Every time I try to Image Search on Google it takes me to some alleged search site--non-google.




My AVG doesn't detect; neither does Spybot.

Recently updated my Adobe stuff by going to the Firefox site & checking for update alerts there.

I also get this, sometimes, but not all the time--

405. That’s an error.

The request method POST is inappropriate for the URL /. That’s all we know.

When I try to use Bing, I get redirected, briefly to a web address, then on to a shopping site.

I can't copy the transferring web address.




HELP PLEASE!

check to see if some virus has given you a proxy setting.
Something like tools - internet options - Connectoin tab - Lan settings
Unless you are on a weird setup, you should have no proxy setting.

Also Tools internet options - programs - manage add-ons : kill them all for ow.

OTOH, download MalwareBytes or Trend Housecall free scanners. If necessary, download the Malwarebytes loader from a different computer and put it on a USB stick to run it on your PC. Run a full scan. If you do have an active virus, it is likely to intercept attempts to download AV programs.


Often the only way to be sure is to save your data and reformat the PC.

md2000--I am on Firefox, & can't find any of these things.

I just switched over.

OK, no proxy

killed add ons

Please give me links to the free scanners, as I doubt I can search for them.

BTW--I cannot use a work computer to copy programs to stick, & have no other good option.

Suggestion?

Going to bed.

Got to go to work at 5AM tomorrow.

killing add ons did not stop it.

Malwarebytes download:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

I think you could probably use Hijack This! but it takes a bit of experience to interpret the results and you could hose something if you're not careful.

Run msconfig (just type it into the 'Run' box, or onto the command line). Look at the 'Startup' tab; this will show you all of the programs that run when your computer boots and when you log on.

Depending on what you have installed on your box, and your level of knowledge, the problem may be apparent, as something that doesn't belong in this list. You can uncheck items from the list to stop them from auto-starting, and with some trial and error you might hit upon the offender.

Run msconfig (just type it into the 'Run' box, or onto the command line). Look at the 'Startup' tab; this will show you all of the programs that run when your computer boots and when you log on.

Depending on what you have installed on your box, and your level of knowledge, the problem may be apparent, as something that doesn't belong in this list. You can uncheck items from the list to stop them from auto-starting, and with some trial and error you might hit upon the offender.Not a good solution; spyware hides itself from msconfig routinely. Same with hijackthis -- it was a great tool five years ago, but malware knows how to hide from it.

The best bet is Malwarebytes, as indicated. Another solution is to try do to a system restore to a time before the problem occurred; malware these days doesn't bother disabling this (though it used to).

Your ISP is most likely to blame. Basically, they want to make some extra money, so instead of directly directing you to www.google.com, they direct you to some intermediary shell (shill?) search company who skims some money off of google by pretending that they provided a service to google by referencing you to google (as if there was any chance I the world that you didn't know of the existence of google, and they needed to act as a reference conduit to google) anyway, the whole scheme works with small time ISP copanies that can stay under the radar of these practices.

The solution is to change the DNS servers used by your computer. A DNS server is basically like a huge phone book, but for the Internet, such that when you type the address www.sdmb.com, it looks up the real IP address of the server computer hosting this site.

Long story short you have to change your DNS settings to 8.8.8.8 or 8.8.4.4 . These two DNS servers belong to google (basically google's version of the Internet phone book) which is very trustworthy.

Let us know if this fixes your problem.

My goodness!

Thanks for that tidbit, TNE.

I suspect The Niply Elder is correct, at least if you have an American ISP. A couple weeks ago a research project released its findings that there is widespread hijacking of search traffic by American ISPs. You can read a report from the Electronic Frontier Foundation on the matter (https://www.eff.org/deeplinks/2011/07/widespread-search-hijacking-in-the-us).

The Niply Elder is probably wrong!

As it sends me to a variety of different sites, including shopping sites.

Also, my problems started 24 hours after switching to Firefox, & my research suggests that large downloads cause this big time.

Your ISP is most likely to blame. Basically, they want to make some extra money, so instead of directly directing you to www.google.com, they direct you to some intermediary shell (shill?) search company who skims some money off of google by pretending that they provided a service to google by referencing you to google (as if there was any chance I the world that you didn't know of the existence of google, and they needed to act as a reference conduit to google) anyway, the whole scheme works with small time ISP copanies that can stay under the radar of these practices.

The solution is to change the DNS servers used by your computer. A DNS server is basically like a huge phone book, but for the Internet, such that when you type the address www.sdmb.com, it looks up the real IP address of the server computer hosting this site.

Long story short you have to change your DNS settings to 8.8.8.8 or 8.8.4.4 . These two DNS servers belong to google (basically google's version of the Internet phone book) which is very trustworthy.

Let us know if this fixes your problem.

