PDA

View Full Version : O.T. Computer Help?



japcas
01-29-2010, 11:25 AM
Hey guys. I have a problem that just started with my computer the other day. When I go to google or Yahoo search engine and search for something, when I click on the link I want the browser gets redirected to some kind of sales site. I can click on the back button and click the exact same link and it will usually go to the right site. But it don't always go to the same sales link. I have ran my avg and spybot and CCleaner but neither of them have helped. Can any of you guys recommend something affordable or free is even better that can scan this thing and try to find out what is doing it and then repair it? I can still use the computer but it is getting annoying when I am searching for something.

cuemaker
01-29-2010, 11:33 AM
http://www.malwarebytes.org/... very good free program that should be apart of your arsenal...

Otherwise, there is probably a more specific answer to your problem..

Fasttrack
01-29-2010, 11:37 AM
Try MalewarebBytes Anti-Malware. You have a "google redirect" problem and some of them can be quite nasty to remove.

If you are unable to install or execute MalewareBytes let us know. There was a particularly nasty bug out there that infected the windows security update center. I think it was called "Malware Defense" and it was a rogue "anti-spyware" software that would infect your computer and then try to get you buy the software to remove it. A kid down the hall got it and it took me a good 3 hours to figure out how to remove it! Had to write a script to kill some processes and then manually delete a bunch of registry entries and files from the terminal window. :eek:

Evan
01-29-2010, 11:41 AM
http://superantispyware.com


A kid down the hall got it and it took me a good 3 hours to figure out how to remove it! Had to write a script to kill some processes and then manually delete a bunch of registry entries and files from the terminal window.

I take it he didn't know about the SysInternals tools. Microsoft owns them now but they aren't MS software. They turned some white hat hackers to the dark side with heaping wads of money but the hackers managed to keep some autonomy while living in the same house as the emperor. Amazing but true.

http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

MotorradMike
01-29-2010, 02:53 PM
Since nobody has mentioned this:

You might want to look for and download anti-malware from an uninfected machine.

It took me a while to figure that out. Lots of malware knows where you will be looking and redirects you to look-alike sites that don't help.

Mike

japcas
01-29-2010, 09:14 PM
Well, I've downloaded and installed both of the programs that were suggested and it is still going to those ad sites. I went to google a minute ago and typed in home shop machinist and when I clicked the link, it even said redirected on the browser tab and went to some yellow pages site. Anybody else have any suggestions?

japcas
01-29-2010, 09:18 PM
I just typed Bridgestone tire in my google link in the upper right corner of Explorer. When I clicked on the link this is where it took me.

http://www.juggle.com/search/?t=V470255&q=bridgestone+tires&cid=D1AAA4A9%2D107D%2D4C98%2DA907%2D4E734F830ACF

With this info can you tell me where it is taking me?


I typed msc industrial supply and it took me here.

http://www.alltheautomotive.com/search-results.aspx?keywords=industrial+supply

This is really annoying.

aboard_epsilon
01-29-2010, 09:32 PM
go to start... then run

type in msconfig... press enter ..system configeration utility box will come up

then go to services and start up tabs..and look whats ticked ..

you can probably ignore all the microsoft ones

and look at the others

any ones that look suspect
type in the name in google ..(keep google up)

google search will tell you if its malware or whatever

if it is ....untick the box that is relevant to it

apply... do a restart .and it they/it will not be running when your comp is back up

a reminder box will come up to remind you that you've altered it .

you can tick this reminder box so it doesn't appear every time you start your computer

this does not remove the infection .but turns it off .

it will keep you on top for a good while

you then have time to go and find a way of removing it.

all the best.markj

MTNGUN
01-29-2010, 10:10 PM
I just typed Bridgestone tire in my google link in the upper right corner of Explorer.
You mean the Explorer browser is not secure ??? Windoze and Exploder allowed malware to take control of your PC ???

japcas
01-29-2010, 10:13 PM
You mean the Explorer browser is not secure ??? Windoze and Exploder allowed malware to take control of your PC ???

Yes I mean Internet Explorer. I've been searching a little for redirect viruses but I've still not really came up with anything. I was hoping some of the software would remove it because I'm not familiar with all of these program names in the startup and services tabs under system configuration.

kc5ezc
01-29-2010, 10:22 PM
Thanks Evan for the url to the complete sysinternals suite.
I have learned more from using a few of those tools and reading Mark Russinovich's blog than I thought possible.
Highly recommended.

aboard_epsilon
01-29-2010, 10:29 PM
Yes I mean Internet Explorer. I've been searching a little for redirect viruses but I've still not really came up with anything. I was hoping some of the software would remove it because I'm not familiar with all of these program names in the startup and services tabs under system configuration.

nor am i

that's why you look for them in google

bet there is one in there called "HOTBAR".......if there is turn it off .

all the best.markj

Highpower
01-29-2010, 11:08 PM
Have you tried booting into safe mode, and then running your Anti-Malware scan?

spope14
01-29-2010, 11:44 PM
Bad news, Good news, I hope. First, good news- if you are running XP or better, you can fix this. Bad News, Malware Bytes and all will not helop you.

