Solved

Internet explorer Redirector

Posted on 2011-03-09
23
1,122 Views
Last Modified: 2012-05-11
Within internet explorer, when searching on google, yahoo, bing...etc. After the search list comes up and I click on an result, it is redirecting to various add sites. Nothing is coming up on the virus scans. I have ran multiple spyware/malware scanners and nothing is coming up (hitmanpro,spybot, &malwarebytes). Is there anything else I can do to remove this without reinstalling the operating system?

0
Comment
Question by:jnewburn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 5
  • 2
  • +4
23 Comments
 
LVL 3

Expert Comment

by:CarlsbergFTW
ID: 35083212
fist try un-installing any toolbars,addons that you believe are not supposed to be there , and maybe reinstall IE or try using firefox and test if this also happens when using other prowser.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35083222
For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
The user can then post the log to be analyzed.

Let us know the results and we can take the next steps.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 35083223
Have you tried resetting internet explorer and deleting all cooking and temporary internet files? Also, try deleting all temp files from your system.

You can also download hijackthis which is a free tool and then run this tool and examine the output. You can download hijackthis from the internet.

Also, check the hosts file on your system c:\windows\system32\drivers\etc\hosts
and see if this has been edited in any way.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 38

Expert Comment

by:younghv
ID: 35083243
After running TDSSKiller, you may need to use a couple more common tools. Please note the "Save As" instructions for Malwarebytes - it can be critical to download it with a random name that malware won't recognize.


Download, install, and run
CCleaner (www.ccleaner.com)
Doing this will clean out all of the Temp/Junk files from your browser.

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)
When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.
The instructions are included right in that link.

When finished with MBAM, post the log that is generated and let us look at it for you.

IF NEEDED, we may ask you do download ComboFix (using the same "Save As" process).
0
 
LVL 4

Expert Comment

by:WhiteSeed
ID: 35083254
i think you can a malware
-When you use your browser to view Web sites, other instances of your browser open to display Web site advertisements
use the official microsoft tutorial:
http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/how-to-get-rid-of-malware/ba80504b-61f1-4d71-960f-b561798b7b42
 
0
 
LVL 38

Expert Comment

by:younghv
ID: 35083265
@JBond2010,
If you are going to post advice in the malware Zones, you will need to quit posting generic comments and offer specifics.

Telling someone to 'reset', 'download', or 'check' has no value unless you take the time to offer some specific guidance and instruction.
0
 
LVL 5

Expert Comment

by:Iekos
ID: 35083342
You have Malware / Spyware.

Try and get (from another PC if you have to):

Malwarebytes
Spybot search and destroy

This should defo help.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35083359
@WhiteSeed,
I see that you are a brand new member, so welcome to Experts-Exchange.

Our Premium Service members pay a fee to get advice from Experts here, so you really don't want to ship them off to some other web site.

The symptoms being discussed in this question have been solved many times here, so we need to 1 - identify the malware and 2 - provide targeted advice to resolve it.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35083381
Gosh, you people are really coming out of the woodwork today.
Iekos - read the prior posts so you don't duplicate advice already given:

http://www.experts-exchange.com/help.jsp#hs=30&hi=416

"Are there guidelines for answering questions?"
Read previous posts before commenting: It is important to read the entire thread so that you know the current situation. That will keep you from posting a duplicate answer or one that has already been shown not to work. If you basically agree with another comment but have something more to add, remember to give credit for the original suggestion -- mention that Expert by name -- in your post.


