Solved

Internet explorer Redirector

Posted on 2011-03-09
23
1,112 Views
Last Modified: 2012-05-11
Within internet explorer, when searching on google, yahoo, bing...etc. After the search list comes up and I click on an result, it is redirecting to various add sites. Nothing is coming up on the virus scans. I have ran multiple spyware/malware scanners and nothing is coming up (hitmanpro,spybot, &malwarebytes). Is there anything else I can do to remove this without reinstalling the operating system?

0
Comment
Question by:jnewburn
  • 12
  • 5
  • 2
  • +4
23 Comments
 
LVL 3

Expert Comment

by:CarlsbergFTW
ID: 35083212
fist try un-installing any toolbars,addons that you believe are not supposed to be there , and maybe reinstall IE or try using firefox and test if this also happens when using other prowser.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35083222
For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
The user can then post the log to be analyzed.

Let us know the results and we can take the next steps.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 35083223
Have you tried resetting internet explorer and deleting all cooking and temporary internet files? Also, try deleting all temp files from your system.

You can also download hijackthis which is a free tool and then run this tool and examine the output. You can download hijackthis from the internet.

Also, check the hosts file on your system c:\windows\system32\drivers\etc\hosts
and see if this has been edited in any way.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35083243
After running TDSSKiller, you may need to use a couple more common tools. Please note the "Save As" instructions for Malwarebytes - it can be critical to download it with a random name that malware won't recognize.


Download, install, and run
CCleaner (www.ccleaner.com)
Doing this will clean out all of the Temp/Junk files from your browser.

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)
When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.
The instructions are included right in that link.

When finished with MBAM, post the log that is generated and let us look at it for you.

IF NEEDED, we may ask you do download ComboFix (using the same "Save As" process).
0
 
LVL 4

Expert Comment

by:WhiteSeed
ID: 35083254
i think you can a malware
-When you use your browser to view Web sites, other instances of your browser open to display Web site advertisements
use the official microsoft tutorial:
http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/how-to-get-rid-of-malware/ba80504b-61f1-4d71-960f-b561798b7b42
 
0
 
LVL 38

Expert Comment

by:younghv
ID: 35083265
@JBond2010,
If you are going to post advice in the malware Zones, you will need to quit posting generic comments and offer specifics.

Telling someone to 'reset', 'download', or 'check' has no value unless you take the time to offer some specific guidance and instruction.
0
 
LVL 5

Expert Comment

by:Iekos
ID: 35083342
You have Malware / Spyware.

Try and get (from another PC if you have to):

Malwarebytes
Spybot search and destroy

This should defo help.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35083359
@WhiteSeed,
I see that you are a brand new member, so welcome to Experts-Exchange.

Our Premium Service members pay a fee to get advice from Experts here, so you really don't want to ship them off to some other web site.

The symptoms being discussed in this question have been solved many times here, so we need to 1 - identify the malware and 2 - provide targeted advice to resolve it.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35083381
Gosh, you people are really coming out of the woodwork today.
Iekos - read the prior posts so you don't duplicate advice already given:

http://www.experts-exchange.com/help.jsp#hs=30&hi=416

"Are there guidelines for answering questions?"
Read previous posts before commenting: It is important to read the entire thread so that you know the current situation. That will keep you from posting a duplicate answer or one that has already been shown not to work. If you basically agree with another comment but have something more to add, remember to give credit for the original suggestion -- mention that Expert by name -- in your post.


