Solved

Internet explorer and Firefox being redirected when trying to open from a search page

Posted on 2009-07-14
12
602 Views
Last Modified: 2012-05-07
Small problem that is bugging me. Using IE or Firefox I am unable to open any links from a google search. It shows a small box at the top middle saying "one moment please" then displayes options to open other websites. I can do a google search but am redirected when I try to click on anything. I also can not access either Google.com or google.ca. It simply will not open the web page. It is simply blank. THis is windows XP pro SP3 using IE 7 with all updates. Antivirus is Avast home and spybot installed. I have attached the log file of hijackthis if it helps. Thanks for your help.
hijackthis.log
0
Comment
Question by:robsky1
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 24849836
Could be one of three things (if the machine is not compromised):

1) you have a proxy configured in the browser
2) your http traffic is being diverted
3) the DNS servers are handing you addresses for domains in which they are not authoritative

When you do a dig/host/nslookup of www.google.com (the IPs are the same as www.google.ca), do you see:

www.google.com is an alias for www.l.google.com.
www.l.google.com has address 66.102.1.104
www.l.google.com has address 66.102.1.147
www.l.google.com has address 66.102.1.99
www.l.google.com has address 66.102.1.103
0
 

Author Comment

by:robsky1
ID: 24850960
Hi Jesper
I checked and the proxy is not configured in the browser. for sure my traffic is being diverted. When I do an nslookup for google I come up with a range between 74.125.95.99 to 74.125.95.103-.104 -.105 - .106 - .147. These are true google IP addresses. When I do a "whois" search for the ip addresses in the hijackthis log file (89.149.210.106) it points me to a company in Amsterdam that points to someone in Poland.
0
 
LVL 6

Expert Comment

by:bobohost
ID: 24851113
Yeah sounds like you have some stuff on your system.  Start by running Malwarebytes

http://www.malwarebytes.org/

Very good program to clean our your system.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 24851136
What anti-virus software are you running (other than hijackthis)?

And, have you tried changing your DNS server IP to another completely off net (OpenDNS offers free service ->  208.67.222.222)?  This would help determine if your local machine is the problem or your DNS server.

Are you using Google Chrome?
0
 

Author Comment

by:robsky1
ID: 24851232
Hi Bobohost
I already tried malwarebytes and was suprised that it did not fix/find the problem. It's the first time itfailed me.
Jesper
I'm using Avast home edition. I'll look into openDNS and let you know but as I'm getting a message telling me in the broser that the request is being prossed, I'm pretty sure that's a local issue. Google chrome was installed and has since been removed.
0
 
LVL 6

Expert Comment

by:bobohost
ID: 24851379
Do you have a hijackthis log for this system?  Have you tired running ComboFix?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:robsky1
ID: 24852280
Hi Bobohost
If you look at the attachments to this post, you will see the text file from Hijackthis. I have looked into combofix and it seems to have issues with it when installed/run. I'll consider it as a last resort but would REALLY like to know what i'm being hijacked by.
0
 
LVL 6

Expert Comment

by:bobohost
ID: 24852381
Ok let me review the log and see what I find.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 24855604
Fix these entries in Hijackthis:
O2 - BHO: ALOT Toolbar BHO - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)  
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O1 - Hosts: 89.149.210.106 www.google.com
O1 - Hosts: 89.149.210.106 www.google.de
O1 - Hosts: 89.149.210.106 www.google.fr
O1 - Hosts: 89.149.210.106 www.google.co.uk
O1 - Hosts: 89.149.210.106 www.google.com.br
O1 - Hosts: 89.149.210.106 www.google.it
O1 - Hosts: 89.149.210.106 www.google.es
O1 - Hosts: 89.149.210.106 www.google.co.jp
O1 - Hosts: 89.149.210.106 www.google.com.mx
O1 - Hosts: 89.149.210.106 www.google.ca
O1 - Hosts: 89.149.210.106 www.google.com.au
O1 - Hosts: 89.149.210.106 www.google.nl
O1 - Hosts: 89.149.210.106 www.google.co.za
O1 - Hosts: 89.149.210.106 www.google.be
O1 - Hosts: 89.149.210.106 www.google.gr
O1 - Hosts: 89.149.210.106 www.google.at
O1 - Hosts: 89.149.210.106 www.google.se
O1 - Hosts: 89.149.210.106 www.google.ch
O1 - Hosts: 89.149.210.106 www.google.pt
O1 - Hosts: 89.149.210.106 www.google.dk
O1 - Hosts: 89.149.210.106 www.google.fi
O1 - Hosts: 89.149.210.106 www.google.ie
O1 - Hosts: 89.149.210.106 www.google.no
O1 - Hosts: 89.149.210.106 search.yahoo.com
O1 - Hosts: 89.149.210.106 us.search.yahoo.com
O1 - Hosts: 89.149.210.106 uk.search.yahoo.com



And here's the Combofix canned as has been suggested. We need to see the log also.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run re-download but rename before saving to your desktop)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..


Note:Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


0
 
LVL 6

Expert Comment

by:bobohost
ID: 24860698
Also I would recommend using the latest version of HiJackThis which you can download here

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
0
 

Author Closing Comment

by:robsky1
ID: 31603264
hi rpqqamergirl
That did it! by removing the registry entries it resolved the problem. I would have split the points with bobohost except the suggestion to use combofix did not find anything. Sorry bobohost. thank you aginn and also to everyone who tried to help.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24869551
Glad to know it's now resolved.

Next time you used Hijackthis download the latest version as already suggested.

TrendSecure site Hijackthis download:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Thanks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Botnet C&C DNS response Malicious Traffic 28 196
suspending the anti virus 6 114
Zeus black pop up screen virus 7 64
how can I resolve popup issues with Microsoft Edge? 9 78
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Read about achieving the basic levels of HRIS security in the workplace.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now