Google Re-Direction?

[teamhex]

Being an IT professional I assume what im seeing is mal-ware related. However im getting it on tons of computers I use and I have run Mal-Ware bytes and Combo Fix. Is this normal? Is Google purposefully redirecting people now to ad related sites when they attempt to click a normal link? It seems to work fine if you go back and click the link a second time. If this is the case ill be changing my search provider, but im just a bit curious on this one.

 

[jamesd1981]

no i use google as my homepage and search provider and have had no problems, just check in the browsers options that the homepage is set to www.google.co.uk

 

[Nanobyte]

I have not noticed anything like you describe (although Google is always looking for innovative ways to earn more money!).

 

[teamhex]

I think ill just go ahead and get a virus scanning program.
Its very possible those programs aren't catching it.
Thanks guys.

 

[Nanobyte]

I think ill just go ahead and get a virus scanning program.....

I kind of assumed you had one, being a pro and all?!

You could try an online scan too. I occasionally use Bit Defender's but there are many others.

You should post a HiJackThis scan log in the forum for those better-informed to peruse.

 

[johnb35]

It doen't matter what virus program you have, its just a matter of when you are gonna get infected. The google redirects are the most common, most likely caused by the tdss rootkit.

 

[teamhex]

I kind of assumed you had one, being a pro and all?!

You could try an online scan too. I occasionally use Bit Defender's but there are many others.

You should post a HiJackThis scan log in the forum for those better-informed to peruse.

I dont use them because I know where im going online(must have been a flash drive, which I rarely use btw).
Even if I am infected with this one tiny virus its not that big of a deal. It really is just an annoyance thing.

I've gone without using one for 5 years and have had no issues, especially now that im up to Windows 7. I do normally run a scan once a year or so, but I never come up with anything. I also run Mal-ware Bytes and Combofix which normally gets browser Hi-jackers and various Mal-ware.
Iv removed countless root kits at work with Combo-Fix, so I figure if it doesn't catch it then there's nothing there.

 

[johnb35]

I also run Mal-ware Bytes and Combofix which normally gets browser Hi-jackers and various Mal-ware.
Iv removed countless root kits at work with Combo-Fix, so I figure if it doesn't catch it then there's nothing there.

There are some rootkits which it can't remove. Like the one in this current log of a user here on cf.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST9160310AS rev.0303 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x86C47EC5]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85c5f872; SUB DWORD [EBP-0x4], 0x85c5f12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86D05AB8]
3 CLASSPNP[0xF7571FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86CD7E50]
5 PCTCore[0xF7244099] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006a[0x86CD93B8]
7 ACPI[0xF72F0620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86CAFD98]
[0x86B42538] -> IRP_MJ_CREATE -> 0x86C47EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST9160310AS___________________________ __0303____#5&18f624a4&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86C47AEA
user & kernel MBR OK
sectors 312581806 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

You always have to look at that section of the log. This is when you run tdss killer.

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

 

[Nanobyte]

Note that if you are using the free version of Malwarebytes, it does not provide realtime protection.