BTW--I have no idea how to change a DNS, or where to begin.

http://www.theregister.co.uk/2011/08/08/wordpress_hijack_poisons_google_image/

Malwarebytes download:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

I think you could probably use Hijack This! but it takes a bit of experience to interpret the results and you could hose something if you're not careful.

Could I be directed to an English-language site, please?

I can read a little German, but I'd prefer more certainty.

Your ISP is most likely to blame. Basically, they want to make some extra money, so instead of directly directing you to www.google.com, they direct you to some intermediary shell (shill?) search company who skims some money off of google by pretending that they provided a service to google by referencing you to google (as if there was any chance I the world that you didn't know of the existence of google, and they needed to act as a reference conduit to google) anyway, the whole scheme works with small time ISP copanies that can stay under the radar of these practices.

The solution is to change the DNS servers used by your computer. A DNS server is basically like a huge phone book, but for the Internet, such that when you type the address www.sdmb.com, it looks up the real IP address of the server computer hosting this site.

Long story short you have to change your DNS settings to 8.8.8.8 or 8.8.4.4 . These two DNS servers belong to google (basically google's version of the Internet phone book) which is very trustworthy.

Let us know if this fixes your problem.

I find it extremely hard to believe that any reputable ISP would do this.

I would be willing to bet that you have a google redirector rootkit. I seriously doubt it's your ISP.

Malwarebytes, hijackthis, and most virus scanners won't touch it.

Go to bleepingcomputers.com forum, make an account (it's free), and ask for help.

Be forewarned, you must be patient, and the steps can be rather involved, but they will fix it. The tools to remove them are free.

I do not know enough about rootkits and the removal tools that I feel comfortable telling you how to clean them, but I have removed several from the computers at work.

I would be willing to bet that you have a google redirector rootkit. I seriously doubt it's your ISP.

Malwarebytes, hijackthis, and most virus scanners won't touch it.

Go to bleepingcomputers.com forum, make an account (it's free), and ask for help.

Be forewarned, you must be patient, and the steps can be rather involved, but they will fix it. The tools to remove them are free.

I do not know enough about rootkits and the removal tools that I feel comfortable telling you how to clean them, but I have removed several from the computers at work.
My skills are so poor that this is unhelpful.


I need a link to Malwarebytes in English, please?

http://www.malwarebytes.org/

It doesn't matter WHAT language malwarebytes you use. Malwarebytes will NOT fix this.

Good luck.

I had the same problem last week. The problem was only in Firefox with Google. IE was ok. I used IE to google for "google redirect virus" and basically everyone has a very hard time getting rid of it. I used a variety of utilities, then finally STOPZilla worked. (It is $10 for one year.) I'm not sure whether it worked in combination with the other stuff I was doing, or just by itself. Use IE, go to Google and search for "google redirect virus" and you'll find a big variety of things people have tried.

I would be willing to bet that you have a google redirector rootkit. I seriously doubt it's your ISP.

Malwarebytes, hijackthis, and most virus scanners won't touch it.

Go to bleepingcomputers.com forum, make an account (it's free), and ask for help.

Be forewarned, you must be patient, and the steps can be rather involved, but they will fix it. The tools to remove them are free.

I do not know enough about rootkits and the removal tools that I feel comfortable telling you how to clean them, but I have removed several from the computers at work.
This is the right answer. You can also try Malwarecrypt.com. The guy there will walk you through, step-by-step. It is a long process (takes about a week), and pretty involved. IT professionals, as I understand it, don't go this route. They just reinstall the operating system. If that's an option, consider it, because it'll probably be faster.

Oh, and I'm told that the Chrome browser is actually more effective at preventing this kind of infection in the first place.

Your ISP is most likely to blame.

You are so wrong it is not even funny.

I would be willing to bet that you have a google redirector rootkit. I seriously doubt it's your ISP.

Seconded

Here is a direct download link to a rootkit killer that should get most of the common ones.

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Seconded

Here is a direct download link to a rootkit killer that should get most of the common ones.

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

I shall try this ASAP.

Many thanks

IT professionals, as I understand it, don't go this route. They just reinstall the operating system. If that's an option, consider it, because it'll probably be faster.

Alot of computer guys prefer the OS reload route because its never going to fail, and especially with mass deployed images, it takes just as long to restore an image as even bothering to scan for viruses.

I work in small business support where "just nuke and reload" is often not the easy option. since reloading software and recreating things like file and printer shares for applications shared to 2-3 machines can turn into an all day project vs an hour or two if it can be cleaned in place.

Seconded

Here is a direct download link to a rootkit killer that should get most of the common ones.

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Nothing.

Can't even find the problem.

A bust.

