OT:Google hijack

[Doum]

Sorry, I'm aware it's not exactly the right group but if you can guide me
in the right direction.

When I do a search in Google and I click on a result, I'm redirected to all
sort of pages that have nothing to do with my search.

I did a scan with ZoneAlarm Security suite, SuperAntispyware Pro and
Malwarebytes. Malwarebytes found one infected file and remove it but it
wasn't related with the Google problem.

Any idea.

This time, Google is NOT my friend.

TIA

 

[Nil]

On 05 Aug 2010, Doum <me@domain.net> wrote in
microsoft.public.windowsxp.general:

> When I do a search in Google and I click on a result, I'm
> redirected to all sort of pages that have nothing to do with my
> search.
>
> I did a scan with ZoneAlarm Security suite, SuperAntispyware Pro
> and Malwarebytes. Malwarebytes found one infected file and remove
> it but it wasn't related with the Google problem.

Check your hosts file (usually cwindows\system32\etc\hosts).

You may find that Google and maybe other sites are redirected to
another, bogus address. If so, make a backup copy of the file and edit
out everything other than the one line:

127.0.0.1 localhost

 

[Doum]

Nil <rednoise@REMOVETHIScomcast.net> écrivait news:Xns9DCB57EE670B5nilch1@
130.133.4.11:

> On 05 Aug 2010, Doum <me@domain.net> wrote in
> microsoft.public.windowsxp.general:
>
>> When I do a search in Google and I click on a result, I'm
>> redirected to all sort of pages that have nothing to do with my
>> search.
>>
>> I did a scan with ZoneAlarm Security suite, SuperAntispyware Pro
>> and Malwarebytes. Malwarebytes found one infected file and remove
>> it but it wasn't related with the Google problem.
>
> Check your hosts file (usually cwindows\system32\etc\hosts).
>
> You may find that Google and maybe other sites are redirected to
> another, bogus address. If so, make a backup copy of the file and edit
> out everything other than the one line:
>
> 127.0.0.1 localhost
>

Thank you for the quick reply.

I tried your suggestions and rebooted but it didn't work.

FWIW, my hosts file had only the above line and some comments lines
preceeded by "#", I removed those lines but no changes in Google behavior.

 

[The poster formerly known as 'The Poster Formerly]

Doum wrote:
> Sorry, I'm aware it's not exactly the right group but if you can guide me
> in the right direction.
>
> When I do a search in Google and I click on a result, I'm redirected to all
> sort of pages that have nothing to do with my search.
>
> I did a scan with ZoneAlarm Security suite, SuperAntispyware Pro and
> Malwarebytes. Malwarebytes found one infected file and remove it but it
> wasn't related with the Google problem.
>
> Any idea.
>
> This time, Google is NOT my friend.
>
> TIA

I bet you are using IE. This browser hijack likely has nothing to do
with google. Have you tried Spybot yet? Also clear out your temp
internet folders and jars if you have java installed.

 

[Doum]

The poster formerly known as 'The Poster Formerly Known as Nina DiBoy'
<me369@privacy.net> écrivait news:i3eev9$83n$1@speranza.aioe.org:

> Doum wrote:
>> Sorry, I'm aware it's not exactly the right group but if you can
>> guide me in the right direction.
>>
>> When I do a search in Google and I click on a result, I'm redirected
>> to all sort of pages that have nothing to do with my search.
>>
>> I did a scan with ZoneAlarm Security suite, SuperAntispyware Pro and
>> Malwarebytes. Malwarebytes found one infected file and remove it but
>> it wasn't related with the Google problem.
>>
>> Any idea.
>>
>> This time, Google is NOT my friend.
>>
>> TIA
>
> I bet you are using IE. This browser hijack likely has nothing to do
> with google. Have you tried Spybot yet? Also clear out your temp
> internet folders and jars if you have java installed.
>


I never said it had something to do with Google, I said that when I click
on a Google search result link it takes me to a page not related with the
link in the search result.

I am using IE AND Firefox. The problem exists in both browsers and began
when I tried to fix a problem which was Firefox freezing when there was a
video to play.

Now FF can play videos but Google is all f****d up.

Isn't Spybot the program that detects other anti-malwares programs as
MALWARES?

I'll check out "jars" but I already cleared IE temp files and cookies, in
FF I found where to clear history but nowhere it talk about "temp" files
and I don't necessarely want to clear history. I would prefer FF because
of the way it manages downloads but it is a little too buggy and crash
prone to my taste.

