Questions

Why is Google search redirecting to spam?

+
0 Votes
Locked

Why is Google search redirecting to spam?

wompai
Hey guys

Okay, I've got a computer with a little bit of a problem: It's search results are redirected to spam. It started of as a kind off innocent problem because you could just press F5 to refresh the page and it would just redirect correctly. Now, the problem got out of hand. When I tried to start AVG to search for the infection, the services couldn't start succesfully. This happened with AVG, but also with Avast! and Avira. Now, it gone so far that I haven't even got internet connection on that pc. I have now got Avira up and running succesfully and it's spamming me the whole time about a malware that's been found, I click 'remove' and moments later it's back. It has not moved at all. Can somebody explain to me what this is and/or what I can do to get rid of it?

Thanks in advance!
  • +
    2 Votes

    then run your Avira, maybe MalwareBytes, and let them clean it up. Once they have
    it cleaned up, then restart in "Normal" mode.

    +
    1 Votes
    robo_dev

    Many of these packages simply laugh in the face of the major AV packages. Malware such as Vundo, and others have a 'watcher process' that automatically downloads and reinstalls if you remove it.

    In some cases you get lucky and Windows System Restore is working....you simply restore to a pre-infection state, and you're done.

    In some cases the MBAM Malware Bytes app can remove these buggers successfully.

    There's a site called 'PCHell' which offers specific malware removal advice.

    What exact malware is being reported by AVG on your PC?

    +
    0 Votes
    markp24

    LOL Robo_dev You beat me by 3 min?? wow this is too funny. i have to try and beat you to the next one.

    +
    1 Votes
    markp24

    I agree with the prior post, you may want to also boot for a TRK (Trinity rescue CD) or UBCD4win and run the scanners from those live cds.

    also check you Internet connection properties under connections make sure there no proxy selected, as well as you hosts and lmhosts files to ensure there are no inappropriate entries (or just delete them as a test)

    +
    1 Votes
    Kenone

    Try TDSSKiller or Unhackme or any reputable online scanner if you can get it back online.

    +
    1 Votes
    srikanthwinsome

    I am facing the same issue. When I click on any link in the search result redirecting to spam websites. It is happening only in Chrome.

    +
    0 Votes
    wompai

    Okay, I tried Malwarebytes, but because I don't have internet connection on that pc it couldn't update the database. Is this enough to make it completely non-responsive?! Because it became completely non-responsive... The mbam.exe won't launch and it's services react really strange when i try to scan my computer. When I install the program (that's right, I reinstalled it a couple of times) it's UI pops up with 3 scan options. When I click ''full scan'' it starts the scan for a few seconds and then it's gone. It's not scanning anymore. What could this possibly be and how can I fix it?

    +
    0 Votes
    mistercrowley

    It is because scammers are now aware of MBAM and are taking steps to ensure that you can't use a tool that can oust their junk on your machine. Safe mode or from a cd-based boot... Look for processes that you don't recognize and search the registry and remove the entry and the files. That is how I removed my first virus - I was running 98 and did not have AV at the time...

    +
    0 Votes
    asotelo

    You need to do it in SAFE mode, otherwise it won't work. One trick that I have used is to go to the malwarebite's folder, find the executable, and rename it something else.exe.

    +
    0 Votes
    agena

    This sort of persistent malware hit my daughters laptop after she foolishly accepted a download from a site to access more free videos. Because I had accidentally left logging enabled on my wifi router I spotted that the PC was accessing one particular site every time it was booted. One month after the first access of this site - while it spread the infection all through the disk - it started doing all sorts of strange things, every google request rerouted, etc. Antivirus had missed it, I think it downloaded a way to evade it. Even installing a new AV - didn't work because on each reboot, it assembled a new trojan from parts scattered across the disk. In the end I had to pop the disk out and plug it into another computer using a USB to SATA adapter - AVG free found it no problem then. To be on the safe side, I also deleted the 1000's of files created / modified in the couple of hours after the original infection. Simply using windows restore might not be enough!

