Browser Redirect using both IE and Chrome

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ngrace, Aug 31, 2010.

  1. ngrace

    ngrace Private E-2

    Hello, thanks in advance for any help with this. I have done all steps in the RUN & READ me first, as well as the Windows XP cleaning Procedures, and still no luck. I am having issues with my browser being directed. It happens when using Internet Explorer, as well as Google Chrome. When I do a search, then try to navigate to one of the sites shown, I get redirected to another site that is unrelated. My bar will usually say either say "results.yahoo.com" or "results55.google.com" before the redirect. I have attached the logs for the scans I have ran.
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    We still need you to attach the C:\MGLogs.zip --> from running the C:\MGTools.exe.

    Also, please put ComboFix directly on your desktop, not here:
    Running from: c:\documents and settings\Nickie\My Documents\Downloads\ComboFix.exe

    Download TDSSKiller from Kaspersky to your directly onto your Desktop

    • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
    • Allow the application to run if prompted by Windows or any security programs you have installed
    • It will start the scan and run rather quickly and will notify you of whether anything is found or not.
    • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
    • Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )
     
  3. ngrace

    ngrace Private E-2

    Hello, I moved ComboFix to my desktop, and here are the MGTools, and TDDSKiller logs. Sorry about the MG log, I wasnt sure if it would count as "bumping" if I replied to my thread and included it, and I didnt want to confuse anyone trying to help me by posting a new thread with it attached. Thanks again for the help.
     

    Attached Files:

  4. ngrace

    ngrace Private E-2

    OOPS-I forgot to tell you that when I finished running TDDSKiller and closed it down, I immediately got the blue screen of death with white writing on it thats started out with:

    "A problem as been detected and Windows has been shut down to prevent damage to you computer......"

    There was more to it, but it didnt give any reasons, or error codes that I saw. It said to reboot and if I was still having issues goto safe mode. I did the reboot, and is seems to be working fine now, but that was a new one to me.
     
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now tell me if your issues are resolved.
     
  6. ngrace

    ngrace Private E-2

    I shut down my anti virus/spyware programs, did the registry merge as instructed, and received a message saying it was successful. Im still having the same issue with the browser redirect.
     
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Well, poo!! Run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\MGlogs.zip
     
  8. ngrace

    ngrace Private E-2

    Ran and Here is the log--
     

    Attached Files:

  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Well, the reg. patch didn't take.
    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::
    
    Registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters]
    "DhcpNameServer"=""
    
    [HKEY_LOCAL_MACHINE\system\controlset001\services\tcpip\parameters]
    "DhcpNameServer"=""
    
    [HKEY_LOCAL_MACHINE\system\controlset002\services\tcpip\parameters]
    "DhcpNameServer"=""
    
    
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    [​IMG]
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
  10. ngrace

    ngrace Private E-2

    Okay I followed all the steps, and heres what I got-Man this thing is a real pain-Thanks again for all your help!
     

    Attached Files:

  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That looks like it took care of it. Are you still having issues?
     
  12. ngrace

    ngrace Private E-2

    No-i am still getting redirected. When I click on a website from the search results, it stalls for a second, then "results.yahoo.com" is displayed in the browser bar right before it redirects me to an unrelated site-usually an ad site.
     
  13. ngrace

    ngrace Private E-2

    I just noticed when Im using Google as a search engine, I am not getting the redirect by "results55.google.com" or "results.gugle" any more tho so that is gone. It only when I use yahoo as a search engine at this point, and it still happens when Im using IE and Chrome.
     
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\MGlogs.zip

    This may just be an issue with Yahoo. I frankly would suggest you uninstall anything related to Yahoo.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds