Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Redirection on search result links

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Internet Redirection on search result links

Unread postby askey127 » April 21st, 2010, 6:55 am

Marino,
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it. Give permissions if asked.
  • Copy the contents of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Main
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects  /s 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins  /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search  /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar  /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: Internet Redirection on search result links

Unread postby Marino » April 21st, 2010, 10:44 am

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 10:43 on 21/04/2010 by Owner (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Main]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
"NoExplorer"= 0x0000000001 (1)
@="Search Helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
"NoExplorer"= 0x0000000001 (1)
@="JQSIEStartDetectorImpl"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\MIME]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\PluginsPage]
@="http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\PluginsPageFriendlyName]
@="Microsoft ActiveX Gallery"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"Default_Search_URL"="http://www.google.com/ie"
"SearchAssistant"="http://www.google.com/ie"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=00 (REG_BINARY)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
(Unable to open key - key not found)

-=End Of File=-
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 21st, 2010, 12:39 pm

Marino,
------------------------------------------------------------
Run a Script using OTM
  • Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Do NOT copy the word "Code" :
Code: Select all
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL

  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next Reply.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.
Note: the logs are saved in C:\_OTM\MovedFiles\ if you need to retrieve one.
Please post the log, then Reboot and tell me if your redirects have changed for the better.

This instruction edited - askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Redirection on search result links

Unread postby Marino » April 21st, 2010, 1:06 pm

Hi,

Its been running for 45 minutes now. Task manager says it is not responding.
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 21st, 2010, 1:22 pm

Please stop it.
Then re-read the code box, reload it and try running it again.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Redirection on search result links

Unread postby Marino » April 21st, 2010, 1:31 pm

I did and I even rebooted the system. OTM just sits there with "sand watch" . I can only "X" it. My laptop otherwise runs ok as well as the other programs if I try. I even tried it without running Internet.

I need to go out now and I'll be back in 3-4 hours. Thanks for your help and time !
Marino
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 21st, 2010, 4:10 pm

Marino,
Let's be sure that Registry key is correct.
First a safety measure.
------------------------------------------------------------
Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, since you have Vista, right click ERUNT.exe and choose "Run as administrator"
  • OK all the prompts to back up your registry to the default location.
Note: If you ever need to restore your registry later, you would go to the default backup folder and start ERDNT.exe
(The default backup folder is C:\Windows\ERDNT\ and the backups are saved according to date stamp)
-----------------------------------------------------------
Copy/Paste/Run a Registry Edit
Copy/paste the contents of the following code box into a new notepad document (don't copy the word "Code"):
Code: Select all
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"CustomizeSearch"=-
"SearchAssistant"=-


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save it as File Type All Files (not as a Text document, or it won't work).
Save it to your Desktop as fixme.reg
Double click fixme.reg on your Desktop, and merge it into the registry and/or give permissions when asked.
Reboot Windows.
If everything looks good, we can do some cleanup and we will be done.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Redirection on search result links

Unread postby Marino » April 21st, 2010, 7:58 pm

All done..ready to go.
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 21st, 2010, 9:27 pm

Marino,
You can delete SystemLook, OTM, Gmer, and RSIT from your desktop.

I would seriously consider adding the Mvps HOSTS file to your machine.
It basically provides a "short circuit" for connections to tens of thousands of dangerous and malicious websites
You can read about it and get instructions for installing on Vista here:
http://www.mvps.org/winhelp2002/hosts.htm
It requires that you disable the DNS Client Service first, then find a way to copy
the HOSTS file to this folder: C:\Windows\System32\Drivers\etc\
Vista tries to make it a bit difficult, because malware would like to install a HOSTS file of their own.
-----------------------------------------------------------
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.

I would most strongly recommend you stay away from any Peer-to-Peer file sharing programs, like Limewire, Vuze, Azureus, utorrent. The shared files out there are loaded with planted malware ready to wreck your machine.

I would keep Malwarebytes' Anti-Malware and do the update and scan every week or so.
You won't need Ad-Aware or other Spyware scanners.

You should be good to go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Redirection on search result links

Unread postby Marino » April 21st, 2010, 9:40 pm

I think I was not clear in my last message. I thought that you were going to suggest a registry cleanup so I was waiting for further instructions.
I still have a problem and redirections were nor resolved. Sorry if I was not clear.

