Solved

redirecting trafic after googling,

Posted on 2012-05-29
10
1,316 Views
Last Modified: 2012-05-29
Hi Everyone,

We have problem on one of ours employee computer. After he is doing google search, and tries to go to one of the results links, his trafic is getting redirected to the link http://pagead.googledoubleclicks.com our  out baracuda firewall is blocking content of this site like a suspisitios site. When he try going directly to the same page he is able.  Also when we hover over the link on baracuda blocking page, it is saying that link is going to homesearchdirectory, if anybody has any idea please let us know

CVMVCD IT Stuff
0
Comment
Question by:CoachellaMVCD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 15

Expert Comment

by:Jornak
ID: 38022943
Sounds like the MEDFOS trojan. Have you done virus scans independent of your real-time antivirus?
0
 

Author Comment

by:CoachellaMVCD
ID: 38023050
Hi Jornak,

thank you for your response, we are right now doing scan, and we will see results, also we found this liek possible answer http://www.zimbio.com/Spyware/articles/F7-aP5UwjPj/How+Remove+Trojan+Win32+Medfos+Get+Rid+Medfos do you think this will work

CVMVCD IT Stuff
0
 
LVL 15

Accepted Solution

by:
Jornak earned 75 total points
ID: 38023073
That may work. You might want to look into using Combofix (instructions on how to use, and download in link) as well.
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 

Author Comment

by:CoachellaMVCD
ID: 38023095
Hi Jornak,

thank you a lot, we are working on fixing this problem, if we have any questions we will be asking you, if not we will accept you answer once  we are done

CVMVCD  IT Stuff
0
 

Author Comment

by:CoachellaMVCD
ID: 38023455
Hi Jornak,

so far we are not successfull in finding MEDFOS, we are going to contuinue searching for it, and possible cleaning , do you think that anything else can cause this problem, except MEDFOS

CVMVCD IT Stuff
0
 
LVL 15

Expert Comment

by:Jornak
ID: 38023792
It definitely has to be malware. I have no doubt in my mind.
0
 

Author Comment

by:CoachellaMVCD
ID: 38024453
Hi Jonak,

One important information, that we didn't say so far, we are running windows 7 64 bit

CVMVCD IT Stuff
0
 
LVL 15

Expert Comment

by:Jornak
ID: 38024565
Ah, that shouldn't really change anything. Any more luck?
0
 

Author Comment

by:CoachellaMVCD
ID: 38024661
Hi Jornak,

combofix did work, thank you very much

CVMVCD IT Stuff
0
 
LVL 38

Expert Comment

by:younghv
ID: 38024947
@CoachellaMVCD,
I suggest that you spend a little more time on that system and run some other scans. "ComboFix" is one of the very best tools available, but it can't hurt to fire off a couple more weapons.

For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.

You can also try FixTDSS.exe from Symantec:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

There are several EE Articles that cover all of the basics of proper malware removal and I encourage to to familiarize yourself with the steps you need to take.

"Google Hijack" - Google Search Gets Redirected:
THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED:
http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_6650.html Malware Fighting – Best Practices
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An enjoyable and seamless user experience can go a long way on an eCommerce site. While a cohesive layout and engaging copy play roles in creating a positive user experience, some sites neglect aspects that seem marginal but in actuality prove very …
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question