0
 

Author Comment

by:jnewburn
ID: 35085446
Thanks everyone for the expediated responses. This is my first post so bear with me. To answer some of the responses...yes I have cleared the temp files, and reset IE to default settings. I have also ran the Malware bytes and spybot seak and destroy allready and have came up short.
As "younghv" suggested, I ran the tdsskiller and it found no infection (log file attached). I then ran hijackthis and at the beginning of the scan it said that hijackthis was denied access to the hosts file? It then kept going and finished (log file attached). I also ran the ccleaner and malwarebytes. Malwarebytes found no infection (log file attached).  Please review....thanks
TDSSKiller.2.4.20.0-09.03.2011-1.txt
hijackthis.log
mbam-log-2011-03-09--12-34-09-.txt
0
 
LVL 38

Expert Comment

by:younghv
ID: 35085532
HJT should be run from a folder in the root drive, not your profile:
C:\Users\admin\Desktop\HijackThis.exe

Are you running both AVG and some version of Norton/Symantec?
If so, you need to pick one and fully remove the other - details to follow, if needed.

Did you install and run CCleaner?
It is a great tool for removing all the junk/temp files that acculate.

Did you use the 'Save As' function when you downloaded MBAM?
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:jnewburn
ID: 35085707
I moved HJT to a folder in the root drive and reran. I got the same error with the host fileand then it coninued. (new log attached). I removed the norton online scanner (the laptop is using AVG).

I did run the CCleaner as well..and used the saveas function when downloading MBAM
hijackthis.log
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 35085724
Use the instructions at this site to see if you can replace the HOSTS file:
http://www.mvps.org/winhelp2002/hosts.htm
0
 
LVL 38

Expert Comment

by:younghv
ID: 35085734
Also - are you being re-directed to the same site consistently?
If so, that might give us a clue about which flavor of malware you have.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 35085788
This issue keeps coming up. Here is a recent thread showing that it could be an infected router:  http://www.experts-exchange.com/expertsZone.jsp
0
 
LVL 38

Expert Comment

by:younghv
ID: 35085842
The actual link is here:
http://www.experts-exchange.com/Q_26864096.html

@jnewburn,
Look at the "HOSTS" file displayed in that question and compare it to yours.
0
 

Author Comment

by:jnewburn
ID: 35085887
younghv,
the redirected sites vary (infomash.com,grooveswish.com,scour.com...etc). Also there is not a "hosts" file. The one listed in that directory is "lmhosts.sam". Is this the correct one?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 35085983
younghv:  ty.  I have over multitasking this morning so I simply did what I usually do and copied the address bar.   :(

0
 
LVL 38

Expert Comment

by:younghv
ID: 35086073
pony - been there np
:)

Jnewburn,
You will have to have the 'system' files set to display in Windows Explorer.
It is there:

Windows 7/Vista/XP    = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC

Have to catch a meeting - back in about an hour.
0
 

Author Comment

by:jnewburn
ID: 35088053
younghv

I compared the host file to the one mentioned in your post above and it was similiar. So I used the inormation there to reset the host file . I rebooted and the redirection is gone!   If there is anything else I need to do let me know, but if not thank-you for all your help.

0
 
LVL 38

Expert Comment

by:younghv
ID: 35088162
If you don't mind, let's look at a couple of other things before closing this out.
(Better safe than sorry.)*

1. Is this a home or work environment?
2. In either case, are you connecting to the Internet through a 'router' (NOT just a modem).
3. If you have a clean computer, go back up to Malwarebytes (link above) and download the executable again (*). Make sure you rename it (Save As) before it touches any computer to which it is being downloaded.
4. Run the install again (don't need to uninstall the old).
5. Check the "Perform Full Scan" and let it run. If any malware is found let MBAM do the repairs.

Post back and let me know.

Thanks.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35088187
Wow!
7+ years membership and this is your first question.

Cool!
0
 

Author Comment

by:jnewburn
ID: 35090063
... Yeah, first timer for the question post.  I use this site frequently it has a pretty good variety of information.

The laptop is used for both home and work and it is connecting through a router for both situations. I downloaded and installed again with the "save as" command and ran the program. Nothing found!!

I do appreciate all of your help on this... it's experts like yourself that make this site valuable.

Best Regards

0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
BSOD - MiniDump File 7 31
obsev.719 virus in win 7 pc 9 21
Malware Exploit 5 72
COPY from excel to notepad 3 32
This collection of functions covers all the normal rounding methods of just about any numeric value.
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now