Announcement

Collapse
No announcement yet.

Search Links Hijacked

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Search Links Hijacked

    Hi there,

    I have a clients computer that used to have some spyware on it that I removed.

    The only two things that is still happening which I can't figure out is this:

    1. When you go to any search engine and search for something, the correct results come up but if you click on the link for that result it 'jump's you to another portal (various different ones) with that type of name in it.

    2. You can go to any webpage but if you want to go to a webpage of an Antivirus software provider e.g. www.symantec.com, www.mcafee.com, etc.. or even a help related site e.g. www.bleepingcomputer.com, etc... it gives you the 'page cannot be displayed' message.

    I am not new to this and deal with these type of things on a day to day basis. I have manually checked the registry for anything that would be causing this. I have used Hijackthis but it is clean. I ran Spybot and SuperAntiSpyware in regular mode and safe mode. I ran the Avast antivirus software they had on the laptop in safe mode which also came up clean. I ran SmitFraudFix and a bunch of other small programs but they all came up clean. I also tried running ComboFix but it will not run.

    Any help would be appreciated.

    Thanks

    Sruli

  • #2
    Re: Search Links Hijacked

    Check your hosts and lmhosts file.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Search Links Hijacked

      All clean.

      The only entry is 127.0.0.1 localhost.

      Comment


      • #4
        Re: Search Links Hijacked

        What kind of spyware was there in the first place?
        Have you tried rootkit revealer?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Search Links Hijacked

          Yep that was it!!!

          Thanks.

          Rootkit revealer found some files referencing tdss*.* which are noted as trojans in various sites.

          I then used Malwarebytes Anti-Malware to clear them and various rootkit registry settings.

          After that everything worked fine. I ran combofix just as an afterthought and it was more or less clean.

          Thanks a bunch.

          Sruli

          Comment

          Working...
          X