Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Firefox-Google redirects??

Posted on 2009-07-06
23
Medium Priority
?
774 Views
Last Modified: 2013-12-09
I've got a strange problem.  I downloaded the new Firefox 3.5 and occaisionally when I search something om Google and then click on one of the results I'm redirected to some other search type results.  See below for an example:

Did search on Google for Print Shop, then click on link for Broderbund it provided but went to here:
http://www.toseeka.com/search.php?q=print_shop

Did search for Fedex, clicked on fedex.com/printonline link , but it went here:
http://www.x-xn.com/f/search.php?q=#KEYWORD#

These are just some examples, there's been more instances.  It will also just start to work normal again and direct me to the proper sites.  Seems intermittent, but ?????
I ran Super AntiSpyware Professional, no problems.
I ran HiJack This and I attached the log file, but I see no problems causing this on the log.
Is this a Firefox bug?

Let me know what you find out.  Thanks.

hijackthis.log
0
Comment
Question by:ArtG2521
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 9
  • 4
23 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24784689
Does it only happens in Firefox and not IE?
Have you also tried scanning with MalwareBytes?
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php


OR: use GooredFix.
Please download GooredFix and save it to your Desktop.
http://www.geekstogo.com/forum/redirect.php?url=http%3A%2F%2Fjpshortstuff.247fixes.com%2FGooredFix.exe

Double-click GooredFix.exe on your Desktop to run it.
Select "2. Fix Goored" by typing 2 and pressing Enter.
Make sure all instances of Firefox are closed at this point.

Type y at the prompt and press Enter again.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system.

Please also allow any registry changes that may be prompted by any of your security programs.
0
 
LVL 11

Expert Comment

by:techzter
ID: 24784710
It certainly sounds like some malware is on the machine.

Try posting you HighJack This log into the following site. I have found that it works fairly well.
http://www.hijackthis.de/


Also I have found MalwareBytes to be a really good software for finding these type of intrusions.
0
 
LVL 11

Expert Comment

by:techzter
ID: 24784719
Sorry rpggamergirl for the duplicate information regarding Malwarebytes. I was typing while you posted.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24784720
I have Firefox 3.0.11 and it's okay.

How about when you click the back button and then clicking on the exact same search result for a second time, does it take you to the right location?

Check also if this is only happening on the first page of the search results.
0
 

Author Comment

by:ArtG2521
ID: 24784873
I had Firefox 3.0.11 before and it was fine too.  It seems to be intermittent as sometimes it will direct fine.  This only seems to happen with Google search results and nothing else.  I will try some of the things you recommend later as I must be leaving on appointments now.  I will post the results sometime today.  
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24785205
No not a bug by the looks.
I installed Firefox 3.5...I then googled "Print_shop" then clicked on the Broderbund link and it took me to the right place(below).

http://www.broderbund.com/store/broder/DisplayHomePage 
0
 
LVL 11

Assisted Solution

by:techzter
techzter earned 400 total points
ID: 24785242
I noticed that you had attached your HJT log. I ran it through the log analyzer and nothing showed up as suspicious.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24785277
I also googled "Fedex" and the first link "FedEx Australia" took me to the link below:
http://fedex.com/au/

The second search result link took me to the one below:
http://fedex.com/

So it looks like it's your pc that has the problem


@ techzter:
it's okay, it happens, :)

0
 

Author Comment

by:ArtG2521
ID: 24790920
Ok, here is the log created by GooredFix.  I did not run MalwareBytes.  I will be out of town tomorrow and I may or may not see you comments until late Tuesday or early Wednesday.


