browser redirecting trojan - Chevelle Tech
Chevelle Tech join team chevelle as a supporting member  
Chevelle Parts at SS396.com      
GROUND UP & SS396.com         
Official Sponsor of Team Chevelle
     

Auto Insurance

Chevelles.com is the premier Chevrolet Chevelle Forum on the internet. Registered Users do not see the above ads.
Bug Hunt Computer related problems
Virus warnings - Technical help.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old Jun 11th, 09, 9:03 AM
Andy69 Andy69 is offline
Senior Tech Team
Mike Oxbig
 
Join Date: Sep 2002
Location: Memphis, TN, USA
Posts: 18,131
Default browser redirecting trojan

Grr, this thing is driving me nuts. It hijacks the links in a Google search and redirects the browser to random websites. I've run McAfee and a few other spyware programs but it persists. CWShredder didn't touch it either. Any ideas? This is on XP, and occurs in IE, Firefox, and Safari.
__________________
Quote:
Originally Posted by jpete, Dean, Derek69SS, hoffbug, rubadub, Grandsport, Thomas Jefferson, 1badss396, MEJ1990TM, and mrdjc99
As usual, Andy is right
If it doesn't fit, force it. If it breaks, it needed to be replaced anyway.

SuperAndy's Garage

B and A Antiques
Reply With Quote Quick reply to this message
Sponsored Links
Advertisement
 
  #2  
Old Jun 11th, 09, 9:18 AM
Dean Dean is offline
Moderator
 
Join Date: Aug 1998
Location: near Kansas City
Posts: 30,622
Default Re: browser redirecting trojan

Have you tried HijackThis?
http://download.cnet.com/Trend-Micro...-10227353.html
__________________
.

Gold member #3
My 69 SS
My 70 Convertible
Mid America Chevelle Club
Reply With Quote Quick reply to this message
  #3  
Old Jun 11th, 09, 10:01 AM
Andy69 Andy69 is offline
Senior Tech Team
Mike Oxbig
 
Join Date: Sep 2002
Location: Memphis, TN, USA
Posts: 18,131
Default Re: browser redirecting trojan

yeah, I ran that, but it just gives me a list of running processes. I'm not expert enough to tell which one is the baddy.
__________________
Quote:
Originally Posted by jpete, Dean, Derek69SS, hoffbug, rubadub, Grandsport, Thomas Jefferson, 1badss396, MEJ1990TM, and mrdjc99
As usual, Andy is right
If it doesn't fit, force it. If it breaks, it needed to be replaced anyway.

SuperAndy's Garage

B and A Antiques
Reply With Quote Quick reply to this message
  #4  
Old Jun 11th, 09, 1:40 PM
Xtreme70SS396 Xtreme70SS396 is offline
Senior Tech Team
Mark
 
Join Date: May 2001
Location: Wheaton, IL USA
Posts: 6,397
Default Re: browser redirecting trojan

Use malwarebytes antimalware from malwarebytes.org to get rid of it.

Internet explorer won't take you there, though - download firefox first and use firefox instead until you get it cleaned up. My guess is you'll like firefox better and keep using it, too....
__________________
Mark

1970 SS396
Lewis Racing Engines (Wolfplace) 489:
634 HP @ 6000rpm
627 Lb-ft @ 4,000rpm

ProSystems SV1
Gear Vendors Overdrive
Moser 12 Bolt
Alumitech Radiator
Pypes Exhaust

Dyno
'70 Chevelle
'70 Chevelle 2
Reply With Quote Quick reply to this message
  #5  
Old Jun 11th, 09, 10:56 PM
DaleM DaleM is offline
Gold Founding Member
Dale
 
Join Date: Aug 1998
Location: Lawton, Oklahoma
Posts: 17,514
Default Re: browser redirecting trojan

Quote:
Originally Posted by Xtreme70SS396 View Post
Use malwarebytes antimalware from malwarebytes.org to get rid of it.

Internet explorer won't take you there, though - download firefox first and use firefox instead until you get it cleaned up. My guess is you'll like firefox better and keep using it, too....
As Andy stated in his question it's happening with IE, Firefox, and Safari. So downloading Firefox isn't a cureall for browser ills, never has been. Why wouldn't Internet Explorer get you there? My Internet Explorer gets me there just fine. Just love it when someone jumps at a chance to bash IE for no legitimate reason.

