Avatar of Andrew Morris
Andrew Morris
Flag for New Zealand asked on

My web browser keeps redirecting

I had a virus on my laptop that popped up fake antivirus software. I have since run:
Smitfraudfix, MalwareBytes, SuperAntispyware, CCleaner, and Hijackthis.

It has cleaned up the fake antivirus software but every time I do a search through Google or Bing etc... it shows the search results but when I click on a link it redirects me to another site advertising something
Quite often www.com.au flicks up in the address bar before it goes off to some random site.
I have tried resseting IE.

Ant Clues?

Andrew
Anti-Virus AppsWeb BrowsersAnti-Spyware

Avatar of undefined
Last Comment
younghv

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
OmniUnlimited

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Andrew Morris

ASKER
I'd rather not format if possible. So no ones heard of this www.com.au?
OmniUnlimited

Well if you can live with the possibility of this happening again in the future you can try looking at

http://www.microsoft.com/security/pc-security/browser-hijacking.aspx
Dave Baldwin

It exists (203.2.75.99) and it is hosted at "vweb.optusnet.com.au".  Look in your 'hosts' file and see if there is a redirect there that matches that.  You can also "Request Attention" and get the anti-virus and malware zones added to your question.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
rpggamergirl

Used Kaspersky's TDSSKiller:(try renaming the file if it doesn't run on first go)
http://support.kaspersky.com/viruses/solutions?qid=208280684

Also check out these articles on google search redirects.
"Google Hijack" - Google Search Gets Redirected:      
https://www.experts-exchange.com/A_3299.html

"Infected Router - Google Search Redirects Even on a Clean System"  
https://www.experts-exchange.com/A_5327.html


If TDSSKiller is blocked try these:
Symantec's FixTDSS.exe http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe
Eset's OlmarikTDL4Cleaner.exe
http://download.eset.com/special/EOlmarikTdl4Cleaner.exe
TDL4 removal tool from BitDefender:
http://www.malwarecity.com/community/index.php?app=downloads&showfile=25
rpggamergirl

That's an Australian site, when I go there it takes me to OptusNet, but it doesn't realy matter which site you are redirected to, you just need to stop the redirects.
raysonlee

Does it work normally if u enter the website directly without searching?
Is there any difference if you use the search box in the browser vs go to main page of search engine and use the search box there? Try use IP address (e.g. 98.137.149.56 to access www.yahoo.com) and use the search web box there.
Beside, u may also check correctness of DNS server address and any Proxy setting in browser.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
sb7785

I had this problem on several clients computers. The EASIEST way that I've found was to use Hitman Pro. Do the "one time scan", as opposed to the full install.

After scanning and removing with Hitman Pro, it was gone. You can get it from their website below. Hope that works for you, it did for me.

http://www.surfright.nl/en/hitmanpro
younghv

HitmanPro can remove some variant to TDSS rootkits but it's not that good when there are patched files involved.

Also note that it can sometimes render the system unbootable.

I think you will be better served to use the targeted TDSSKiller tools described in this comment:
http:#a36340590