Solved

redirecting trafic after googling,

Posted on 2012-05-29
1,286 Views
Last Modified: 2012-05-29
Hi Everyone,

We have problem on one of ours employee computer. After he is doing google search, and tries to go to one of the results links, his trafic is getting redirected to the link http://pagead.googledoubleclicks.com our  out baracuda firewall is blocking content of this site like a suspisitios site. When he try going directly to the same page he is able.  Also when we hover over the link on baracuda blocking page, it is saying that link is going to homesearchdirectory, if anybody has any idea please let us know

CVMVCD IT Stuff
0
Question by:CoachellaMVCD
    10 Comments
     
    LVL 15

    Expert Comment

    by:Jornak
    Sounds like the MEDFOS trojan. Have you done virus scans independent of your real-time antivirus?
    0
     

    Author Comment

    by:CoachellaMVCD
    Hi Jornak,

    thank you for your response, we are right now doing scan, and we will see results, also we found this liek possible answer http://www.zimbio.com/Spyware/articles/F7-aP5UwjPj/How+Remove+Trojan+Win32+Medfos+Get+Rid+Medfos do you think this will work

    CVMVCD IT Stuff
    0
     
    LVL 15

    Accepted Solution

    by:
    That may work. You might want to look into using Combofix (instructions on how to use, and download in link) as well.
    0
     

    Author Comment

    by:CoachellaMVCD
    Hi Jornak,

    thank you a lot, we are working on fixing this problem, if we have any questions we will be asking you, if not we will accept you answer once  we are done

    CVMVCD  IT Stuff
    0
     

    Author Comment

    by:CoachellaMVCD
    Hi Jornak,

    so far we are not successfull in finding MEDFOS, we are going to contuinue searching for it, and possible cleaning , do you think that anything else can cause this problem, except MEDFOS

    CVMVCD IT Stuff
    0
     
    LVL 15

    Expert Comment

    by:Jornak
    It definitely has to be malware. I have no doubt in my mind.
    0
     

    Author Comment

    by:CoachellaMVCD
    Hi Jonak,

    One important information, that we didn't say so far, we are running windows 7 64 bit

    CVMVCD IT Stuff
    0
     
    LVL 15

    Expert Comment

    by:Jornak
    Ah, that shouldn't really change anything. Any more luck?
    0
     

    Author Comment

    by:CoachellaMVCD
    Hi Jornak,

    combofix did work, thank you very much

    CVMVCD IT Stuff
    0
     
    LVL 38

    Expert Comment

    by:younghv
    @CoachellaMVCD,
    I suggest that you spend a little more time on that system and run some other scans. "ComboFix" is one of the very best tools available, but it can't hurt to fire off a couple more weapons.

    For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
    http://support.kaspersky.com/downloads/utils/tdsskiller.zip

    * Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
    * Execute the file TDSSKiller.exe.
    * Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

    If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
    Please post the log to be analyzed.

    You can also try FixTDSS.exe from Symantec:
    http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

    There are several EE Articles that cover all of the basics of proper malware removal and I encourage to to familiarize yourself with the steps you need to take.

    "Google Hijack" - Google Search Gets Redirected:
    THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED:
    http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
    http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware
    http://www.experts-exchange.com/A_6650.html Malware Fighting – Best Practices
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    Cisco Complete Network Certification Training

    If you’re an IT engineer or technician, it's time you take your career to the next level. This elite training bundle is brimming with all of the information you need to learn to sit for Cisco CNNA, CCNP, and CCENT certification exams.

    Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
    Uploading files to the web server has become common part of almost any kind of web application. People use different technologies to solve this, but regardless of the technology used, it is always useful to have some kind of progress indicator shown…
    This video teaches users how to migrate an existing Wordpress website to a new domain.
    The viewer will learn how to count occurrences of each item in an array.

    703 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    30 Experts available now in Live!

    Get 1:1 Help Now