When clicking through on the results from a Google search, my browser is getting hijacked. It will jump to the correct page, but then immediately redirect to some crappy “search” site. Hitting the “back” button on the browser will send me to the page I want, so it’s not like it’s the end of the world, but it’s damn annoying. (This happens in both IE and Firefox.)
So far I’ve:[ul]
[li]run Ad-Aware (then downloaded the newest definition files and rerun the scan)[/li][li]run Spybot Search & Destroy (with the newest definition files)[/li][li]run a McAfee virus scan[/li][li]downloaded AVG and run a scan with that (because I was getting sick of McAfee anyway)[/li][li]run the Kaspersky online scanner (suggested in this thread)[/li][li]downloaded and run Microsoft malicious software removal tool[/ul][/li]
Spybot found one potential thing, which I deleted. AVG found another, which I deleted. Kaspersky found another, which I deleted. The others didn’t find anything important. However, the malware is still there.
You most likely will need another non-infected computer to download updates for your AV and spyware removal tools, or to download new ones (such as malwarebytes). Many versions of this nasty are specifically blocking access to updaters and anti-malware sites.
If you can’t get the programs mentioned using the links provided, and don’t have another computer with which to get them, PM me and I’ll send you some alternate links.
Just be careful you are not infected with thelatest permutation of the Virut trojan; look in your task manager for a process named “reader_s”. It infects dozens of legitimate Windows .exe files, and if you run MalwareBytes, it may remove them, rendering your computer unbootable. I’ve had this happen once already. Be sure to back everything up before you attempt to remove this nasty. So far, I have not located a scanner that will remove it safely. The recommended action is, nuke and pave.
Great idea. Tried it, did a full system scan, and it found some “My Web Search” thing. That sounded promising, but I removed it, and my browser is still being hijacked. Scanned again, found nothing, still hijacked. So… ultimately not the answer.
Oops. Forgot to say in the OP that I did that, too. There was nothing in the logfile that wasn’t there two months ago last time I ran HJT. So not that either.
This doesn’t seem to be the case. I downloaded AVG, MalwareBytes, the MS malware program, and Kaspersky without any trouble, and without any problem accessing their sites.
Yikes! No “reader_s” luckily.
A little more info: this is apparently tied to IP 188.8.131.52, as I get a brief “waiting for 184.108.40.206/x/?..etc etc” in the status bar while the redirect is establishing itself. Dnnno if this is meaningful.
I had the problem once, it sent me to a fake google.com (looked like google, not google, wouldn’t let me go many other places).
I had to go search through my AIM logs to figure out how I fixed it, it was with hijack this.
Apparently it was spread over AIM, actually, because as soon as I started talking to someone on AIM about what the hell was going on (asked them to look at a few random websites like CNN and the like to see if they were getting the same problem) they were able to see those sites for a minute or two then they got the problem too. Eventually, from my AIM logs, it looks like I used hijackthis and recommended it to them as well.
This happened to me recently and it was pretty annoying. No anti-malware/anti-virus program fixed the problem. Finally I did a system restore from a previous state and that fixed the problem. (Start->Programs->Accessories->System Tools->System Restore)
Some bad stuff going around. A cow-orker just had me look over his laptop. The bastage tricked him into installing it by claiming it was a firefox update. Never could ID it. It somehow blocked malwarebytes from installing. It also locked out sytem restores. It is a company laptop, so I’ll let our IT guy mess with it…he’s really good, and it wouldn’t be good for me to be the one that made things worse.
I have had the same problem for a few weeks, and two days ago I downloaded GooredFix.exe. I have not had the problem for the last few days.
Here is this thread about what to do. Basically I just ran option 2 based on some other thread’s recommendation to do so.
However, please feel free to google GooredFix.exe and decide for yourself; I am not sure if 2 days of no problems is enough to say it is fixed, and I am most decidedly an amateur in this. I basically eventually found it by googling phrases like “google searches redirect to Topica”, etc. I did have Virtumonde last month (which should tell you how amateurish I am at protecting my computer), which seems to have caused this recently.
ETA: it was fixed after doing option 2 - I did nothing after that point.