Been there done this, run my own network at school - 18 computers soon to be 25. Six at home on my own home network. This stuff happens when students get on game sites ot proxy servers to go around the network safe guards, and i rip their heads off (figuratively, now I just throw them off computers and give them to the principles office and the ogre IT admin. he is a beast, I love him!).

Malware Bytes and such will remove it for that run time, the next time you boot up, the song remains the same, the system is corrupted by the virus. In other words, turn things off, tuen them back on, you have a headache. These programs claim a lot, but in the end remove the known variations of a program, the .exe files, whatever the known .dll files are, and the known regostry files are. The problem is - what you have self replicates almost randomly and adds (1)'S AND SUCH TO FILE NAMES or adds a digit to a registry entry, MAKING ANY ATTEMPTS BY THESE "FREEWARES" IMPOSSIBLE. Malware Bytes in safe mode is not effective, it still piks up only the "knowns". been there, tried to defend my hypothesis for three weeks of recurring problems, tried the updates last year, finally had to give way to my net admin. who taught me and showed me the "light". It is the "SELF REPLICATING" and changing file names that are the bugger.

Good news. If you are in XP or Vista of Windows 7, you can do a system restore to a previous date to get things right. Think back to when you first had the problem. You then go into safe mode by pressing f8 at boot up and go without network support - unplug the freaking cable as well!

Go into system restore, and select "to an earlier date". Think back to when hell started, I mean computer hell, not other things, and click that date if it is highlighted or bolded. Do a system restore to that date. Takes time, but I have to tell you, this feature in windows has been priceless to me over the years. You may lose a few files you created in the mean time, but believe it or not, legitimate files like word docs and truly associated files (say MasterCam drawings) with legitimate applications also loaded before the restore date may very well survive.

Many people hate this answer for their own reasons, but it works. The virus files that hijack home pages or search engine pages (one of my computers at school got porn serch engines when google was clicked) work around the "freeware" applications, but are eliminated through system restore.

You do NOT have to do a full restore, just to a previous date, BUT BE AWARE, pick carefully on the date!

My .02 cents worth, freeware internet software is all but worthless when it comes to these things.

Then, BUY NORTON or McAffe - or my most recent favorite BITWARE DEFENDER and keep them on auto update. People hate to hear this as well, but they have removal tools on site. They may be memory hogs, but after three to five days of seeking help otherwise and becoming red in the face, you become a boit more accepting of your fate and the cost.

japcas
01-30-2010, 12:45 AM
Spope, I am running xp home on an Emachine computer that is about 1.5 years old. Does XP make restore points for you or is that something I have to do? I tried doing a system restore on reboot but it wanted me to install my restore disks which I don't have or have never made. I could be doing something wrong though. My hard drive does have a recovery partition but I'm not sure what it does or how to use it. This problem came about probably less than a week ago. No more than 2 weeks tops. One other question, if I don't get this fixed will it get worse or damage more stuff or just continue doing the same annoying stuff.

darryl
01-30-2010, 01:03 AM
I take it you want to continue to use exploder- I ditched that long ago for firefox. Then just around Christmas and new years, I had the same problems you are describing. Switched to google chrome, no problem since.

spope14
01-30-2010, 01:09 AM
There should be a restore to an earlier date option as well as a restore computer. XP should set these dates for you. Some viurses may stop this action, but look for this in your restore panel in the "accessories" menu from the start.

Do NOT use safe mode and boot up in the "black screen" that starts it all in the restore mode, let things boot up in safe mode first all the way

Then, from the "start":

Start - accessories- system tools - system restore. If this is not occuring and the system restore does not ask for an earlier date, then I will have to check things out.

Things should not get worse but for internet explorer use, is this affecting your start up and slowing it down? If all else fails, you may have to get onto the internet somehow and do a download of Firefox, maybe on another computer, storing the program on a thumb drive and installing it from there.
'
Check the system restore to an earlier date first, see if that works.

japcas
01-30-2010, 11:08 AM
I'll try the restore sequence like you describe spope. I can't tell that the computer is taking any longer to reboot than before which is a good thing. And I'd really like to keep using Explorer as I've never had a problem like this before and I know how to use it pretty good. I'll let you know what I find out.

japcas
01-30-2010, 01:41 PM
Still no joy. I've backed it up about 3 weeks and still the same problem. I downloaded firefox on my laptop and saved it to my jumpdrive, can I install Firefox with internet explorer on the same computer or do I need to uninstall internet explorer first? Can I transfer my favorites over to firefox?

MrSleepy
01-30-2010, 02:13 PM
It sounds like your winsock may be infected...

When I clean a computer I use the following to clean any trojans that have injected themselves into in WININET.DLL and associated files..

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

I then use malwarebytes to remove anything else..

Viruses and trojans that inject themselves into the winsock2 can be problematic as when you remove them...theres a good chance that you wount be able to get online without rebuilding it...

If when you run the tool you find that it has indeed wrecked the winsock...Micro$oft have instructions and a tool to rebuild it for you..

http://support.microsoft.com/kb/811259

Download the fix and save the page as a first step..

Rob