.
I also recommend to anyone the program "spybot search and destroy" I've used it for years and It has saved many a computer from the "reinstall shuffle"

http://www.safer-networking.org

[Russ_Boston]

Thanks for the recommendation of that program. Best of all it is FREE!

I didn't have the problem mentioned in this thread but it did notice others and cleaned them up.

Russ

[golfnut]

If you've only had the problem for a few weeks or so can't you do a system restore to a date 4 to 6 weeks ago??? Just a thought....GN

[homeball]

Quote:

Originally Posted by golfnut

If you've only had the problem for a few weeks or so can't you do a system restore to a date 4 to 6 weeks ago??? Just a thought....GN

I thought of that. But before that, I scanned the hard drive with Ad-Aware and it found these three malwares and deleted them.


Deep scanning and examining files (C)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Rootkit.Agent Object Recognized!
Type : File
Data : A0088412.sys
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP559\

FileDescription : System Audio WDM Filter


Win32.Trojan.Agent Object Recognized!
Type : File
Data : A0090373.pmt
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP567\



Win32.Rootkit.Agent Object Recognized!
Type : File
Data : A0090426.sys
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP568\

FileDescription : System Audio WDM Filter

The malware appeared to be hidden in the directory that System Restore uses.

Tried to use System Restore for a restore point six weeks ago but it reported that it could not restore to that point. So I don't know if Ad-Aware, when it deleted those files, compromised the system restore function.

-Dave-

[midstatepc]

If you have spybot installed, try that. it may need to scan at startup, so you will have to go through it twice. but it has a chance of killing it.

[homeball]

Quote:

Originally Posted by midstatepc

If you have spybot installed, try that. it may need to scan at startup, so you will have to go through it twice. but it has a chance of killing it.

Thanks. That's my next plan of attack, using SPYBOT. Meanwhile, SYSTEM RESTORE doesn't seem to be able to restore to an earlier point. It functions OK then reports back that it can't restore. All of this stuff was funtioning normally a month ago. Ad-Aware scans were OK up to yesterday when it found those three malwares. Otherwise, it was just finding data mining cookies only.

-Dave-

[salpal]

You might want to also give a look-see at MalwareByes.org -- their software is great at cleaning up various malware/trojans. I've found Ad-Aware to not be as up-to-date as their product.

The other great source for all things evil and their fixes on the internet is the BleepingComputer forums.

They have a tool - ComboFix - that is also specifically designed to fix DNS hijacking but it too is not meant to be used by the faint of heart as it is pretty sophisticated.

Good luck!

[homeball]

Quote:

Originally Posted by midstatepc

If you have spybot installed, try that. it may need to scan at startup, so you will have to go through it twice. but it has a chance of killing it.

Hi Ted,

I installed and ran SPYBOT as you suggested.

It scanned and found several cookies and also found WildTangent both in the windows directory and registry. It deleted these items.

After all this, I still have the same problem with the GOOGLE search engine.

So that's where things stand right now.

-Dave-