Solved

redirecting trafic after googling,

Posted on 2012-05-29
1,275 Views
Last Modified: 2012-05-29
Hi Everyone,

We have problem on one of ours employee computer. After he is doing google search, and tries to go to one of the results links, his trafic is getting redirected to the link http://pagead.googledoubleclicks.com our  out baracuda firewall is blocking content of this site like a suspisitios site. When he try going directly to the same page he is able.  Also when we hover over the link on baracuda blocking page, it is saying that link is going to homesearchdirectory, if anybody has any idea please let us know

CVMVCD IT Stuff
Good Question?
0
Question by:CoachellaMVCD
    257 Solutions
    Best Solution byJornak
    That may work. You might want to look into using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) (instructions on how to use, and download in link) as well.
    10 Comments
     
    257 Solutions

    Expert Comment

    by:Jornak
    Sounds like the MEDFOS trojan. Have you done virus scans independent of your real-time antivirus?
    Good Comment?
    0
     

    Author Comment

    by:CoachellaMVCD
    Hi Jornak,

    thank you for your response, we are right now doing scan, and we will see results, also we found this liek possible answer http://www.zimbio.com/Spyware/articles/F7-aP5UwjPj/How+Remove+Trojan+Win32+Medfos+Get+Rid+Medfos do you think this will work

    CVMVCD IT Stuff
    Good Comment?
    0
     
    257 Solutions

    Accepted Solution

    by:
    That may work. You might want to look into using Combofix (instructions on how to use, and download in link) as well.
    Good Solution?
    0
     

    Author Comment

    by:CoachellaMVCD
    Hi Jornak,

    thank you a lot, we are working on fixing this problem, if we have any questions we will be asking you, if not we will accept you answer once  we are done

    CVMVCD  IT Stuff
    Good Comment?
    0
     

    Author Comment

    by:CoachellaMVCD
    Hi Jornak,

    so far we are not successfull in finding MEDFOS, we are going to contuinue searching for it, and possible cleaning , do you think that anything else can cause this problem, except MEDFOS

    CVMVCD IT Stuff
    Good Comment?
    0
     
    257 Solutions

    Expert Comment

    by:Jornak
    It definitely has to be malware. I have no doubt in my mind.
    Good Comment?
    0
     

    Author Comment

    by:CoachellaMVCD
    Hi Jonak,

    One important information, that we didn't say so far, we are running windows 7 64 bit

    CVMVCD IT Stuff
    Good Comment?
    0
     
    257 Solutions

    Expert Comment

    by:Jornak
    Ah, that shouldn't really change anything. Any more luck?
    Good Comment?
    0
     

    Author Comment

    by:CoachellaMVCD
    Hi Jornak,

    combofix did work, thank you very much

    CVMVCD IT Stuff
    Good Comment?
    0
     
    1,384 Solutions

    Expert Comment

    by:younghv
    @CoachellaMVCD,
    I suggest that you spend a little more time on that system and run some other scans. "ComboFix" is one of the very best tools available, but it can't hurt to fire off a couple more weapons.

    For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
    http://support.kaspersky.com/downloads/utils/tdsskiller.zip

    * Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
    * Execute the file TDSSKiller.exe.
    * Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

    If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
    Please post the log to be analyzed.

    You can also try FixTDSS.exe from Symantec:
    http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

    There are several EE Articles that cover all of the basics of proper malware removal and I encourage to to familiarize yourself with the steps you need to take.

    "Google Hijack" - Google Search Gets Redirected:
    THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED:
    http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
    http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware
    http://www.experts-exchange.com/A_6650.html Malware Fighting – Best Practices
    Good Comment?
    0

    Add a Comment

    Join our community to follow up on this question and 4 million more solutions.

    Join & Write a Comment

    Featured Post

    Course: Foundations of Front-End Development

    Jump-start a lucrative career in front-end web development, with zero previous coding experience required. This course covers the basic programming concepts and languages required for creating engaging websites from scratch.

    Problem to be resolved in this article Currently, development of website and web application can be done without writing thousands of lines of programming code by hand. Description This can be done through by using a open source framework such …
    Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
    This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
    This video teaches users how to migrate an existing Wordpress website to a new domain.

    735 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    35 Experts available now in Live!

    Get 1:1 Help Now