Quote:
Originally Posted by Andy69 View Post
Grr, this thing is driving me nuts. It hijacks the links in a Google search and redirects the browser to random websites. I've run McAfee and a few other spyware programs but it persists. CWShredder didn't touch it either. Any ideas? This is on XP, and occurs in IE, Firefox, and Safari.
Frustrating isn't it? Kind of like people hijacking threads with nothing pertinent to say about the subject.

It's hard to know exactly what program is causing your problems but it may be a new variant of *coolwebsearch* that deflects programs like CWShredder. I found info on it listed at http://www.majorgeeks.com/download4113.html with a download link to remove it. Again, not knowing exactly what the virus is it could be a long trial-and-error procedure to get rid of it.

A poster on another forum was having the same problem, Google search links being redirected elsewhere and claims to have found a fix at somplace called VundoFix from http://vundofix.atribune.org/. The infected file was ocfrrbc.dll in his system32 folder.

Hope something here gets you in the right direction.
__________________
TC Gold #92 ~ August 1998
* I only report what I read. If they're wrong, I'm wrong.
* ChevelleStuff - Decoding info for 64-72
* 1966/1967 Chevelle Reference CD
* Chevelle, HHR, Nomad Registeries
Reply With Quote Quick reply to this message
  #6  
Old Jun 12th, 09, 8:31 AM
Xtreme70SS396 Xtreme70SS396 is offline
Senior Tech Team
Mark
 
Join Date: May 2001
Location: Wheaton, IL USA
Posts: 6,397
Default Re: browser redirecting trojan

Dale,

I had the same or a similar trojan. IE would not take me there, the trojan redirects you. However, Firefox and Netscape both took me to the correct place because the trojan didn't seem to care about the other browsers or they somehow weren't affected. I wasn't even bashing IE, just stating the fact that it won't take you there. You don't have the trojan, which is why yours works just fine.

I didn't see his note that it occurs on the other browsers also. That tells me it probably changed his DNS settings.

Andy, get to your local area connection, right-click and hit properties. Go to Internet Protocol (TCP/IP) and select properties. There are one or two IP addresses there for "preferred dns settings". Likely the trojan changed these settings - it should either be to "automatically select" (if it is, then this is NOT the problem) or it should be specific settings for your network, depending on how things are set up. If you don't know, your internet service provider should be able to confirm.

Once you get the settings correct, your internet redirect will probably be OK, but it will likely return if you don't get rid of the core trojan/virus - antimalware I mentioned earlier is excellent.
__________________
Mark

1970 SS396
Lewis Racing Engines (Wolfplace) 489:
634 HP @ 6000rpm
627 Lb-ft @ 4,000rpm

ProSystems SV1
Gear Vendors Overdrive
Moser 12 Bolt
Alumitech Radiator
Pypes Exhaust

Dyno
'70 Chevelle
'70 Chevelle 2
Reply With Quote Quick reply to this message
  #7  
Old Jun 12th, 09, 10:58 AM
ChaosEnvy ChaosEnvy is offline
Senior Tech Team
Big D
 
Join Date: May 2004
Location: Illinois
Posts: 2,618
Default Re: browser redirecting trojan

Quote:
Originally Posted by Xtreme70SS396 View Post
Use malwarebytes antimalware from malwarebytes.org to get rid of it.
As mentioned before, I've seen this problem several times, and Malwarebytes had fixed it.


As for IE vs FIREFOX...

I'm with firefox. I only use IE for windows updates.

I even tried to go back and use IE the other day, and the darn think "experienced and error and had to close" 3 times in a row. This rarely happens with Firefox, and if it ever does, firefox will close, reopen, and take you back where you left off. So if you had 6 tabs open, you'll get all six tabs back.

I also, like that with FIRE fox, if you have several windows open, one of them locks, and you use the task manager to close that window, only that window will close. With IE, you close one with Task Manager, you are closing them all.

Anyhow... MalWarebytes should solve your issue. IF not, grab hijack this and look at the log (or do a find) for the word redirect, or post the log here and I'm sure one the egg heads on here can figure it out.

Big D
Reply With Quote Quick reply to this message
  #8  
Old Jun 12th, 09, 12:36 PM
Chicken Coupe Chicken Coupe is offline
Senior Tech Team
Fred
 
Join Date: Jun 2007
Location: Just a way North of Atlanta
Posts: 2,858
Default Re: browser redirecting trojan

Quote:
Originally Posted by Andy69 View Post
It hijacks the links in a Google search and redirects the browser to random websites.
What kind of random website?