    +
    2 Votes
    Kenone

    Run TDSSKiller, betcha it finds noaccess rootkit, then try running MBAM
    or ignore me I don't care.

    +
    2 Votes
    markp24

    yes i agree with you, tdsskiller ids a good tool, also combofix and others from bleepingcomputer.com are good

    follow this guide also
    http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial


    and still suggest the TRK and ubcd4win boot disks to help remove this issue of yours.

  • +
    2 Votes

    then run your Avira, maybe MalwareBytes, and let them clean it up. Once they have
    it cleaned up, then restart in "Normal" mode.

    +
    1 Votes
    robo_dev

    Many of these packages simply laugh in the face of the major AV packages. Malware such as Vundo, and others have a 'watcher process' that automatically downloads and reinstalls if you remove it.

    In some cases you get lucky and Windows System Restore is working....you simply restore to a pre-infection state, and you're done.

    In some cases the MBAM Malware Bytes app can remove these buggers successfully.

    There's a site called 'PCHell' which offers specific malware removal advice.

    What exact malware is being reported by AVG on your PC?

    +
    0 Votes
    markp24

    LOL Robo_dev You beat me by 3 min?? wow this is too funny. i have to try and beat you to the next one.

    +
    1 Votes
    markp24

    I agree with the prior post, you may want to also boot for a TRK (Trinity rescue CD) or UBCD4win and run the scanners from those live cds.

    also check you Internet connection properties under connections make sure there no proxy selected, as well as you hosts and lmhosts files to ensure there are no inappropriate entries (or just delete them as a test)

    +
    1 Votes
    Kenone

    Try TDSSKiller or Unhackme or any reputable online scanner if you can get it back online.

    +
    1 Votes
    srikanthwinsome

    I am facing the same issue. When I click on any link in the search result redirecting to spam websites. It is happening only in Chrome.

    +
    0 Votes
    wompai

    Okay, I tried Malwarebytes, but because I don't have internet connection on that pc it couldn't update the database. Is this enough to make it completely non-responsive?! Because it became completely non-responsive... The mbam.exe won't launch and it's services react really strange when i try to scan my computer. When I install the program (that's right, I reinstalled it a couple of times) it's UI pops up with 3 scan options. When I click ''full scan'' it starts the scan for a few seconds and then it's gone. It's not scanning anymore. What could this possibly be and how can I fix it?

    +
    0 Votes
    mistercrowley

    It is because scammers are now aware of MBAM and are taking steps to ensure that you can't use a tool that can oust their junk on your machine. Safe mode or from a cd-based boot... Look for processes that you don't recognize and search the registry and remove the entry and the files. That is how I removed my first virus - I was running 98 and did not have AV at the time...

    +
    0 Votes
    asotelo

    You need to do it in SAFE mode, otherwise it won't work. One trick that I have used is to go to the malwarebite's folder, find the executable, and rename it something else.exe.

    +
    0 Votes
    agena

    This sort of persistent malware hit my daughters laptop after she foolishly accepted a download from a site to access more free videos. Because I had accidentally left logging enabled on my wifi router I spotted that the PC was accessing one particular site every time it was booted. One month after the first access of this site - while it spread the infection all through the disk - it started doing all sorts of strange things, every google request rerouted, etc. Antivirus had missed it, I think it downloaded a way to evade it. Even installing a new AV - didn't work because on each reboot, it assembled a new trojan from parts scattered across the disk. In the end I had to pop the disk out and plug it into another computer using a USB to SATA adapter - AVG free found it no problem then. To be on the safe side, I also deleted the 1000's of files created / modified in the couple of hours after the original infection. Simply using windows restore might not be enough!

    +
    2 Votes
    Kenone

    Run TDSSKiller, betcha it finds noaccess rootkit, then try running MBAM
    or ignore me I don't care.

    +
    2 Votes
    markp24

    yes i agree with you, tdsskiller ids a good tool, also combofix and others from bleepingcomputer.com are good

    follow this guide also
    http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial


    and still suggest the TRK and ubcd4win boot disks to help remove this issue of yours.