Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

URL forwarding in browser, svchost being accessed

Posted on 2010-08-21
3
Medium Priority
?
379 Views
Last Modified: 2013-12-06
When I go to Google.com and click one of the search results, it forwards me to a different page than what I clicked. And when I use the Google search box in Firefox, it forwards me to a fake Google page that is just a bunch of advertisments.

Every once in a while, ad-aware blocks svchost.exe from accessing a malicious website. This is the URL of the website that is being blocked by ad-aware in the svchost.exe process, and also when I click a link on the Google search results: 66.230.188.67

Here's the hijackthis.log: http://www.mydatadump.com/hijackthis.log
0
Comment
Question by:gmk1212
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 12

Assisted Solution

by:geowrian
geowrian earned 1332 total points
ID: 33494191
Please try the following guide. It could be any number of malware items doing this, but I've seen the ones noted in this guide as being pretty common for what you are seeing. Make sure to try each item - the wording implies multiples solutions, but they are really each a solution to different causes.

http://www.review-buddy.com/spyware-removers/how-to-remove-google-redirect-virus.html

0
 
LVL 12

Accepted Solution

by:
geowrian earned 1332 total points
ID: 33494198
I did see a number of bad items in your HT log:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [kwnlidlb] C:\Documents and Settings\gk\Local Settings\Application Data\mfmydbpfu\snmxrwhshdw.exe
O4 - HKLM\..\Run: [vshnfswb] C:\Documents and Settings\gk\Local Settings\Application Data\fhvwemqrf\sdcfdoqshdw.exe
O4 - HKLM\..\Run: [Qwimoru] rundll32.exe "C:\WINDOWS\etokivegohekeva.dll",Startup
O4 - HKCU\..\Run: [kwnlidlb] C:\Documents and Settings\gk\Local Settings\Application Data\mfmydbpfu\snmxrwhshdw.exe
O4 - HKCU\..\Run: [Fkeru] rundll32.exe "C:\WINDOWS\welu16.dll",Startup
O4 - HKCU\..\Run: [vshnfswb] C:\Documents and Settings\gk\Local Settings\Application Data\fhvwemqrf\sdcfdoqshdw.exe

(maybe?) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

0
 
LVL 22

Assisted Solution

by:optoma
optoma earned 668 total points
ID: 33494254
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question