system
February 11, 2012, 3:02pm
1
It started last weekend where whenever I used a search engine like Google, when I clicked on a result it would redirect me to a red-flagged site. I tried running a boot time scan afterwards and though it found some infected files, it didn’t find what was causing the redirecting problem. Aside from the redirecting, nothing else seems to be wrong with my laptop.
I use Firefox and have Windows Vista.
Donovan
February 11, 2012, 3:07pm
2
Please follow the instructions here: http://forum.avast.com/index.php?topic=53253.0
system
February 11, 2012, 3:17pm
3
It started last weekend where whenever I used a search engine like Google, when I clicked on a result it would redirect me to a red-flagged site. I tried running a boot time scan afterwards and though it found some infected files, it didn’t find what was causing the redirecting problem. Aside from the redirecting, nothing else seems to be wrong with my laptop.
I use Firefox and have Windows Vista.
in Firefox go to about:config, then look for a string called keyword.url Check the content and delete it. Restart Firefox. Also check your add-ons for any suspicious extension.
edit: oops sorry my mistake, this setting only concerns awesome bar searches. Check your add-ons anyway.
system
February 11, 2012, 3:33pm
4
Okay, running the Malwarebytes scan now.
And I checked the Add-Ons but nothing came up. Thanks for the suggestion though.
EDIT: Malwarebytes found nothing, do you want me to still post the log? Also here are the results from OTL.
Could you run aswMBR as well please
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 9C F8 0E 5E 88 B4 4D 9A 8D 0D E3 AA 30 AC D4 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 9C F8 0E 5E 88 B4 4D 9A 8D 0D E3 AA 30 AC D4 [binary data]
IE - HKU\S-1-5-21-3033589424-2580426682-4036217997-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 9C F8 0E 5E 88 B4 4D 9A 8D 0D E3 AA 30 AC D4 [binary data]
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
[2011/06/11 17:25:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\11x638l6.default\extensions\{8fb915fb-36b1-4f97-aeb2-ab14cdde1e0d}
:Reg
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-21-3033589424-2580426682-4036217997-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the topQuick Scan button. Post the log it produces in your next reply.
system
February 11, 2012, 6:06pm
6
I tried running aswMBR but I got blue error screen. Is the program supposed to be ran in safemode only?
I ran the fix in OTL and am now scanning again. Will edit post with logs.
Have the redirects gone now ?
system
February 11, 2012, 7:27pm
8
Yep, they’re gone. Thanks for the help!
OK if they have still gone tomorrow, let me know and I will remove my tools
system
February 13, 2012, 7:04pm
10
The problem seems to be completely gone now. Thanks again.
Run OTL and press the cleanup button to remove it and the associated folders