IE8 being redirected
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
IE8 being redirected
When I do a Google or Bing search – the result page looks fine (seems normal) – but any link I click on from that result page gets redirected to local.com with another set of links.
What is causing this? Did I pick up something?
How can I stop this behavior?
System:
XP
IE8
What is causing this? Did I pick up something?
How can I stop this behavior?
System:
XP
IE8
BobL
The Other Bob from Maine
The Other Bob from Maine
-
- SilverLounger
- Posts: 2069
- Joined: 25 Jan 2010, 02:12
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
Re: IE8 being redirected
Thanks Joe, did that yesterday before posting here.
Turned off System Restore, scanned w/Symantec Antivirus - did find Backdoor.Tidserv that was deleted according to Symantec.
IE8 experienced the same behavior after.
This morning on a cold reboot I re-ran the scan before opening IE8, found nothing. On opening IE8 first search produced a good Google page, and first link followed from that page brought me to informationgetter.com - another re-direct.
Did check on Add-On Manager and found nothing but Microsoft, Adobee, and Sun Micro systems in there.
Still my head...
Turned off System Restore, scanned w/Symantec Antivirus - did find Backdoor.Tidserv that was deleted according to Symantec.
IE8 experienced the same behavior after.
This morning on a cold reboot I re-ran the scan before opening IE8, found nothing. On opening IE8 first search produced a good Google page, and first link followed from that page brought me to informationgetter.com - another re-direct.
Did check on Add-On Manager and found nothing but Microsoft, Adobee, and Sun Micro systems in there.
Still my head...
BobL
The Other Bob from Maine
The Other Bob from Maine
-
- Administrator
- Posts: 78478
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
Re: IE8 being redirected
Sorry Hans, I'm on a business machine and cannot install any apps. <sigh>.
Just an anoyance at this point - but if need be I'll get our IT dept to check it out. I can't see anything more than I've already done though..
Just an anoyance at this point - but if need be I'll get our IT dept to check it out. I can't see anything more than I've already done though..
BobL
The Other Bob from Maine
The Other Bob from Maine
-
- SilverLounger
- Posts: 2069
- Joined: 25 Jan 2010, 02:12
Re: IE8 being redirected
Can you try the online version of Autoruns for Windows?
Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/" onclick="window.open(this.href);return false;<toolname> or \\live.sysinternals.com\tools\<toolname>.
Joe
Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/" onclick="window.open(this.href);return false;<toolname> or \\live.sysinternals.com\tools\<toolname>.
Joe
Joe
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
Re: IE8 being redirected
Yes I can Joe, at least our browser allows me to get there.
What should I be looking for under Autoruns?
What should I be looking for under Autoruns?
BobL
The Other Bob from Maine
The Other Bob from Maine
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
Re: IE8 being redirected
Here is what I have from Internet Explorer tab:
You do not have the required permissions to view the files attached to this post.
BobL
The Other Bob from Maine
The Other Bob from Maine
-
- SilverLounger
- Posts: 2069
- Joined: 25 Jan 2010, 02:12
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
Re: IE8 being redirected
You do not have the required permissions to view the files attached to this post.
BobL
The Other Bob from Maine
The Other Bob from Maine
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
Re: IE8 being redirected
Not sure if this will help or not, but I managed to grab a screen shot of the url between the click on Google and the final crap landing page. Might lead to something??
Anyone recognize this?
Added: just noticed something else under my history - what is this:
default.pk
It was listed under my browsing history and seems to lead to the above link.
Could my IE8 config file(s) have been altered?
Anyone recognize this?
Added: just noticed something else under my history - what is this:
default.pk
It was listed under my browsing history and seems to lead to the above link.
Could my IE8 config file(s) have been altered?
You do not have the required permissions to view the files attached to this post.
BobL
The Other Bob from Maine
The Other Bob from Maine
-
- Administrator
- Posts: 78478
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: IE8 being redirected
Since you're not allowed to install security applications yourself, I'd ask the IT helpdesk to solve the problem for you - they should be able to deploy the tools necessary to find and remove the culprit.
Best wishes,
Hans
Hans
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
Re: IE8 being redirected: Update
Problem solved - although not easily.
My IT Dept did it in two sessions:
1. After loading Malwarebytes (thanks Hans) Deleted IE8 - rebooted - re-installed IE8. Re-assigned search provider.
Did not work
2. Malwarebytes discovered :Rootkit:DDSS: on it's 3rd pass. Went to safe mode. Removed IE8. Removed countless directories and individual weird files as in "exe.exe", "uns.exe" crap like that. Lots of regedit deletions. This thing was all over the place.
So far, this has worked Re-installed IE8.
It was impressive to see someone that knew what he was doing at work - glad to know that the ole DOS commands are still in play today
Anyway, clean system again - nice to have.
Morale of the story - play safe with pop-ups - disable them unless you know the site personally. This came my way (I suspect) from a national news web site, one of those with countless ads in place and lots of mouse-overs. I'm a looking for a new News site <grin>.
Later.
My IT Dept did it in two sessions:
1. After loading Malwarebytes (thanks Hans) Deleted IE8 - rebooted - re-installed IE8. Re-assigned search provider.
Did not work
2. Malwarebytes discovered :Rootkit:DDSS: on it's 3rd pass. Went to safe mode. Removed IE8. Removed countless directories and individual weird files as in "exe.exe", "uns.exe" crap like that. Lots of regedit deletions. This thing was all over the place.
So far, this has worked Re-installed IE8.
It was impressive to see someone that knew what he was doing at work - glad to know that the ole DOS commands are still in play today
Anyway, clean system again - nice to have.
Morale of the story - play safe with pop-ups - disable them unless you know the site personally. This came my way (I suspect) from a national news web site, one of those with countless ads in place and lots of mouse-overs. I'm a looking for a new News site <grin>.
Later.
BobL
The Other Bob from Maine
The Other Bob from Maine
-
- Administrator
- Posts: 78478
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: IE8 being redirected
I'm glad it's solved - you really needed the IT guy for this.
Best wishes,
Hans
Hans
-
- SilverLounger
- Posts: 2069
- Joined: 25 Jan 2010, 02:12
Re: IE8 being redirected
It is distressingly easy to corrupt your system even if you are relatively vigilant. Glad you got it resolved though.
Joe
Joe
Joe
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
Re: IE8 being redirected
You've got that right Joe, I've always considered myself a 'Safe Surfer' - analyzing links before selecting and all that stuff (been computing since early '70s) but this one really got me - still don't know where or how but I have some suspicions...JoeP wrote:It is distressingly easy to corrupt your system even if you are relatively vigilant.
Now, I'd much rather sit back with a and let the odd sites go by
BobL
The Other Bob from Maine
The Other Bob from Maine