Solved

Firefox-Google redirects??

Posted on 2009-07-06
23
735 Views
Last Modified: 2013-12-09
I've got a strange problem.  I downloaded the new Firefox 3.5 and occaisionally when I search something om Google and then click on one of the results I'm redirected to some other search type results.  See below for an example:

Did search on Google for Print Shop, then click on link for Broderbund it provided but went to here:
http://www.toseeka.com/search.php?q=print_shop

Did search for Fedex, clicked on fedex.com/printonline link , but it went here:
http://www.x-xn.com/f/search.php?q=#KEYWORD#

These are just some examples, there's been more instances.  It will also just start to work normal again and direct me to the proper sites.  Seems intermittent, but ?????
I ran Super AntiSpyware Professional, no problems.
I ran HiJack This and I attached the log file, but I see no problems causing this on the log.
Is this a Firefox bug?

Let me know what you find out.  Thanks.

hijackthis.log
0
Comment
Question by:ArtG2521
  • 10
  • 9
  • 4
23 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
Does it only happens in Firefox and not IE?
Have you also tried scanning with MalwareBytes?
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php


OR: use GooredFix.
Please download GooredFix and save it to your Desktop.
http://www.geekstogo.com/forum/redirect.php?url=http%3A%2F%2Fjpshortstuff.247fixes.com%2FGooredFix.exe

Double-click GooredFix.exe on your Desktop to run it.
Select "2. Fix Goored" by typing 2 and pressing Enter.
Make sure all instances of Firefox are closed at this point.

Type y at the prompt and press Enter again.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system.

Please also allow any registry changes that may be prompted by any of your security programs.
0
 
LVL 11

Expert Comment

by:techzter
Comment Utility
It certainly sounds like some malware is on the machine.

Try posting you HighJack This log into the following site. I have found that it works fairly well.
http://www.hijackthis.de/


Also I have found MalwareBytes to be a really good software for finding these type of intrusions.
0
 
LVL 11

Expert Comment

by:techzter
Comment Utility
Sorry rpggamergirl for the duplicate information regarding Malwarebytes. I was typing while you posted.
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
I have Firefox 3.0.11 and it's okay.

How about when you click the back button and then clicking on the exact same search result for a second time, does it take you to the right location?

Check also if this is only happening on the first page of the search results.
0
 

Author Comment

by:ArtG2521
Comment Utility
I had Firefox 3.0.11 before and it was fine too.  It seems to be intermittent as sometimes it will direct fine.  This only seems to happen with Google search results and nothing else.  I will try some of the things you recommend later as I must be leaving on appointments now.  I will post the results sometime today.  
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
No not a bug by the looks.
I installed Firefox 3.5...I then googled "Print_shop" then clicked on the Broderbund link and it took me to the right place(below).

http://www.broderbund.com/store/broder/DisplayHomePage
0
 
LVL 11

Assisted Solution

by:techzter
techzter earned 100 total points
Comment Utility
I noticed that you had attached your HJT log. I ran it through the log analyzer and nothing showed up as suspicious.
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
I also googled "Fedex" and the first link "FedEx Australia" took me to the link below:
http://fedex.com/au/

The second search result link took me to the one below:
http://fedex.com/

So it looks like it's your pc that has the problem


@ techzter:
it's okay, it happens, :)

0
 

Author Comment

by:ArtG2521
Comment Utility
Ok, here is the log created by GooredFix.  I did not run MalwareBytes.  I will be out of town tomorrow and I may or may not see you comments until late Tuesday or early Wednesday.