0
 

Author Comment

by:jnewburn
ID: 35085446
Thanks everyone for the expediated responses. This is my first post so bear with me. To answer some of the responses...yes I have cleared the temp files, and reset IE to default settings. I have also ran the Malware bytes and spybot seak and destroy allready and have came up short.
As "younghv" suggested, I ran the tdsskiller and it found no infection (log file attached). I then ran hijackthis and at the beginning of the scan it said that hijackthis was denied access to the hosts file? It then kept going and finished (log file attached). I also ran the ccleaner and malwarebytes. Malwarebytes found no infection (log file attached).  Please review....thanks
TDSSKiller.2.4.20.0-09.03.2011-1.txt
hijackthis.log
mbam-log-2011-03-09--12-34-09-.txt
0
 
LVL 38

Expert Comment

by:younghv
ID: 35085532
HJT should be run from a folder in the root drive, not your profile:
C:\Users\admin\Desktop\HijackThis.exe

Are you running both AVG and some version of Norton/Symantec?
If so, you need to pick one and fully remove the other - details to follow, if needed.

Did you install and run CCleaner?
It is a great tool for removing all the junk/temp files that acculate.

Did you use the 'Save As' function when you downloaded MBAM?
0
 

Author Comment

by:jnewburn
ID: 35085707
I moved HJT to a folder in the root drive and reran. I got the same error with the host fileand then it coninued. (new log attached). I removed the norton online scanner (the laptop is using AVG).

I did run the CCleaner as well..and used the saveas function when downloading MBAM
hijackthis.log
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 35085724
Use the instructions at this site to see if you can replace the HOSTS file:
http://www.mvps.org/winhelp2002/hosts.htm
0
 
LVL 38

Expert Comment

by:younghv
ID: 35085734
Also - are you being re-directed to the same site consistently?
If so, that might give us a clue about which flavor of malware you have.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 35085788
This issue keeps coming up. Here is a recent thread showing that it could be an infected router:  http://www.experts-exchange.com/expertsZone.jsp
0
 
LVL 38

Expert Comment

by:younghv
ID: 35085842
The actual link is here:
http://www.experts-exchange.com/Q_26864096.html

@jnewburn,
Look at the "HOSTS" file displayed in that question and compare it to yours.
0
 

Author Comment

by:jnewburn
ID: 35085887
younghv,
the redirected sites vary (infomash.com,grooveswish.com,scour.com...etc). Also there is not a "hosts" file. The one listed in that directory is "lmhosts.sam". Is this the correct one?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 35085983
younghv:  ty.  I have over multitasking this morning so I simply did what I usually do and copied the address bar.   :(

0
 
LVL 38

Expert Comment

by:younghv
ID: 35086073
pony - been there np
:)

Jnewburn,
You will have to have the 'system' files set to display in Windows Explorer.
It is there:

Windows 7/Vista/XP    = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC

Have to catch a meeting - back in about an hour.
0
 

Author Comment

by:jnewburn
ID: 35088053
younghv

I compared the host file to the one mentioned in your post above and it was similiar. So I used the inormation there to reset the host file . I rebooted and the redirection is gone!   If there is anything else I need to do let me know, but if not thank-you for all your help.

0
 
LVL 38

Expert Comment

by:younghv
ID: 35088162
If you don't mind, let's look at a couple of other things before closing this out.
(Better safe than sorry.)*

1. Is this a home or work environment?
2. In either case, are you connecting to the Internet through a 'router' (NOT just a modem).
3. If you have a clean computer, go back up to Malwarebytes (link above) and download the executable again (*). Make sure you rename it (Save As) before it touches any computer to which it is being downloaded.
4. Run the install again (don't need to uninstall the old).
5. Check the "Perform Full Scan" and let it run. If any malware is found let MBAM do the repairs.

Post back and let me know.

Thanks.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35088187
Wow!
7+ years membership and this is your first question.

Cool!
0
 

Author Comment

by:jnewburn
ID: 35090063
... Yeah, first timer for the question post.  I use this site frequently it has a pretty good variety of information.

The laptop is used for both home and work and it is connecting through a router for both situations. I downloaded and installed again with the "save as" command and ran the program. Nothing found!!

I do appreciate all of your help on this... it's experts like yourself that make this site valuable.

Best Regards

0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question