Google hacked?


PDA






Sylvan-Forge
February 6, 2009, 04:53 PM
For any given Google search, the following are listed as addresses under each search link:

security-antivirus.com
scanvirus.us
couponmountain.com
monstermarketplace.com

etc.

Or maybe I'm infected? :eek:
Could someone check google and let me know? :o

.

Seems the misdirects are only for the first page of Google search, 2nd page and on seem ok.

.

If you enjoyed reading about "Google hacked?" here in TheHighRoad.org archive, you'll LOVE our community. Come join TheHighRoad.org today for the full version!
Mal H
February 6, 2009, 05:04 PM
I checked and a Google search seems to be working normally.

I highly suspect that you have picked up a marketing implant from some site you have recently visited. You should run Spybot (http://www.safer-networking.org/en/index.html) or a similar search and destroy application asap.

Sylvan-Forge
February 6, 2009, 05:11 PM
Mal H, thank you much.
I'll go grab that spybot now.

:)

.

Jorg Nysgerrig
February 6, 2009, 06:25 PM
I recommend this one: http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Fifteen+1
February 6, 2009, 11:01 PM
You have a virus or a trojan horse. Run AVG spyware.

TimboKhan
February 8, 2009, 04:49 PM
I had that exact same thing happen and it shrugged off AVG and every spyware thing I threw at it. My only recourse was to reformat, which blew. I worked, but it blew.

Gord
February 9, 2009, 06:59 PM
Timbo, did you try booting into safemode and running your scans that way?

WardenWolf
February 9, 2009, 07:26 PM
Windows key + R, type "regedit" and press Enter.

Under Windows XP:

Navigate to:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/

Under Windows Vista:

Navigate to:

HKEY_CURRENT_USER/SOFTWARE/Microsoft/Internet Explorer/

You will now see various folders. To remove unwanted toolbars, click Toolbar and then look on the right pane. You will see various entries. All except for the (Default) entry are safe to delete. Note that some may contain settings for any interface changes you may have made, but deleting them will not cause a problem other than making you redo your settings. The Extensions folder is also the same way, and its contents may be deleted to eliminate malware as well.

This is how you force-remove unwanted malware that attaches itself to Internet Explorer. It takes a couple of minutes at most. I am a network administrator, and have done this many times to quickly remove such things. Note that ActiveX plugins can be a bit trickier to remove in some cases, but it's fairly similar.

TimboKhan
February 9, 2009, 11:06 PM
Timbo, did you try booting into safemode and running your scans that way?

I did, and that failed. I don't really know how to edit my registries, so I did not try that.

Colonel K0rn
February 10, 2009, 12:33 AM
Suggestion that I give to my friends and family that have been affected by malware: switch to Firefox, and get the NoScript addon. The addon prevents scripts from running on your PC that you don't want to run, such as browser hijacking.

98% of users out there use Explorer, therefore the majority of people that put malicious code out there will exploit MS's lack of security for ActiveX coding.

Check out Avast! antivirus software as well at www.lavasoft.com . It's free and very effective. AdAware is good stuff too.

blkbrd666
February 10, 2009, 12:55 AM
You can download STOPZilla and install. It will stop the malware and identify infected files. You can delete them manually. Then download and install Eusing Free Registry Cleaner to clean out your registry. After you are done, you can uninstall STOPZilla.

TimboKhan
February 10, 2009, 07:33 PM
Suggestion that I give to my friends and family that have been affected by malware: switch to Firefox, and get the NoScript addon

This I did do. I actually was running Internet Explorer.

Also, welcome to THR!

Colonel K0rn
February 11, 2009, 12:27 PM
Thanks TimboKhan! Seems like there's a very knowledgeable group of people here on THR.

I've been reading a few of the threads for a while, but figured I'd try to help another member with a simple fix, and something I'm all too familiar with. And yeah, reformatting really blows. The last time I had to do that, I purchased another hard drive to put just the OS on, and put all my music/pictures/videos on another drive. That way I wouldn't loose everything should you have to reformat again.

zx12rider
February 11, 2009, 02:10 PM
I have worked in IT for 12 years doing everything from desktop support to Windows server admin to system administrator (Dell/HP/unisys etc etc ) and have fixed this one many times for friends/clients. It is simular to the Anti-virus 2008 / 2009 spyware that is going around. Try to find the 2-4 files that were placed in C:\WINDOWS\system32 on the day that the issue started. I forget the name of the files but they will be new and they have been removed from all the machines I have fixed. Then in regedit search for anti virus or whatever the "spyware" you have is called. They really didn't mask it very well, and remove all keys. I typically disable my network connection while fixing these issues. It is also good to try and kill and processes you can relate to the issue before starting. Reboot and if needed repeat until the problem is resolved. For some reason adaware/spybot weren't able to clean this one up last time I had to do it (2 months ago).

If you enjoyed reading about "Google hacked?" here in TheHighRoad.org archive, you'll LOVE our community. Come join TheHighRoad.org today for the full version!