Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 8377
  • Last Modified:

Clicking on Google Links redirects me to spyware sites

When i click on links in a Google search it redirects me to sites like "daytotal.com, btcar.com, etc.."

clickng the same link 2 or 3 times after clicking on the back button, eventually lets me go to the correct page, but never the first time.

I know i have some spyware or adware. i cleaned with adaware once, checked my hosts file, and cleared my cookies and internet cache, but i'm still having the same problem.

Please help.
0
mehul_kar
Asked:
mehul_kar
1 Solution
 
DavidTMooreCommented:
definately sounds like spyware to me.  What software did you use to clean your computer?  

I use spybot and have had great luck with it, you can get it here:
http://www.safer-networking.org/en/download/
0
 
mehul_karAuthor Commented:
thanks for the quick reply. i used ad-aware and it found somethings, but they should be all cleaned out now.
i'll try spybot too.
0
 
IndiGenusCommented:
It would help if we could see what was going on with your computer. I suggest that you download, run, and post a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

You can either upload the log at EE-Stuff.com or to any hosting sites,
go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to this site::
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it back here.
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
mehul_karAuthor Commented:
http://rafb.net/p/zik3NH42.html

here's the link indigenus. fyi, i already ran hijackthis and checked the log on hijeckthis.de and looked over it myself. nothing looks out of the ordinary. but i hope you find something i didn't.

.
0
 
IndiGenusCommented:
You have a Wareout infection.

Run HijackThis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
 
O17 - HKLM\System\CCS\Services\Tcpip\..\{364FEFF9-0325-4528-8049-343CCF1EACD9}: NameServer = 85.255.115.18,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DDDBF9A-F4B4-43B3-82C2-B278D3738EA4}: NameServer = 85.255.115.18,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEC2511E-8F91-4C3D-B44B-B92B0590C68B}: NameServer = 85.255.115.18,85.255.112.220
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{364FEFF9-0325-4528-8049-343CCF1EACD9}: NameServer = 85.255.115.18,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.220
 
Then close all windows except this one and press Fix checked.
 
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new HijackThis log.

0
 
mehul_karAuthor Commented:
here's my fixit report:

Username "Mehul Kar" - 11/23/2007 21:31:35 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdcjz.exe"

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.
 
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdcjz.ren 72765 06/13/2007

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\System32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\System32\\igfxpers.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SkyTel"="SkyTel.EXE"
"AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Boot"="C:\\Acer\\Empowering Technology\\ePower\\Boot.exe"
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
"LXCRCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCRtime.dll,_RunDLLEntry@16"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

And here is my new hijackthis log:

http://rafb.net/p/X1Gqvx91.html
0
 
IndiGenusCommented:
Looks better...running better now? Any more redirects?
0
 
mehul_karAuthor Commented:
nope all good now. thanks a lot indigenus.
0
 
IndiGenusCommented:
Your welcome, take care.
Dave
0
 
wayne_from_walesCommented:
This solution wont work on Vista :(
0
 
esa_esa_2000Commented:
i got same problem when i tried spybot search & distroy it got it
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now