Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Internet explorer and Firefox being redirected when trying to open from a search page

Posted on 2009-07-14
12
Medium Priority
?
613 Views
Last Modified: 2012-05-07
Small problem that is bugging me. Using IE or Firefox I am unable to open any links from a google search. It shows a small box at the top middle saying "one moment please" then displayes options to open other websites. I can do a google search but am redirected when I try to click on anything. I also can not access either Google.com or google.ca. It simply will not open the web page. It is simply blank. THis is windows XP pro SP3 using IE 7 with all updates. Antivirus is Avast home and spybot installed. I have attached the log file of hijackthis if it helps. Thanks for your help.
hijackthis.log
0
Comment
Question by:robsky1
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 24849836
Could be one of three things (if the machine is not compromised):

1) you have a proxy configured in the browser
2) your http traffic is being diverted
3) the DNS servers are handing you addresses for domains in which they are not authoritative

When you do a dig/host/nslookup of www.google.com (the IPs are the same as www.google.ca), do you see:

www.google.com is an alias for www.l.google.com.
www.l.google.com has address 66.102.1.104
www.l.google.com has address 66.102.1.147
www.l.google.com has address 66.102.1.99
www.l.google.com has address 66.102.1.103
0
 

Author Comment

by:robsky1
ID: 24850960
Hi Jesper
I checked and the proxy is not configured in the browser. for sure my traffic is being diverted. When I do an nslookup for google I come up with a range between 74.125.95.99 to 74.125.95.103-.104 -.105 - .106 - .147. These are true google IP addresses. When I do a "whois" search for the ip addresses in the hijackthis log file (89.149.210.106) it points me to a company in Amsterdam that points to someone in Poland.
0
 
LVL 6

Expert Comment

by:bobohost
ID: 24851113
Yeah sounds like you have some stuff on your system.  Start by running Malwarebytes

http://www.malwarebytes.org/

Very good program to clean our your system.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Expert Comment

by:Jan Springer
ID: 24851136
What anti-virus software are you running (other than hijackthis)?

And, have you tried changing your DNS server IP to another completely off net (OpenDNS offers free service ->  208.67.222.222)?  This would help determine if your local machine is the problem or your DNS server.

Are you using Google Chrome?
0
 

Author Comment

by:robsky1
ID: 24851232
Hi Bobohost
I already tried malwarebytes and was suprised that it did not fix/find the problem. It's the first time itfailed me.
Jesper
I'm using Avast home edition. I'll look into openDNS and let you know but as I'm getting a message telling me in the broser that the request is being prossed, I'm pretty sure that's a local issue. Google chrome was installed and has since been removed.
0
 
LVL 6

Expert Comment

by:bobohost
ID: 24851379
Do you have a hijackthis log for this system?  Have you tired running ComboFix?
0
 

Author Comment

by:robsky1
ID: 24852280
Hi Bobohost
If you look at the attachments to this post, you will see the text file from Hijackthis. I have looked into combofix and it seems to have issues with it when installed/run. I'll consider it as a last resort but would REALLY like to know what i'm being hijacked by.
0
 
LVL 6

Expert Comment

by:bobohost
ID: 24852381
Ok let me review the log and see what I find.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 24855604
Fix these entries in Hijackthis:
O2 - BHO: ALOT Toolbar BHO - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)  
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O1 - Hosts: 89.149.210.106 www.google.com
O1 - Hosts: 89.149.210.106 www.google.de
O1 - Hosts: 89.149.210.106 www.google.fr
O1 - Hosts: 89.149.210.106 www.google.co.uk
O1 - Hosts: 89.149.210.106 www.google.com.br
O1 - Hosts: 89.149.210.106 www.google.it
O1 - Hosts: 89.149.210.106 www.google.es
O1 - Hosts: 89.149.210.106 www.google.co.jp
O1 - Hosts: 89.149.210.106 www.google.com.mx
O1 - Hosts: 89.149.210.106 www.google.ca
O1 - Hosts: 89.149.210.106 www.google.com.au
O1 - Hosts: 89.149.210.106 www.google.nl
O1 - Hosts: 89.149.210.106 www.google.co.za
O1 - Hosts: 89.149.210.106 www.google.be
O1 - Hosts: 89.149.210.106 www.google.gr
O1 - Hosts: 89.149.210.106 www.google.at
O1 - Hosts: 89.149.210.106 www.google.se
O1 - Hosts: 89.149.210.106 www.google.ch
O1 - Hosts: 89.149.210.106 www.google.pt
O1 - Hosts: 89.149.210.106 www.google.dk
O1 - Hosts: 89.149.210.106 www.google.fi
O1 - Hosts: 89.149.210.106 www.google.ie
O1 - Hosts: 89.149.210.106 www.google.no
O1 - Hosts: 89.149.210.106 search.yahoo.com
O1 - Hosts: 89.149.210.106 us.search.yahoo.com
O1 - Hosts: 89.149.210.106 uk.search.yahoo.com



And here's the Combofix canned as has been suggested. We need to see the log also.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run re-download but rename before saving to your desktop)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..


Note:Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


0
 
LVL 6

Expert Comment

by:bobohost
ID: 24860698
Also I would recommend using the latest version of HiJackThis which you can download here

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
0
 

Author Closing Comment

by:robsky1
ID: 31603264
hi rpqqamergirl
That did it! by removing the registry entries it resolved the problem. I would have split the points with bobohost except the suggestion to use combofix did not find anything. Sorry bobohost. thank you aginn and also to everyone who tried to help.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24869551
Glad to know it's now resolved.

Next time you used Hijackthis download the latest version as already suggested.

TrendSecure site Hijackthis download:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Thanks!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question