• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 8378
  • Last Modified:

Clicking on Google Links redirects me to spyware sites

When i click on links in a Google search it redirects me to sites like "daytotal.com, btcar.com, etc.."

clickng the same link 2 or 3 times after clicking on the back button, eventually lets me go to the correct page, but never the first time.

I know i have some spyware or adware. i cleaned with adaware once, checked my hosts file, and cleared my cookies and internet cache, but i'm still having the same problem.

Please help.
0
mehul_kar
Asked:
mehul_kar
1 Solution
 
DavidTMooreCommented:
definately sounds like spyware to me.  What software did you use to clean your computer?  

I use spybot and have had great luck with it, you can get it here:
http://www.safer-networking.org/en/download/
0
 
mehul_karAuthor Commented:
thanks for the quick reply. i used ad-aware and it found somethings, but they should be all cleaned out now.
i'll try spybot too.
0
 
IndiGenusCommented:
It would help if we could see what was going on with your computer. I suggest that you download, run, and post a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

You can either upload the log at EE-Stuff.com or to any hosting sites,
go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to this site::
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it back here.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
mehul_karAuthor Commented:
http://rafb.net/p/zik3NH42.html

here's the link indigenus. fyi, i already ran hijackthis and checked the log on hijeckthis.de and looked over it myself. nothing looks out of the ordinary. but i hope you find something i didn't.

.
0
 
IndiGenusCommented:
You have a Wareout infection.

Run HijackThis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
 
O17 - HKLM\System\CCS\Services\Tcpip\..\{364FEFF9-0325-4528-8049-343CCF1EACD9}: NameServer = 85.255.115.18,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DDDBF9A-F4B4-43B3-82C2-B278D3738EA4}: NameServer = 85.255.115.18,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEC2511E-8F91-4C3D-B44B-B92B0590C68B}: NameServer = 85.255.115.18,85.255.112.220
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{364FEFF9-0325-4528-8049-343CCF1EACD9}: NameServer = 85.255.115.18,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.220
 
Then close all windows except this one and press Fix checked.
 
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new HijackThis log.

0
 
mehul_karAuthor Commented:
here's my fixit report:

Username "Mehul Kar" - 11/23/2007 21:31:35 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdcjz.exe"

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.
 
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdcjz.ren 72765 06/13/2007

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\System32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\System32\\igfxpers.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SkyTel"="SkyTel.EXE"
"AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Boot"="C:\\Acer\\Empowering Technology\\ePower\\Boot.exe"
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
"LXCRCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCRtime.dll,_RunDLLEntry@16"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

And here is my new hijackthis log:

http://rafb.net/p/X1Gqvx91.html
0
 
IndiGenusCommented:
Looks better...running better now? Any more redirects?
0
 
mehul_karAuthor Commented:
nope all good now. thanks a lot indigenus.
0
 
IndiGenusCommented:
Your welcome, take care.
Dave
0
 
wayne_from_walesCommented:
This solution wont work on Vista :(
0
 
esa_esa_2000Commented:
i got same problem when i tried spybot search & distroy it got it
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now