 

[norm]

On 08/05/2010 07:22 AM, Doum wrote:
> Sorry, I'm aware it's not exactly the right group but if you can guide me
> in the right direction.
>
> When I do a search in Google and I click on a result, I'm redirected to all
> sort of pages that have nothing to do with my search.
>
> I did a scan with ZoneAlarm Security suite, SuperAntispyware Pro and
> Malwarebytes. Malwarebytes found one infected file and remove it but it
> wasn't related with the Google problem.
>
> Any idea.
>
> This time, Google is NOT my friend.
>
> TIA

Following the instructions on this site should help you:
http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller

--
norm

 

[PA Bear [MS MVP]]

There is a very good chance that you are seeing the effects of a hijackware
infection!

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via the Consumer Security Support home page:
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now post the requested information (logs, etc.) in your own, new thread
in one (only) of the following recommended forums for assistance by an
expert in such matters. DO NOT SKIP THIS STEP!!

• SpywareHammer: Malware Removal
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0

• Spyware Warrior: Help with spyware removal
http://www.spywarewarrior.com/viewforum.php?f=5,

• DSL Reports: Security Cleanup
http://www.dslreports.com/forum/cleanup

• Bluetack: Malware Removal
http://www.bluetack.co.uk/forums/index.php?showforum=172

• AumHa: Malware Removal
http://aumha.net/viewforum.php?f=30

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

Doum wrote:
> Sorry, I'm aware it's not exactly the right group but if you can guide me
> in the right direction.
>
> When I do a search in Google and I click on a result, I'm redirected to
> all
> sort of pages that have nothing to do with my search.
>
> I did a scan with ZoneAlarm Security suite, SuperAntispyware Pro and
> Malwarebytes. Malwarebytes found one infected file and remove it but it
> wasn't related with the Google problem.
>
> Any idea.
>
> This time, Google is NOT my friend.
>
> TIA

 

[Greg Russell]

"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
news:#ML23FLNLHA.4120@TK2MSFTNGP02.phx.gbl...

> A Repair Install will NOT help!

A Kaspersky bootable Rescue CD will.

 

[Paul]

Greg Russell wrote:
> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
> news:#ML23FLNLHA.4120@TK2MSFTNGP02.phx.gbl...
>
>> A Repair Install will NOT help!
>
> A Kaspersky bootable Rescue CD will.
>

http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk10/

22 Jul 2010 13:47:12 202678272 kav_rescue_10.iso

Paul

 

[John Hacker]

Just ignore the previous message from a muppet. You will waist a lot of
time scanning your site using all that software given in the links. You
will be wise doing a clean install and start from scratch because within
an hour you will be up and running again completely clean of all viruses
and garbage planted by Microsoft.

Hope this helps.


On 05/08/2010 16:16, PA Bear [MS MVP] wrote:
> There is a very good chance that you are seeing the effects of a
> hijackware infection!
>
> NB: If you had no anti-virus application installed or the subscription
> had expired *when the machine first got infected* and/or your
> subscription has since expired and/or the machine's not been kept
> fully-patched at Windows Update, don't waste your time with any of the
> below: Format & reinstall Windows. A Repair Install will NOT help!
>
> Microsoft PCSafety provides home users (only) with no-charge support in
> dealing with malware infections such as viruses, spyware (including
> unwanted software), and adware.
> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>
> Also available via the Consumer Security Support home page:
> https://consumersecuritysupport.microsoft.com/
>
> Otherwise...
>
> 1. See if you can download/run the MSRT manually:
> http://www.microsoft.com/security/malwareremove/default.mspx
>
> NB: Run the FULL scan, not the QUICK scan! You may need to download the
> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
> machine and rename it to SCAN.EXE before running it.
>
> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
> (only!) in Safe Mode with Networking, if need be:
> http://onecare.live.com/site/en-us/center/howsafe.htm
>
> 2b. Vista or Win7=> Run this scan instead:
> http://onecare.live.com/site/en-us/center/whatsnew.htm
>
> 3. Now post the requested information (logs, etc.) in your own, new
> thread in one (only) of the following recommended forums for assistance
> by an expert in such matters. DO NOT SKIP THIS STEP!!
>
> • SpywareHammer: Malware Removal
> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0
>
> • Spyware Warrior: Help with spyware removal
> http://www.spywarewarrior.com/viewforum.php?f=5,
>
> • DSL Reports: Security Cleanup
> http://www.dslreports.com/forum/cleanup
>
> • Bluetack: Malware Removal
> http://www.bluetack.co.uk/forums/index.php?showforum=172
>
> • AumHa: Malware Removal
> http://aumha.net/viewforum.php?f=30
>
> If these procedures look too complex - and there is no shame in
> admitting this isn't your cup of tea - take the machine to a local,
> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)
> computer repair shop.
>
> Doum wrote:
>> Sorry, I'm aware it's not exactly the right group but if you can guide me
>> in the right direction.
>>
>> When I do a search in Google and I click on a result, I'm redirected
>> to all
>> sort of pages that have nothing to do with my search.
>>
>> I did a scan with ZoneAlarm Security suite, SuperAntispyware Pro and
>> Malwarebytes. Malwarebytes found one infected file and remove it but it
>> wasn't related with the Google problem.
>>
>> Any idea.
>>
>> This time, Google is NOT my friend.
>>
>> TIA
>

