[Andy69]

Grr, this thing is driving me nuts. It hijacks the links in a Google search and redirects the browser to random websites. I've run McAfee and a few other spyware programs but it persists. CWShredder didn't touch it either. Any ideas? This is on XP, and occurs in IE, Firefox, and Safari.

[Dean]

Have you tried HijackThis?
http://download.cnet.com/Trend-Micro...-10227353.html

[Andy69]

yeah, I ran that, but it just gives me a list of running processes. I'm not expert enough to tell which one is the baddy.

[Xtreme70SS396]

Use malwarebytes antimalware from malwarebytes.org to get rid of it.

Internet explorer won't take you there, though - download firefox first and use firefox instead until you get it cleaned up. My guess is you'll like firefox better and keep using it, too....

[DaleM]

Quote:

Originally Posted by Xtreme70SS396

Use malwarebytes antimalware from malwarebytes.org to get rid of it.

Internet explorer won't take you there, though - download firefox first and use firefox instead until you get it cleaned up. My guess is you'll like firefox better and keep using it, too....

As Andy stated in his question it's happening with IE, Firefox, and Safari. So downloading Firefox isn't a cureall for browser ills, never has been. Why wouldn't Internet Explorer get you there? My Internet Explorer gets me there just fine. Just love it when someone jumps at a chance to bash IE for no legitimate reason.

Quote:

Originally Posted by Andy69

Grr, this thing is driving me nuts. It hijacks the links in a Google search and redirects the browser to random websites. I've run McAfee and a few other spyware programs but it persists. CWShredder didn't touch it either. Any ideas? This is on XP, and occurs in IE, Firefox, and Safari.

Frustrating isn't it? Kind of like people hijacking threads with nothing pertinent to say about the subject.

It's hard to know exactly what program is causing your problems but it may be a new variant of *coolwebsearch* that deflects programs like CWShredder. I found info on it listed at http://www.majorgeeks.com/download4113.html with a download link to remove it. Again, not knowing exactly what the virus is it could be a long trial-and-error procedure to get rid of it.

A poster on another forum was having the same problem, Google search links being redirected elsewhere and claims to have found a fix at somplace called VundoFix from http://vundofix.atribune.org/. The infected file was ocfrrbc.dll in his system32 folder.

Hope something here gets you in the right direction.

[Xtreme70SS396]

Dale,

I had the same or a similar trojan. IE would not take me there, the trojan redirects you. However, Firefox and Netscape both took me to the correct place because the trojan didn't seem to care about the other browsers or they somehow weren't affected. I wasn't even bashing IE, just stating the fact that it won't take you there. You don't have the trojan, which is why yours works just fine.

I didn't see his note that it occurs on the other browsers also. That tells me it probably changed his DNS settings.

Andy, get to your local area connection, right-click and hit properties. Go to Internet Protocol (TCP/IP) and select properties. There are one or two IP addresses there for "preferred dns settings". Likely the trojan changed these settings - it should either be to "automatically select" (if it is, then this is NOT the problem) or it should be specific settings for your network, depending on how things are set up. If you don't know, your internet service provider should be able to confirm.

Once you get the settings correct, your internet redirect will probably be OK, but it will likely return if you don't get rid of the core trojan/virus - antimalware I mentioned earlier is excellent.

[ChaosEnvy]

Quote:

Originally Posted by Xtreme70SS396

Use malwarebytes antimalware from malwarebytes.org to get rid of it.

As mentioned before, I've seen this problem several times, and Malwarebytes had fixed it.


As for IE vs FIREFOX...

I'm with firefox. I only use IE for windows updates.

I even tried to go back and use IE the other day, and the darn think "experienced and error and had to close" 3 times in a row. This rarely happens with Firefox, and if it ever does, firefox will close, reopen, and take you back where you left off. So if you had 6 tabs open, you'll get all six tabs back.

I also, like that with FIRE fox, if you have several windows open, one of them locks, and you use the task manager to close that window, only that window will close. With IE, you close one with Task Manager, you are closing them all.

Anyhow... MalWarebytes should solve your issue. IF not, grab hijack this and look at the log (or do a find) for the word redirect, or post the log here and I'm sure one the egg heads on here can figure it out.

Big D

[Chicken Coupe]

Quote:

Originally Posted by Andy69

It hijacks the links in a Google search and redirects the browser to random websites.

What kind of random website?

I ask because the way that Google is set up the results of your search could include an "AdWare" page or pages.

An AdWare page is one that is set up to include a vast array of commonly searched "words" and keep you clicking to generate income, not answer your question.

It is not a redirect page. It is not a malware, etc. It is a direct link in the search results. The page will often show up as a rudimentary web page, although they often show up as professionally built sites with good information and with numerous links to the exact or similar "words"

AdWare sites are sites that the publisher sets up "to be searched" by Google. Google returns searches by word match and popularity, so one of these AdWare sites that gets a lot of traffic will show up high in the ranks. High ranks equal "good info" in a Google search, even though it's not.

When you click on an AdWare page, Google pays them. If you click another link, Google pays them again, and again, and again...every time you click on a link within the site.

Why? Because the AdWare page fools Google into believing that it provides a direct link to the site you were hoping to get to.

Who pays for it? The site that is a paid advertiser.

A good AdWare page can generate $100K a month in revenue, at .001 of a cent at a time.

Google's analytics seek out those AdWare pages and blocks them... eventually.

Unfortunately their owners can resurrect them in short order.

What you can do.

Don't use Google
Read the link before you click.
If you arrive at a generic or B/S page go back

[Chicken Coupe]

Found another possible source of your problem.

Java applets embedded in websites.

Seems there was a security issue, a short while back, with Java. It allowed a Java based applet to be embedded into a website that would auto-run.

It could cause a redirect or run other apps on your computer.

If you visited a website with an embedded app, it would run. Once you left that website it would not leave any trace.

To fix, install the latest version of JAVA, which eliminates the issue. The Windows version was published a short while back and the Mac version was just added.

http://support.apple.com/kb/HT3581 (via software update)

http://www.java.com/en/download/manual.jsp

[Brob]

Information only. This WEB Blog by Chris Stone gives you a good idea what it can take to get rid of a virus. he goes into great detail in his blog on the right side of his home page.

www.stonetechservices.com

[darrell69]

Any help!!! Has anybody found the problem for this? Have run norton 360, malware, spybot, adaware,window washer, update java, checked ip settings(dial-up).

[Brob]

Darrell, you didn't say what the problem is.

[darrell69]

My browser gets redirected after I do a google search and click on a link.

[Mike]

And which browser would that be ?
Might help if you posted just what causes this.
What search parameters and what link does the redirect.