GooredFix by jpshortstuff (03.07.09)
Log created at 21:53 on 06/07/2009 (Art)
Firefox version 3.5 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:56 27/04/2007]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [00:43 08/06/2007]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [13:16 22/07/2007]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [10:59 10/10/2007]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [11:44 10/03/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [12:47 13/07/2008]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [13:25 30/11/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [01:13 18/12/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [10:35 02/04/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [10:49 11/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"FFToolbar@bitdefender.com"="C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\" [22:31 18/02/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [13:25 30/11/2008]

-=E.O.F=-
0
 

Author Comment

by:ArtG2521
ID: 24790983
This is getting ridiculous.  Every link I click on in every search I do on Google redirects me to all kinds of various web pages.  Like:

http://www.couponmountain.com/search.php?searchText=runofcategorydirectoriesresources
www.yahoo.com
www.msn.com
http://www.toseeka.com/search.php?q=The+Grapes+Of+Wrath

Sometimes I see it redirect to a couple of different sites rapidly changing in the address bar and then it settles on one.  Almost like a slot machine.  I really hope I do not have to wipe my whole system because of this.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24791036
Run MalwareBytes or even better run Combofix and show us the logfile. It's important that see look at the log.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run re-download but rename before saving to your desktop)

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 

If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix 
 
0
 

Author Comment

by:ArtG2521
ID: 24791370
I ran MalwareBytes, it found 2 items, it got rid of them and it did nothing to solve the problem.  It's still as bad or worse than ever.

I tried IE7 and this is even weirder. If I use Google to search for anything (like I did with Firefox) then I click on any link, it CRASHES IE7 and it has to close.  If I just browse sites by typing them into the address bar, no problem (same as in Firefox).  What ever this is it only seems to affect Google.

I just searched on "Google redirect virus" on another computer and found this:

www.geekstogo.com/forum/how-to-remove-google-redirect-virus-t243398.html

Apparently it's something new?  There is a whole process to remove it.  Check it out.  Unfortunately,
I have to attend to this when I get back it town on Wednesday.  Let me know what else you find out, and if this is true as it seems to be, TELL EVERYONE.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24791764
There are so many nasties that hijack search engines and TDSS*, UAC*, GAO* rootkits, Trojan:Win32/Daonol, Trojan.JSRedir, Zlob.DNS.Changer are just a few of them.
Combofix will already remove all the above-mentioned ones and if there are new that are not in its databse we can remove it using its script function(if they show up in the log) that's why it's important that we see the log.
0
 

Author Comment

by:ArtG2521
ID: 24793155
Ran ComboFix.  Everything seems just fine now.  It seems to have worked.  I must go now asap. I'll be back by tomorrow morning (Wednesday).  Post any other comments or things I should do and I will see it soon.  Perhaps by then we can close this out.
0
 
LVL 11

Expert Comment

by:techzter
ID: 24793476
Glad to hear it. Thanks for the tip on ComboFix. That is a software that I had not heard of before. I will have to check it out.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24793774
If you could attach the Combofix log that would be nice.
If the Combofix log shows clean and the pc is running fine, then you can uninstall Combofix... we'll post Combofix uninstall command then.

@ techzter:

Where have you been :).. Combofix is the number one anti-malware tool and every anti-spyware forums use it. Thanks to sUBs for developing it and making it free.
0
 

Author Comment

by:ArtG2521
ID: 24799502
Got back early.  Here 's the ComboFix log.  See attached.
0
 

Author Comment

by:ArtG2521
ID: 24799508
Oops here it is.
Combo-fix-7-7-09-log.txt
0
 

Author Comment

by:ArtG2521
ID: 24810072
Did you see the log?  How do I uninstall ComboFix?  I saw some info that said ComboFix when run finishes and then is gone.  Is that right?
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 1600 total points
ID: 24810230
I am terribly sorry. I must've missed the alerts.
Thank you for posting again. I don't see any obvious malicious entries in the log.

<<<"I saw some info that said ComboFix when run finishes and then is gone.  Is that right?">>>

No that is not right.

If the pc is running fine, yes you can uninstall Combofix.
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:

ComboFix /u

Again I'm so sorry for the much delayed reply.
0
 

Author Comment

by:ArtG2521
ID: 24843216
Sorry everyone, I forgot to close out the question.  I will do so now and award points.
0
 

Author Closing Comment

by:ArtG2521
ID: 31600129
You guys and girls are the best!
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24845373
Thanks!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question