 

[Nil]

On 05 Aug 2010, Doum <me@domain.net> wrote in
microsoft.public.windowsxp.general:

> Nil <rednoise@REMOVETHIScomcast.net> écrivait
> news:Xns9DCB57EE670B5nilch1@ 130.133.4.11:

>> Check your hosts file (usually cwindows\system32\etc\hosts).
>>
>> You may find that Google and maybe other sites are redirected to
>> another, bogus address. If so, make a backup copy of the file and
>> edit out everything other than the one line:
>>
>> 127.0.0.1 localhost
>
> Thank you for the quick reply.
>
> I tried your suggestions and rebooted but it didn't work.
>
> FWIW, my hosts file had only the above line and some comments
> lines preceeded by "#", I removed those lines but no changes in
> Google behavior.

OK, at least that eliminates one possibility.

I should have mentioned that you could have ignored any lines preceded
by "#". They're comments that don't effect the effect of the file. You
could have left them in, but it doesn't really matter.

 

[Doum]

John Hacker <John.Hacker@Microsoft.com> écrivait
newsklbMmLNLHA.4120@TK2MSFTNGP02.phx.gbl:

> Just ignore the previous message from a muppet. You will waist a lot
> of time scanning your site using all that software given in the links.
> You will be wise doing a clean install and start from scratch because
> within an hour you will be up and running again completely clean of
> all viruses and garbage planted by Microsoft.
>
> Hope this helps.
>
>

Anyway, I've been thinking about reformatting for a while now. It's been at
least 5 years since the last clean install and there has been hardware
changes on this machine (moving a high end audio interface to a newer
machine). Since a few month, OE has been slow to start but for the rest
everything has been just about OK.

That hijack is the trigger that will make me do it, but I will experiment
with regcleaner for the fun of it before doing it, I'll make my up-to-date
backup before.

Pentium4 3.0 Ghz - 2 gb RAM. Mostly internet and word processing.

 

[Peter Taylor]

On 8/5/2010 6:48 PM, Doum wrote:
> Since a few month, OE has been slow to start

How big are your .dbx files? You should seriously consider using
Thunderbird as Outlook Express is no longer supported. Thunderbird has a
calendar add on called Lightning, a very good junk filter, real time
spell check as you type and is much easier to back up and restore. You
can get it at http://www.mozilla.com/thunderbird.

--
Peter Taylor

 

[Doum]

Peter Taylor <noemailspam@please.com.invalid> écrivait news:i3eqgf$hl2$1
@news.eternal-september.org:

> On 8/5/2010 6:48 PM, Doum wrote:
>> Since a few month, OE has been slow to start
>
> How big are your .dbx files? You should seriously consider using
> Thunderbird as Outlook Express is no longer supported. Thunderbird has a
> calendar add on called Lightning, a very good junk filter, real time
> spell check as you type and is much easier to back up and restore. You
> can get it at http://www.mozilla.com/thunderbird.
>

Is there a way to transfer the emails I want to keep from OE to Thunderbird
or T-bird understands dbx files as is?

TIA

 

[Doum]

The poster formerly known as 'The Poster Formerly Known as Nina DiBoy'
<me369@privacy.net> écrivait news:i3eev9$83n$1@speranza.aioe.org:

> Doum wrote:
>> Sorry, I'm aware it's not exactly the right group but if you can
>> guide me in the right direction.
>>
>> When I do a search in Google and I click on a result, I'm redirected
>> to all sort of pages that have nothing to do with my search.
>>
>> I did a scan with ZoneAlarm Security suite, SuperAntispyware Pro and
>> Malwarebytes. Malwarebytes found one infected file and remove it but
>> it wasn't related with the Google problem.
>>
>> Any idea.
>>
>> This time, Google is NOT my friend.
>>
>> TIA
>
> I bet you are using IE. This browser hijack likely has nothing to do
> with google. Have you tried Spybot yet? Also clear out your temp
> internet folders and jars if you have java installed.