I ask because the way that Google is set up the results of your search could include an "AdWare" page or pages.

An AdWare page is one that is set up to include a vast array of commonly searched "words" and keep you clicking to generate income, not answer your question.

It is not a redirect page. It is not a malware, etc. It is a direct link in the search results. The page will often show up as a rudimentary web page, although they often show up as professionally built sites with good information and with numerous links to the exact or similar "words"

AdWare sites are sites that the publisher sets up "to be searched" by Google. Google returns searches by word match and popularity, so one of these AdWare sites that gets a lot of traffic will show up high in the ranks. High ranks equal "good info" in a Google search, even though it's not.

When you click on an AdWare page, Google pays them. If you click another link, Google pays them again, and again, and again...every time you click on a link within the site.

Why? Because the AdWare page fools Google into believing that it provides a direct link to the site you were hoping to get to.

Who pays for it? The site that is a paid advertiser.

A good AdWare page can generate $100K a month in revenue, at .001 of a cent at a time.

Google's analytics seek out those AdWare pages and blocks them... eventually.

Unfortunately their owners can resurrect them in short order.

What you can do.

Don't use Google
Read the link before you click.
If you arrive at a generic or B/S page go back
Reply With Quote Quick reply to this message
  #9  
Old Jun 16th, 09, 10:32 AM
Chicken Coupe Chicken Coupe is offline
Senior Tech Team
Fred
 
Join Date: Jun 2007
Location: Just a way North of Atlanta
Posts: 2,858
Default Re: browser redirecting trojan

Found another possible source of your problem.

Java applets embedded in websites.

Seems there was a security issue, a short while back, with Java. It allowed a Java based applet to be embedded into a website that would auto-run.

It could cause a redirect or run other apps on your computer.

If you visited a website with an embedded app, it would run. Once you left that website it would not leave any trace.

To fix, install the latest version of JAVA, which eliminates the issue. The Windows version was published a short while back and the Mac version was just added.

http://support.apple.com/kb/HT3581 (via software update)

http://www.java.com/en/download/manual.jsp
Reply With Quote Quick reply to this message
  #10  
Old Jun 17th, 09, 1:25 PM
Brob Brob is offline
Gold Member
Rob
 
Join Date: May 1999
Location: Huntington Beach, CA
Posts: 1,225
Default Re: browser redirecting trojan

Information only. This WEB Blog by Chris Stone gives you a good idea what it can take to get rid of a virus. he goes into great detail in his blog on the right side of his home page.

www.stonetechservices.com
Reply With Quote Quick reply to this message
  #11  
Old Jun 21st, 09, 10:12 PM
darrell69 darrell69 is offline
Tech Team
darrell
 
Join Date: Jan 2008
Location: houston texas
Posts: 32
Default Re: browser redirecting trojan

Any help!!! Has anybody found the problem for this? Have run norton 360, malware, spybot, adaware,window washer, update java, checked ip settings(dial-up).
Reply With Quote Quick reply to this message
  #12  
Old Jun 22nd, 09, 10:32 AM
Brob Brob is offline
Gold Member
Rob
 
Join Date: May 1999
Location: Huntington Beach, CA
Posts: 1,225
Default Re: browser redirecting trojan

Darrell, you didn't say what the problem is.
Reply With Quote Quick reply to this message
  #13  
Old Jun 22nd, 09, 9:16 PM
darrell69 darrell69 is offline
Tech Team
darrell
 
Join Date: Jan 2008
Location: houston texas
Posts: 32
Default Re: browser redirecting trojan

My browser gets redirected after I do a google search and click on a link.
Reply With Quote Quick reply to this message
  #14  
Old Jun 22nd, 09, 9:22 PM
Mike Mike is offline
Lifetime Premium Member
 
Join Date: Apr 2005
Location: North America
Posts: 14,557
Default Re: browser redirecting trojan

And which browser would that be ?
Might help if you posted just what causes this.
What search parameters and what link does the redirect.
Reply With Quote Quick reply to this message
Sponsored Links
Advertisement
 
Reply
Chevelle Tech > Team Chevelle > Bug Hunt      Current Topic: browser redirecting trojan
Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Chevelle Tech forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address. Note, you will be sent a confirmation request to this address.
Email Address:

Log-in

Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 3:05 PM.


Is there a site like this for?    El Caminos Camaros Novas Impalas GTO Chevy Punch All Chevys

2009 Team Chevelle - AutoForums