I had the same problem last week. The problem was only in Firefox with Google. IE was ok. I used IE to google for "google redirect virus" and basically everyone has a very hard time getting rid of it. I used a variety of utilities, then finally STOPZilla worked. (It is $10 for one year.) I'm not sure whether it worked in combination with the other stuff I was doing, or just by itself. Use IE, go to Google and search for "google redirect virus" and you'll find a big variety of things people have tried.
Got a direct link to Stopzilla?

I suspect The Niply Elder is correct, at least if you have an American ISP. A couple weeks ago a research project released its findings that there is widespread hijacking of search traffic by American ISPs. You can read a report from the Electronic Frontier Foundation on the matter (https://www.eff.org/deeplinks/2011/07/widespread-search-hijacking-in-the-us).

Notably missing from the list are all the common players, AT&T, Comcast, Time Warner, Covad, Verizon...

These few companies represent around 95% of the internet users in the country, so most of the places who are doing this are small fringe outfits desperate to make a couple extra bucks.

stopzilla download.

http://www.stopzilla.com/products/stopzilla/spywareremover-mov.do?aid=10642&cid=stopzilla&gclid=CMjdkprK1qoCFSY0QgodwmaO8A

Have you tried using the rootkit killer in AVG? AVG has its own rootkit scanner that you have to run separately, its not part of the normal scanner.

I find it extremely hard to believe that any reputable ISP would do this.According to an article in the New Scientist (http://www.newscientist.com/article/dn20768-us-internet-providers-hijacking-users-search-queries.html), the following ISPs are currently or were recently hijacking their customers' search traffic:
Cavalier
Charter
Cincinnati Bell
Cogent
Frontier
Hughes
IBBS
Insight Broadband
Iowa Telecom
Megapath
Paetec
RCN
Wide Open West
XO CommunicationI don't know how reputable they are, but together they have several million subscribers.

There is a comment to a PC Mag article about a Google redirect virus removal tool. I have not tried it and know nothing about it, just FYI.
http://fixredirectvirus.org/?hop=dineshktl

I would be willing to bet that you have a google redirector rootkit. I seriously doubt it's your ISP.

Malwarebytes, hijackthis, and most virus scanners won't touch it.

Go to bleepingcomputers.com forum, make an account (it's free), and ask for help.

Be forewarned, you must be patient, and the steps can be rather involved, but they will fix it. The tools to remove them are free.

I do not know enough about rootkits and the removal tools that I feel comfortable telling you how to clean them, but I have removed several from the computers at work.

Based on your knowledge levels, you really just need to do this. I sat down trying to describe what I would do, and I realized that, at several points, you might run into problems. These guys will have the patience to walk you through them.

http://www.malwarebytes.org/

GGGOOOOOAAAAAAALLL!!
Malwarebytes for the win!!!!

There is a comment to a PC Mag article about a Google redirect virus removal tool. I have not tried it and know nothing about it, just FYI.
http://fixredirectvirus.org/?hop=dineshktl $29, and it is just a collection of instructions for existing using tools like MalwareBytes, HitmanPro and Combofix.

I had the problem with Firefox and never managed to fix it. I'm using Seamonkey now.

Could I be directed to an English-language site, please?

I can read a little German, but I'd prefer more certainty.
That is an English-language link, FWIW.

I fixed a friend's computer with a virus which did the google redirect. It was nasty. Every time I cleaned it off it came back. Tried multiple virus scanners, malware cleaners, and rootkit checkers. Each time they removed it but it came back each time. It turns out it was also in the boot record. I think I used tdsskiller to get rid of it there and that did the trick. It was something like this:

-Do a full scan with avast
-Do a full scan with malwarebytes
-Run tdsskiller
-Reboot


Good luck! If tdsskiller didn't work I was just going to reinstall the computer as I had tried everything else. If you do reinstall, either get a new disk or do a full wipe of the disk including the boot record. If you don't wipe the boot record you risk the virus coming back after reinstall.

Malwarebytes download:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

I think you could probably use Hijack This! but it takes a bit of experience to interpret the results and you could hose something if you're not careful.
There are, however, several sites where you can post logs from HijackThis etc. and people will help you debug the thing. I worked with someone at one of the MalwareBytes forums; the sticky here at the SDMB has some other suggestions. The folks there will work with you on running ComboFix and other cleanup tools.

One of the things he asked was whether we were getting redirects ( we were not, as it hapened). It turned out we had a rootkit hiding under my daughter's user. Probably from a bad ad or something on some site she went to. Thankfully, she didn't have admin rights, so the damage was limited.

For the record, MalwareBytes and AVG both failed to find the rootkit.

GGGOOOOOAAAAAAALLL!!
Malwarebytes for the win!!!!

Oh. I thought you already tried that one.

Still, you need to go through and rescan with all your other tools to make sure there are no nasties left that the rootkit was hiding from you.