Solved

redirecting trafic after googling,

Posted on 2012-05-29
10
1,313 Views
Last Modified: 2012-05-29
Hi Everyone,

We have problem on one of ours employee computer. After he is doing google search, and tries to go to one of the results links, his trafic is getting redirected to the link http://pagead.googledoubleclicks.com our  out baracuda firewall is blocking content of this site like a suspisitios site. When he try going directly to the same page he is able.  Also when we hover over the link on baracuda blocking page, it is saying that link is going to homesearchdirectory, if anybody has any idea please let us know

CVMVCD IT Stuff
0
Comment
Question by:CoachellaMVCD
  • 5
  • 4
10 Comments
 
LVL 15

Expert Comment

by:Jornak
ID: 38022943
Sounds like the MEDFOS trojan. Have you done virus scans independent of your real-time antivirus?
0
 

Author Comment

by:CoachellaMVCD
ID: 38023050
Hi Jornak,

thank you for your response, we are right now doing scan, and we will see results, also we found this liek possible answer http://www.zimbio.com/Spyware/articles/F7-aP5UwjPj/How+Remove+Trojan+Win32+Medfos+Get+Rid+Medfos do you think this will work

CVMVCD IT Stuff
0
 
LVL 15

Accepted Solution

by:
Jornak earned 75 total points
ID: 38023073
That may work. You might want to look into using Combofix (instructions on how to use, and download in link) as well.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 

Author Comment

by:CoachellaMVCD
ID: 38023095
Hi Jornak,

thank you a lot, we are working on fixing this problem, if we have any questions we will be asking you, if not we will accept you answer once  we are done

CVMVCD  IT Stuff
0
 

Author Comment

by:CoachellaMVCD
ID: 38023455
Hi Jornak,

so far we are not successfull in finding MEDFOS, we are going to contuinue searching for it, and possible cleaning , do you think that anything else can cause this problem, except MEDFOS

CVMVCD IT Stuff
0
 
LVL 15

Expert Comment

by:Jornak
ID: 38023792
It definitely has to be malware. I have no doubt in my mind.
0
 

Author Comment

by:CoachellaMVCD
ID: 38024453
Hi Jonak,

One important information, that we didn't say so far, we are running windows 7 64 bit

CVMVCD IT Stuff
0
 
LVL 15

Expert Comment

by:Jornak
ID: 38024565
Ah, that shouldn't really change anything. Any more luck?
0
 

Author Comment

by:CoachellaMVCD
ID: 38024661
Hi Jornak,

combofix did work, thank you very much

CVMVCD IT Stuff
0
 
LVL 38

Expert Comment

by:younghv
ID: 38024947
@CoachellaMVCD,
I suggest that you spend a little more time on that system and run some other scans. "ComboFix" is one of the very best tools available, but it can't hurt to fire off a couple more weapons.

For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.

You can also try FixTDSS.exe from Symantec:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

There are several EE Articles that cover all of the basics of proper malware removal and I encourage to to familiarize yourself with the steps you need to take.

"Google Hijack" - Google Search Gets Redirected:
THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED:
http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_6650.html Malware Fighting – Best Practices
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Tool to Build Android and iOS App 3 74
SQL to update characters in table column 6 126
stop navigation from wrapping 7 78
Divi Theme - extra fonts I don't want 13 25
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
Because your company can’t afford for you to make SEO mistakes, you’ll want to ensure you’re taking the right steps each and every time you post a new piece of content. This list of optimization do’s and don’ts can help you become an SEO wizard.
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question