Solved

URL forwarding in browser, svchost being accessed

Posted on 2010-08-21
3
368 Views
Last Modified: 2013-12-06
When I go to Google.com and click one of the search results, it forwards me to a different page than what I clicked. And when I use the Google search box in Firefox, it forwards me to a fake Google page that is just a bunch of advertisments.

Every once in a while, ad-aware blocks svchost.exe from accessing a malicious website. This is the URL of the website that is being blocked by ad-aware in the svchost.exe process, and also when I click a link on the Google search results: 66.230.188.67

Here's the hijackthis.log: http://www.mydatadump.com/hijackthis.log
0
Comment
Question by:gmk1212
  • 2
3 Comments
 
LVL 12

Assisted Solution

by:geowrian
geowrian earned 333 total points
ID: 33494191
Please try the following guide. It could be any number of malware items doing this, but I've seen the ones noted in this guide as being pretty common for what you are seeing. Make sure to try each item - the wording implies multiples solutions, but they are really each a solution to different causes.

http://www.review-buddy.com/spyware-removers/how-to-remove-google-redirect-virus.html

0
 
LVL 12

Accepted Solution

by:
geowrian earned 333 total points
ID: 33494198
I did see a number of bad items in your HT log:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [kwnlidlb] C:\Documents and Settings\gk\Local Settings\Application Data\mfmydbpfu\snmxrwhshdw.exe
O4 - HKLM\..\Run: [vshnfswb] C:\Documents and Settings\gk\Local Settings\Application Data\fhvwemqrf\sdcfdoqshdw.exe
O4 - HKLM\..\Run: [Qwimoru] rundll32.exe "C:\WINDOWS\etokivegohekeva.dll",Startup
O4 - HKCU\..\Run: [kwnlidlb] C:\Documents and Settings\gk\Local Settings\Application Data\mfmydbpfu\snmxrwhshdw.exe
O4 - HKCU\..\Run: [Fkeru] rundll32.exe "C:\WINDOWS\welu16.dll",Startup
O4 - HKCU\..\Run: [vshnfswb] C:\Documents and Settings\gk\Local Settings\Application Data\fhvwemqrf\sdcfdoqshdw.exe

(maybe?) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

0
 
LVL 22

Assisted Solution

by:optoma
optoma earned 167 total points
ID: 33494254
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now