Waiting for further instructions..thanks
Marino
P.S. By the way I have Windows XP ( and not Vista )

1 hour later:
I've been playing with Google results for 15-20 minutes and I think I have not been redirected. This would indicate contrary to what I said above but I am a bit puzzled because I thought for sure I was redirected the first time I tried it after reboot (?!).
In the light of me having XP instead of Vista please advice if I should follow your instructions as is.

Thanks for the help and your time. I understand that you won't close this session for another 3 days and I will give you my feedback on how things are going on.

Best regards
Marino
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 22nd, 2010, 6:45 am

Marino,
Let me Reload that entire previous instruction, to make it easier and avoid any error messages.

Let's be sure that Registry key is correct.
First a safety measure.
------------------------------------------------------------
Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Double-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double click ERUNT.exe
  • OK all the prompts to back up your registry to the default location.
Note: If you ever need to restore your registry later, you would go to the default backup folder and start ERDNT.exe
(The default backup folder is C:\Windows\ERDNT\ and the backups are saved according to date stamp)
-----------------------------------------------------------
Copy/Paste/Run a Registry Edit
Copy/paste the contents of the following code box into a new notepad document (don't copy the word "Code"):
Code: Select all
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"CustomizeSearch"=-
"SearchAssistant"=-

Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save it as File Type All Files (not as a Text document, or it won't work).
Save it to your Desktop as fixme.reg
Double click fixme.reg on your Desktop, and merge it into the registry when asked.
Reboot Windows.
-----------------------------------------------------------
REBOOT(RESTART) Your Machine
-----------------------------------------------------------
Go to Start, Run and type cmd
At the cursor in the command window, type ipconfig /flushdns and hit <enter>
Type "exit" to close the window.
This should remove any "memorized" redirect sites.
-----------------------------------------------------------
Replace the Current HOSTS File with MVPs
Download HostsXpert and unzip (extract) it to your computer, somewhere where you can find it.
  • Double click on HostsXpert.exe to launch the program. Give whatever Permissions are required.
  • In the bottom half of the left pane, click on File Handling
  • If the first button at the top is labeled Make Writeable?, click on it so the label changes to Make Read Only
  • Click third button from the bottom, labeled Download. A couple new buttons will appear at the top.
  • Click on the top button labeled MVPs Hosts and choose Replace
  • When asked to verify if you want to Replace present Hosts file, click OK.
  • When it finishes , click on File Handling again.
  • Click the button at the top labeled Make Read Only, so the label changes to Make Writeable?
  • Hit the X in the upper right corner to exit HostsXpert
If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Let me know how it goes.
Once the redirects are taken care of, you will absolutely need to get Windows XP Service Pack 3.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Redirection on search result links

Unread postby Marino » April 22nd, 2010, 8:12 am

I did all as per your instructions.

I got a message "DSNClient is running and should be disabled...". I clicked OK to proceed anyway.
At the end a HostsXpert.ini file was created.

I have not tried redirections again and am waiting for further instructions before I do.

re: Service Pack 3
I tried to upgrade once but was prevented for some reason I do not remember now. When we're done can you just tell how to upgrade to Service Pack 3 ?

Thanks
Marino
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 22nd, 2010, 9:44 am

If you don't disable the service, the ensuing bootups could take a long time:
---------------------------------------------------------------
Disable DNS Client Service
From Start, or Start, Run type services.msc in the box and hit <Enter>
Give permission to continue if necessary.
Scroll down to DNS Client on the list, Right Click it and choose Properties.
Under Service Status, click Stop. Under Startup Type, choose Disabled.
Then click Apply, OK

Go to Control Panel, Security Center and see that Automatic updates is ON.
Microsoft can help if you can't get SP3.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Redirection on search result links

Unread postby Marino » April 22nd, 2010, 10:06 am

Ok all done..

what do you want me to do next ?
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 22nd, 2010, 12:54 pm

Marino
Check for redirects and report back what you see, if you please.
-----------------------------------------------------------
Download and Run a Diagnostic Tool (MGADiag.exe) from here and save this to your desktop.
http://go.microsoft.com/fwlink/?linkid=56062
* Double-click on MGADiag.exe
* When the program has finished, click on the Validation tab and then click on Copy to Clipboard.
* Please post the results in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware