• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1147
  • Last Modified:

Internet explorer Redirector

Within internet explorer, when searching on google, yahoo, bing...etc. After the search list comes up and I click on an result, it is redirecting to various add sites. Nothing is coming up on the virus scans. I have ran multiple spyware/malware scanners and nothing is coming up (hitmanpro,spybot, &malwarebytes). Is there anything else I can do to remove this without reinstalling the operating system?

0
jnewburn
Asked:
jnewburn
  • 12
  • 5
  • 2
  • +4
1 Solution
 
CarlsbergFTWCommented:
fist try un-installing any toolbars,addons that you believe are not supposed to be there , and maybe reinstall IE or try using firefox and test if this also happens when using other prowser.
0
 
younghvCommented:
For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
The user can then post the log to be analyzed.

Let us know the results and we can take the next steps.
0
 
JBond2010Commented:
Have you tried resetting internet explorer and deleting all cooking and temporary internet files? Also, try deleting all temp files from your system.

You can also download hijackthis which is a free tool and then run this tool and examine the output. You can download hijackthis from the internet.

Also, check the hosts file on your system c:\windows\system32\drivers\etc\hosts
and see if this has been edited in any way.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
younghvCommented:
After running TDSSKiller, you may need to use a couple more common tools. Please note the "Save As" instructions for Malwarebytes - it can be critical to download it with a random name that malware won't recognize.


Download, install, and run
CCleaner (www.ccleaner.com)
Doing this will clean out all of the Temp/Junk files from your browser.

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)
When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.
The instructions are included right in that link.

When finished with MBAM, post the log that is generated and let us look at it for you.

IF NEEDED, we may ask you do download ComboFix (using the same "Save As" process).
0
 
WhiteSeedCommented:
i think you can a malware
-When you use your browser to view Web sites, other instances of your browser open to display Web site advertisements
use the official microsoft tutorial:
http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/how-to-get-rid-of-malware/ba80504b-61f1-4d71-960f-b561798b7b42
 
0
 
younghvCommented:
@JBond2010,
If you are going to post advice in the malware Zones, you will need to quit posting generic comments and offer specifics.

Telling someone to 'reset', 'download', or 'check' has no value unless you take the time to offer some specific guidance and instruction.
0
 
IekosCommented:
You have Malware / Spyware.

Try and get (from another PC if you have to):

Malwarebytes
Spybot search and destroy

This should defo help.
0
 
younghvCommented:
@WhiteSeed,
I see that you are a brand new member, so welcome to Experts-Exchange.

Our Premium Service members pay a fee to get advice from Experts here, so you really don't want to ship them off to some other web site.

The symptoms being discussed in this question have been solved many times here, so we need to 1 - identify the malware and 2 - provide targeted advice to resolve it.
0
 
younghvCommented:
Gosh, you people are really coming out of the woodwork today.
Iekos - read the prior posts so you don't duplicate advice already given:

http://www.experts-exchange.com/help.jsp#hs=30&hi=416

"Are there guidelines for answering questions?"
Read previous posts before commenting: It is important to read the entire thread so that you know the current situation. That will keep you from posting a duplicate answer or one that has already been shown not to work. If you basically agree with another comment but have something more to add, remember to give credit for the original suggestion -- mention that Expert by name -- in your post.


0
 
jnewburnAuthor Commented:
Thanks everyone for the expediated responses. This is my first post so bear with me. To answer some of the responses...yes I have cleared the temp files, and reset IE to default settings. I have also ran the Malware bytes and spybot seak and destroy allready and have came up short.
As "younghv" suggested, I ran the tdsskiller and it found no infection (log file attached). I then ran hijackthis and at the beginning of the scan it said that hijackthis was denied access to the hosts file? It then kept going and finished (log file attached). I also ran the ccleaner and malwarebytes. Malwarebytes found no infection (log file attached).  Please review....thanks
TDSSKiller.2.4.20.0-09.03.2011-1.txt
hijackthis.log
mbam-log-2011-03-09--12-34-09-.txt
0
 
younghvCommented:
HJT should be run from a folder in the root drive, not your profile:
C:\Users\admin\Desktop\HijackThis.exe

Are you running both AVG and some version of Norton/Symantec?
If so, you need to pick one and fully remove the other - details to follow, if needed.

Did you install and run CCleaner?
It is a great tool for removing all the junk/temp files that acculate.

Did you use the 'Save As' function when you downloaded MBAM?
0
 
jnewburnAuthor Commented:
I moved HJT to a folder in the root drive and reran. I got the same error with the host fileand then it coninued. (new log attached). I removed the norton online scanner (the laptop is using AVG).

I did run the CCleaner as well..and used the saveas function when downloading MBAM
hijackthis.log
0
 
younghvCommented:
Use the instructions at this site to see if you can replace the HOSTS file:
http://www.mvps.org/winhelp2002/hosts.htm
0
 
younghvCommented:
Also - are you being re-directed to the same site consistently?
If so, that might give us a clue about which flavor of malware you have.
0
 
pony10usCommented:
This issue keeps coming up. Here is a recent thread showing that it could be an infected router:  http://www.experts-exchange.com/expertsZone.jsp
0
 
younghvCommented:
The actual link is here:
http://www.experts-exchange.com/Q_26864096.html

@jnewburn,
Look at the "HOSTS" file displayed in that question and compare it to yours.
0
 
jnewburnAuthor Commented:
younghv,
the redirected sites vary (infomash.com,grooveswish.com,scour.com...etc). Also there is not a "hosts" file. The one listed in that directory is "lmhosts.sam". Is this the correct one?
0
 
pony10usCommented:
younghv:  ty.  I have over multitasking this morning so I simply did what I usually do and copied the address bar.   :(

0
 
younghvCommented:
pony - been there np
:)

Jnewburn,
You will have to have the 'system' files set to display in Windows Explorer.
It is there:

Windows 7/Vista/XP    = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC

Have to catch a meeting - back in about an hour.
0
 
jnewburnAuthor Commented:
younghv

I compared the host file to the one mentioned in your post above and it was similiar. So I used the inormation there to reset the host file . I rebooted and the redirection is gone!   If there is anything else I need to do let me know, but if not thank-you for all your help.

0
 
younghvCommented:
If you don't mind, let's look at a couple of other things before closing this out.
(Better safe than sorry.)*

1. Is this a home or work environment?
2. In either case, are you connecting to the Internet through a 'router' (NOT just a modem).
3. If you have a clean computer, go back up to Malwarebytes (link above) and download the executable again (*). Make sure you rename it (Save As) before it touches any computer to which it is being downloaded.
4. Run the install again (don't need to uninstall the old).
5. Check the "Perform Full Scan" and let it run. If any malware is found let MBAM do the repairs.

Post back and let me know.

Thanks.
0
 
younghvCommented:
Wow!
7+ years membership and this is your first question.

Cool!
0
 
jnewburnAuthor Commented:
... Yeah, first timer for the question post.  I use this site frequently it has a pretty good variety of information.

The laptop is used for both home and work and it is connecting through a router for both situations. I downloaded and installed again with the "save as" command and ran the program. Nothing found!!

I do appreciate all of your help on this... it's experts like yourself that make this site valuable.

Best Regards

0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 12
  • 5
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now