Search engine hijack malware

Gorath · September 9, 2010

It seems I've caught some malware on my PC a day or two ago. No idea where I got it.

All traffic to google and at least all searches through the other big search engines is routed through the sites "searchingandclick58 dot com" and "checkingassociateeditor dot com".

The biggest negative impact is that ALL google traffic is redirected. This includes the site traffic tools. On many pages it takes 20 seconds until the page actually starts to load.

I could use some help to get rid of it. I don't feel safe doing anything meaningful as long as this virus is active.

GothicGothicness · September 9, 2010

Did you try the standard programs like Adaware? or spybot? they are ussually good at this sort of thing, also Avast has a boot-up time cleaner which can handle some of the nastier nasties.

GhanBuriGhan · September 9, 2010

Probably one of this class of viruses?:
http://www.2-viruses.com/how-to-fix...&frame=f38e5b3fc4aa0ca&result=xxRESULTTOKENxx

Gorath · September 9, 2010

Thanks guys!

GhanBuriGhan said:
Probably one of this class of viruses?:
http://www.2-viruses.com/how-to-fix...&frame=f38e5b3fc4aa0ca&result=xxRESULTTOKENxx

Seems like it was something like that. I only found a dozen entries in the hosts file. After deleting those the problem seems to be fixed. I'll let the programs mentioned on that page run a scan, just to be sure.
I've used Malwarebytes and Spybot earlier today. Both found nothing relevant.

hishadow · September 10, 2010

Run Autoruns and see what you get. It'll list all programs/services installed and running on startup, or integrated into Windows like Internet Explorer addons etc. I've used it several times to remove crap on friends computers. It also filters (by default) away all Microsoft programs.

Lucky Day · September 10, 2010

I think its called Google Instant. Its the same thing that called my favourite news.

Korplem · September 11, 2010

Yeah, I actually just got the same thing a few days ago... It kept redirecting me to myspace pages or the wikimedia homepage. Annoying.

Gorath · September 12, 2010

Lucky Day said:
I think its called Google Instant. Its the same thing that called my favourite news.

No, Google Instant is a new service by Google. I bet I'll hate it immediately when I see it.

The thing I had was just a dozen additional entries in the hosts file, it seems. A list of domains with redirections.

hishadow said:
Run Autoruns and see what you get. It'll list all programs/services installed and running on startup, or integrated into Windows like Internet Explorer addons etc. I've used it several times to remove crap on friends computers. It also filters (by default) away all Microsoft programs.

Interesting. I didn't find anything malicious, but several dead entries and stuff I think I don't need. Can I use this tool to disable single entries? I don't think I need Outlook, for example.

Alrik Fassbauer · September 12, 2010

Autoruns ? I think yes. It is the ultimate tool for these tasks, imho.

Windows also comes with a similar (although a bit weaker) tool with the name of MSCONFIG.EXE

bkrueger · September 12, 2010

Gorath said:
Can I use this tool to disable single entries? I don't think I need Outlook, for example.

The disadvantage is, that the entries you choose are only deactivated temporarily, as far as I know.
So it is better to de-install the corresponding software or (if this isn't possible any more) to manually delete the dead registry entry. Some of the Registry Cleaners (i. e. the one coming with Tune Up) also look for dead entries and delete them.

However Outlook may be a special case, since it is not dead in the sense that the target of the entry doesn't exist any more and I don't know if Windows allows to cleanly de-install everything connected to it. So this may be one of the (few) examples, where this deactivation with a tool may make sense. But I would still try to de-install it officially before.

Cm · September 12, 2010

I tried some time ago to delete outlook and even asked MS tech support when I had them on the phone for something else. It won't delete but you can stop it coming on in MSconfig with Wxp in the start opt. I run xp so that is only OS I can speak of.

Alrik Fassbauer · September 16, 2010

Isn't there in the "Add or remove software" -> "systems software" - at the left of the screen - an entry to get rid at least with the outlook that shipped with the system ?

Cm · September 16, 2010

You can get rid of it up to a point, but some of the files are considered part of the OS I guess, not my field of expertise. Anyway, you do the delete but a part will always be there. That is what MS tech guy told me. Not saying that is true, just what they told me.

Lucky Day · September 18, 2010

I used to liek that one in the free software thread. Unfortunately it doesn't fix my Google problem. For that I had to use two links

http://breakingnewsfeeds.com/beta

fixes the news so its not so iPhone friendly

http://www.google.com/webhp?complete=0

fixes the autocomplete bug..at least temporarily. it even gets rid of that annoying Ajax pull menu.

madhatter256 · October 26, 2010

I would recommend you run this:

http://www.avira.com/en/support-download-avira-antivir-rescue-system

You'll need to download it and then burn it onto a CDR. It's a live-CD and if you have a basic realtek 10/100 ethernet card plugged in (or anything realtek), it can download the latest updates and automatically scans all of your hard drives for any malware.

I use it at work all the time and it detects a lot of viruses/trojans.

Afterwards, I would download/run combofix, which will remove nastier things, and in the end I would then run malwarebytes.

Running those programs in that sequence can clean out your system pretty well without having any further issue.

*edit* Finally found a replacement site for the defunct RPGdot.com....

Gorath · October 27, 2010

madhatter256 said:
I would recommend you run this:

http://www.avira.com/en/support-download-avira-antivir-rescue-system

You'll need to download it and then burn it onto a CDR. It's a live-CD and if you have a basic realtek 10/100 ethernet card plugged in (or anything realtek), it can download the latest updates and automatically scans all of your hard drives for any malware.

I use it at work all the time and it detects a lot of viruses/trojans.

Thanks!

My problems are already solved, but I'll bookmark your link for the next time.

*edit* Finally found a replacement site for the defunct RPGdot.com….

Welcome. What took you so long? RPGWatch and RPGDot even overlapped for a couple of weeks, and we left traces for the new site everywhere.

madhatter256 · November 1, 2010

Got busy with school and other things that I totally forgot about it, and then one day - a long time ago - I saw that RPGdot was shut down. I didn't look deep enough to see where the forums "moved" to.

Search engine hijack malware

Gorath

Prime Evil

GothicGothicness

SasqWatch

GhanBuriGhan

Wose extraordinaire

Gorath

Prime Evil

hishadow

Level N+1

Lucky Day

Daywatch

Korplem

Shipwreck

Gorath

Prime Evil

Alrik Fassbauer

TL;DR

bkrueger

Nothing to see here.

Cm

Sentinel of Light

Alrik Fassbauer

TL;DR

Cm

Sentinel of Light

Lucky Day

Daywatch

madhatter256

Traveler

Gorath

Prime Evil

madhatter256

Traveler