Spybot didn't fix this problem.

 

[Peter]

Doum wrote:
> Peter Taylor<noemailspam@please.com.invalid> écrivait news:i3eqgf$hl2$1
> @news.eternal-september.org:
>
>> On 8/5/2010 6:48 PM, Doum wrote:
>>> Since a few month, OE has been slow to start
>>
>> How big are your .dbx files? You should seriously consider using
>> Thunderbird as Outlook Express is no longer supported. Thunderbird has a
>> calendar add on called Lightning, a very good junk filter, real time
>> spell check as you type and is much easier to back up and restore. You
>> can get it at http://www.mozilla.com/thunderbird.
>>
>
> Is there a way to transfer the emails I want to keep from OE to Thunderbird
> or T-bird understands dbx files as is?
>
> TIA

The easy way would be to install T-Bird now and import the OE files. You
will be given that option when you first install T-Bird. Once done, go
into the Moziila Thunderbird folder under Documents and Settings/User
Name/Application Data/Thunderbird and copy everything in the folder to a
pen drive. Once you reinstall XP, install T-Bird and open it and cancel
it when it asks you to import or configure an email or news account.
Copy what you have on the pen drive and paste it into the Thunderbird
folder under Documents and Settings/User Name/Application
Data/Thunderbird after deleting what the new install of T-Bird created
when you opened it and your T-Bird will be exactly the way it was before
the XP reinstall, including passwords Look around in the preferences
and elect to use Spam Assassin for the Junk Filter. T-Bird is a bit
different than OE but it's pretty easy to make the switch. I have a
short cut to Documents and Settings/User Name/Application
Data/Thunderbird on my desktop so I can easily back it up every day.

For a more detailed explanation, see:

http://kb.mozillazine.org/Import_from_Outlook_Express

You'll find some other useful links for using T-Bird at the above link
as well.

--
Peter

 

[Doum]

Peter <nospaming@nospamed.com.invalid> écrivait
news:i3et8q$5ns$1@speranza.aioe.org:

> Doum wrote:
>> Peter Taylor<noemailspam@please.com.invalid> écrivait
>> news:i3eqgf$hl2$1 @news.eternal-september.org:
>>
>>> On 8/5/2010 6:48 PM, Doum wrote:
>>>> Since a few month, OE has been slow to start
>>>
>>> How big are your .dbx files? You should seriously consider using
>>> Thunderbird as Outlook Express is no longer supported. Thunderbird
>>> has a calendar add on called Lightning, a very good junk filter,
>>> real time spell check as you type and is much easier to back up and
>>> restore. You can get it at http://www.mozilla.com/thunderbird.
>>>
>>
>> Is there a way to transfer the emails I want to keep from OE to
>> Thunderbird or T-bird understands dbx files as is?
>>
>> TIA
>
> The easy way would be to install T-Bird now and import the OE files.
> You will be given that option when you first install T-Bird. Once
> done, go into the Moziila Thunderbird folder under Documents and
> Settings/User Name/Application Data/Thunderbird and copy everything in
> the folder to a pen drive. Once you reinstall XP, install T-Bird and
> open it and cancel it when it asks you to import or configure an email
> or news account. Copy what you have on the pen drive and paste it into
> the Thunderbird folder under Documents and Settings/User
> Name/Application Data/Thunderbird after deleting what the new install
> of T-Bird created when you opened it and your T-Bird will be exactly
> the way it was before the XP reinstall, including passwords Look
> around in the preferences and elect to use Spam Assassin for the Junk
> Filter. T-Bird is a bit different than OE but it's pretty easy to make
> the switch. I have a short cut to Documents and Settings/User
> Name/Application Data/Thunderbird on my desktop so I can easily back
> it up every day.
>
> For a more detailed explanation, see:
>
> http://kb.mozillazine.org/Import_from_Outlook_Express
>
> You'll find some other useful links for using T-Bird at the above link
> as well.
>

TY

 

[Peter Taylor]

