Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
4864 Views 9 Replies Latest reply: Dec 21, 2009 2:31 AM by krajagop RSS
Newcomer 4 posts since
Dec 9, 2009
Currently Being Moderated

Dec 9, 2009 9:43 PM

Redirect from either Bing or Google to a random site

I am trying to figure out what I've caught. Whatever it is, it is not being picked up by McAfee nor PC Tools Spyware Doctor. I end up being redirected to random sites and this evening I was asked to download something from a site that looked exactly like a genuine Microsoft. Is there anyone who can help, thanks ... Tom

  • Apprentice 11,659 posts since
    Sep 29, 2002
    Currently Being Moderated
    1. Dec 10, 2009 6:55 PM (in response to tomnad)
    Re: Redirect from either Bing or Google to a random site

    Please try these tools:

     

    Please try the steps below..

     

    On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:

     

    Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

     

    How To Start In 'Safe Mode'

     

    Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
    http://www.besttechie.net/tools/mbam-setup.exe

     

    Malwarebytes Manual Updater link
    http://www.malwarebytes.org/mbam/database/mbam-rules.exe

     

    Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well. After installing and updating SuperAntispyware, run another full system scan and delete everything it finds as well. As before, you may need to rename the installer file to get the program to install.:

     

    SuperAntispyware
    http://www.superantispyware.com/

     

    SuperAntispyware Manual Updater
    http://www.superantispyware.com/definitions.html
    ____________

     

    In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
    _____________________

     

    Hope this helps.

     

    Grif

  • Newcomer 5 posts since
    Dec 11, 2009
    Currently Being Moderated
    3. Dec 11, 2009 1:19 PM (in response to tomnad)
    Re: Redirect from either Bing or Google to a random site

    same problem....no solution so far

  • Newcomer 3 posts since
    Dec 13, 2009
    Currently Being Moderated
    5. Dec 14, 2009 2:02 PM (in response to tomnad)
    Re: Redirect from either Bing or Google to a random site

    I had the same problem and have tried everything. Finally I found Hitman Pro 3.5 ran the scan and it solved it. It found a problem with Windows\system32\drivers\atapi.sys. The program is freeware and only took about five minutes to run. Hope this works for you.

  • Apprentice 11,659 posts since
    Sep 29, 2002
    Currently Being Moderated
    7. Dec 15, 2009 11:13 AM (in response to tomnad)
    Re: Redirect from either Bing or Google to a random site

    Glad you got things sorted out..

     

    Apparently, you were able to connect to the internet.. That's the primary issue with Hitman Pro.. It needs an internet connection to correctly determine the validity of many detected problems. If you don't have an internet connection, its "cloud based" scanner/classifyer doesn't give a reliable determination of suspicious files.

     

    Just a word of caution.. The "atapi.sys" file which was detected on your system is a required, legitimate file and it resides at the same location you've mentioned. In addition, there are a number of malware scanners that have incorrectly called that file a rootkit. (It was a false positive using Malwarebytes about a month ago.) Still, the "atapi.sys" file CAN be infected with malware and if Hitman removed the infection and your computer is still running, that's a good thing..

     

    Keep up the good work.

     

    Hope this helps.

     

    Grif

  • Newcomer 1 posts since
    Dec 19, 2009
    Currently Being Moderated
    8. Dec 19, 2009 9:14 AM (in response to tv104)
    Re: Redirect from either Bing or Google to a random site

    Thanks... So far the Hitman Pro seems to be working. I tried almost eveything else and was getting very frustrated with the re-direct. It found the Root Kit Windows\system32\drivers\atapi.sys also, and another .exe it said was suspicious.

  • krajagop McAfee SME 12 posts since
    Nov 3, 2009
    Currently Being Moderated
    9. Dec 21, 2009 2:31 AM (in response to jtay)
    Re: Redirect from either Bing or Google to a random site

    This is detected as

     

     

    Js/redirector from DAT 5836 onwards

    VIL - http://vil.nai.com/vil/content/v_249453.htm

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points