GooredFix by jpshortstuff (03.07.09)
Log created at 21:53 on 06/07/2009 (Art)
Firefox version 3.5 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:56 27/04/2007]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [00:43 08/06/2007]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [13:16 22/07/2007]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [10:59 10/10/2007]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [11:44 10/03/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [12:47 13/07/2008]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [13:25 30/11/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [01:13 18/12/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [10:35 02/04/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [10:49 11/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"FFToolbar@bitdefender.com"="C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\" [22:31 18/02/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [13:25 30/11/2008]

-=E.O.F=-
0
 

Author Comment

by:ArtG2521
Comment Utility
This is getting ridiculous.  Every link I click on in every search I do on Google redirects me to all kinds of various web pages.  Like:

http://www.couponmountain.com/search.php?searchText=runofcategorydirectoriesresources
www.yahoo.com
www.msn.com
http://www.toseeka.com/search.php?q=The+Grapes+Of+Wrath

Sometimes I see it redirect to a couple of different sites rapidly changing in the address bar and then it settles on one.  Almost like a slot machine.  I really hope I do not have to wipe my whole system because of this.
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
Run MalwareBytes or even better run Combofix and show us the logfile. It's important that see look at the log.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run re-download but rename before saving to your desktop)

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 

If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:ArtG2521
Comment Utility
I ran MalwareBytes, it found 2 items, it got rid of them and it did nothing to solve the problem.  It's still as bad or worse than ever.

I tried IE7 and this is even weirder. If I use Google to search for anything (like I did with Firefox) then I click on any link, it CRASHES IE7 and it has to close.  If I just browse sites by typing them into the address bar, no problem (same as in Firefox).  What ever this is it only seems to affect Google.

I just searched on "Google redirect virus" on another computer and found this:

www.geekstogo.com/forum/how-to-remove-google-redirect-virus-t243398.html

Apparently it's something new?  There is a whole process to remove it.  Check it out.  Unfortunately,
I have to attend to this when I get back it town on Wednesday.  Let me know what else you find out, and if this is true as it seems to be, TELL EVERYONE.
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
There are so many nasties that hijack search engines and TDSS*, UAC*, GAO* rootkits, Trojan:Win32/Daonol, Trojan.JSRedir, Zlob.DNS.Changer are just a few of them.
Combofix will already remove all the above-mentioned ones and if there are new that are not in its databse we can remove it using its script function(if they show up in the log) that's why it's important that we see the log.
0
 

Author Comment

by:ArtG2521
Comment Utility
Ran ComboFix.  Everything seems just fine now.  It seems to have worked.  I must go now asap. I'll be back by tomorrow morning (Wednesday).  Post any other comments or things I should do and I will see it soon.  Perhaps by then we can close this out.
0
 
LVL 11

Expert Comment

by:techzter
Comment Utility
Glad to hear it. Thanks for the tip on ComboFix. That is a software that I had not heard of before. I will have to check it out.
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
If you could attach the Combofix log that would be nice.
If the Combofix log shows clean and the pc is running fine, then you can uninstall Combofix... we'll post Combofix uninstall command then.

@ techzter:

Where have you been :).. Combofix is the number one anti-malware tool and every anti-spyware forums use it. Thanks to sUBs for developing it and making it free.
0
 

Author Comment

by:ArtG2521
Comment Utility
Got back early.  Here 's the ComboFix log.  See attached.
0
 

Author Comment

by:ArtG2521
Comment Utility
Oops here it is.
Combo-fix-7-7-09-log.txt
0
 

Author Comment

by:ArtG2521
Comment Utility
Did you see the log?  How do I uninstall ComboFix?  I saw some info that said ComboFix when run finishes and then is gone.  Is that right?
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 400 total points
Comment Utility
I am terribly sorry. I must've missed the alerts.
Thank you for posting again. I don't see any obvious malicious entries in the log.

<<<"I saw some info that said ComboFix when run finishes and then is gone.  Is that right?">>>

No that is not right.

If the pc is running fine, yes you can uninstall Combofix.
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:

ComboFix /u

Again I'm so sorry for the much delayed reply.
0
 

Author Comment

by:ArtG2521
Comment Utility
Sorry everyone, I forgot to close out the question.  I will do so now and award points.
0
 

Author Closing Comment

by:ArtG2521
Comment Utility
You guys and girls are the best!
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
Thanks!
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Read about why website design really matters in today's demanding market.
The viewer will learn how to dynamically set the form action using jQuery.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now