Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

redirecting trafic after googling,

Posted on 2012-05-29
10
Medium Priority
?
1,320 Views
Last Modified: 2012-05-29
Hi Everyone,

We have problem on one of ours employee computer. After he is doing google search, and tries to go to one of the results links, his trafic is getting redirected to the link http://pagead.googledoubleclicks.com our  out baracuda firewall is blocking content of this site like a suspisitios site. When he try going directly to the same page he is able.  Also when we hover over the link on baracuda blocking page, it is saying that link is going to homesearchdirectory, if anybody has any idea please let us know

CVMVCD IT Stuff
0
Comment
Question by:CoachellaMVCD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 15

Expert Comment

by:Jornak
ID: 38022943
Sounds like the MEDFOS trojan. Have you done virus scans independent of your real-time antivirus?
0
 

Author Comment

by:CoachellaMVCD
ID: 38023050
Hi Jornak,

thank you for your response, we are right now doing scan, and we will see results, also we found this liek possible answer http://www.zimbio.com/Spyware/articles/F7-aP5UwjPj/How+Remove+Trojan+Win32+Medfos+Get+Rid+Medfos do you think this will work

CVMVCD IT Stuff
0
 
LVL 15

Accepted Solution

by:
Jornak earned 300 total points
ID: 38023073
That may work. You might want to look into using Combofix (instructions on how to use, and download in link) as well.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:CoachellaMVCD
ID: 38023095
Hi Jornak,

thank you a lot, we are working on fixing this problem, if we have any questions we will be asking you, if not we will accept you answer once  we are done

CVMVCD  IT Stuff
0
 

Author Comment

by:CoachellaMVCD
ID: 38023455
Hi Jornak,

so far we are not successfull in finding MEDFOS, we are going to contuinue searching for it, and possible cleaning , do you think that anything else can cause this problem, except MEDFOS

CVMVCD IT Stuff
0
 
LVL 15

Expert Comment

by:Jornak
ID: 38023792
It definitely has to be malware. I have no doubt in my mind.
0
 

Author Comment

by:CoachellaMVCD
ID: 38024453
Hi Jonak,

One important information, that we didn't say so far, we are running windows 7 64 bit

CVMVCD IT Stuff
0
 
LVL 15

Expert Comment

by:Jornak
ID: 38024565
Ah, that shouldn't really change anything. Any more luck?
0
 

Author Comment

by:CoachellaMVCD
ID: 38024661
Hi Jornak,

combofix did work, thank you very much

CVMVCD IT Stuff
0
 
LVL 38

Expert Comment

by:younghv
ID: 38024947
@CoachellaMVCD,
I suggest that you spend a little more time on that system and run some other scans. "ComboFix" is one of the very best tools available, but it can't hurt to fire off a couple more weapons.

For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.

You can also try FixTDSS.exe from Symantec:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

There are several EE Articles that cover all of the basics of proper malware removal and I encourage to to familiarize yourself with the steps you need to take.

"Google Hijack" - Google Search Gets Redirected:
THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED:
http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_6650.html Malware Fighting – Best Practices
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
Does your audience prefer people in photos or no people? How can you best highlight what you’re selling? What are your competitors doing, and what can you do that is different and unique from them?  Continue reading to learn how to make your images …
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question