On 8/5/2010 8:02 PM, Doum wrote:
> Peter<nospaming@nospamed.com.invalid> écrivait
> news:i3et8q$5ns$1@speranza.aioe.org:
>
>> Doum wrote:
>>> Peter Taylor<noemailspam@please.com.invalid> écrivait
>>> news:i3eqgf$hl2$1 @news.eternal-september.org:
>>>
>>>> On 8/5/2010 6:48 PM, Doum wrote:
>>>>> Since a few month, OE has been slow to start
>>>>
>>>> How big are your .dbx files? You should seriously consider using
>>>> Thunderbird as Outlook Express is no longer supported. Thunderbird
>>>> has a calendar add on called Lightning, a very good junk filter,
>>>> real time spell check as you type and is much easier to back up and
>>>> restore. You can get it at http://www.mozilla.com/thunderbird.
>>>>
>>>
>>> Is there a way to transfer the emails I want to keep from OE to
>>> Thunderbird or T-bird understands dbx files as is?
>>>
>>> TIA
>>
>> The easy way would be to install T-Bird now and import the OE files.
>> You will be given that option when you first install T-Bird. Once
>> done, go into the Moziila Thunderbird folder under Documents and
>> Settings/User Name/Application Data/Thunderbird and copy everything in
>> the folder to a pen drive. Once you reinstall XP, install T-Bird and
>> open it and cancel it when it asks you to import or configure an email
>> or news account. Copy what you have on the pen drive and paste it into
>> the Thunderbird folder under Documents and Settings/User
>> Name/Application Data/Thunderbird after deleting what the new install
>> of T-Bird created when you opened it and your T-Bird will be exactly
>> the way it was before the XP reinstall, including passwords Look
>> around in the preferences and elect to use Spam Assassin for the Junk
>> Filter. T-Bird is a bit different than OE but it's pretty easy to make
>> the switch. I have a short cut to Documents and Settings/User
>> Name/Application Data/Thunderbird on my desktop so I can easily back
>> it up every day.
>>
>> For a more detailed explanation, see:
>>
>> http://kb.mozillazine.org/Import_from_Outlook_Express
>>
>> You'll find some other useful links for using T-Bird at the above link
>> as well.
>>
>
> TY

YW

--
Peter Taylor

 

[Paul]

John Hacker wrote:
> Just ignore the previous message from a muppet. You will waist a lot of
> time scanning your site using all that software given in the links. You
> will be wise doing a clean install and start from scratch because within
> an hour you will be up and running again completely clean of all viruses
> and garbage planted by Microsoft.
>
> Hope this helps.
>

But the scan will tell you what it was.

And then you can reinstall.

If you know what it was, maybe you can figure out where it
came from, or how you got it. And avoid getting it again ?

Paul

 

[Twayne]

In news:XnF9DCB60FE555Fdoumdomainnet@207.46.248.16,
Doum <me@domain.net> typed:
> Nil <rednoise@REMOVETHIScomcast.net> icrivait
> news:Xns9DCB57EE670B5nilch1@ 130.133.4.11:
>
>> On 05 Aug 2010, Doum <me@domain.net> wrote in
>> microsoft.public.windowsxp.general:
>>
>>> When I do a search in Google and I click on a result, I'm
>>> redirected to all sort of pages that have nothing to do
>>> with my search.
>>>
>>> I did a scan with ZoneAlarm Security suite,
>>> SuperAntispyware Pro and Malwarebytes. Malwarebytes found
>>> one infected file and remove it but it wasn't related
>>> with the Google problem.
>>
>> Check your hosts file (usually
>> cwindows\system32\etc\hosts).
>>
>> You may find that Google and maybe other sites are
>> redirected to another, bogus address. If so, make a backup
>> copy of the file and edit out everything other than the
>> one line:
>>
>> 127.0.0.1 localhost

For those who used downloaded, large hosts files, you'll also find a LOT of
Google addresses you should leave in the hosts file; there is everything
from lookalikes to very similar names to outright obvious redirects that are
purposely in the hosts file to prevent just that sort of thing. Without
scrutinizing any entry you remove, you might remove a black-hat/malicious
site that seems to be but really isn't Google.
AFAIK MS has the highest number of Google addresses in its downloadable
data base (others not so many). My sister had lost contact to her art
newsgroups she's used for years last summer and I finally found them in her
new hosts file she'd just installed from MS. Once I got it straightened out
and the corrected entries put into her hosts, all was fine. It was more a
typo than anything else: The builders of the list were a little too
inclusive in picking out the bad guys. I notified them but have no idea
whether they took action or not.

HTH,

Twayne`

>
> Thank you for the quick reply.
>
> I tried your suggestions and rebooted but it didn't work.
>
> FWIW, my hosts file had only the above line and some
> comments lines preceeded by "#", I removed those lines but
> no changes in Google behavior.