5 Replies Latest reply on May 31, 2010 1:01 PM by KenY

    Another guy with a search engine redirect issue

      Hi, I know there are other threads, and one in particular, that deal with this issue, but they don't help much.  When I run a search on google, then click on one of the results, I get redirected to random sites.  McAfee Sec Ctr, Superantiispyware, Malwarebites, Stinger, all seem to miss the problem.  What do I have to do?

        • 1. Re: Another guy with a search engine redirect issue

          I just began having the same issue (WinXP SP3), with a few side effects. 1. Occasionally, after a start or restart, my computer cannot connect to the network. It spends several minutes "searching for IP address". Usually a restart cures this. 2. About half the time after a start or restart, the "Themes" service does not start. This means my desktop has changed from the WinXP theme to the Windows Classic theme. I can run services.msc where it shows that the "Themes" service is not running even though its startup type is "Automatic". I can click on "Start the service" and it fixes my desktop, but the fix is not permanent. 3. I cannot run Windows Update. If I run this from the control panel, IE opens with a message that it cannot display the webpage. If I go to microsoft.com and click on "updates" I get error # 0x80072EFF and "The website has encountered a problem and cannot display the page you are trying to view". I contacted Microsoft support--they sent a diagnostic tool which I ran and it sent them a report. I'm waiting now to hear from them. 4. Finally, I am also getting redirected from Google search pages, especially with adware-intensive searches like "watches", "loans", "vitamins", and the like. I found that if I don't click on the search link but instead right-click and copy the shortcut and paste it into the address bar, I seem to ba able to avoid the redirection (but since the redirecting doesn't always happen I can't be sure that this is correct). Also it seems that I am more likely to get redirected when I initiate the search from the IE search bar rather than first opening google.com, but again I haven't been keeping score.

           

          I have run several McAfee scans, Stinger, Spybot, Ad-Aware, and HijackThis without success. McAfee says it removed "Cookie-AdBureau" and "Cookie Eye-Blaster", Spybot removed a tracking cookie and changed a registry entry in HK_Users\..\Internet Explorer\Main\Feature Control\...\Local Machine_CD_Unlock, and none of the others uncovered anything. I'm still experiencing all the problems in the paragraph above.

           

          I have just run Stinger again in Safe Mode with heuristics set to "very high". It identifies HijackThis as being the Trojan-bearer, but in fact the problems started before I installed HijackThis.

           

          Meanwhile my wife is lobbying for a new computer anyway (current one is 6-yr-old Dell Dimension 8300), so if the problem doesn't get fixed soon it may just go away onto the junk heap.

           

          Have attached logs from McAfee scan, Stinger, And MS Diagnostic. Maybe all this extra info will enable someone knowledgable to figure this out.

           

           

          Message was edited by: KenY on 5/30/10 9:50:38 PM CDT

           

           

          Message was edited by: KenY on 5/30/10 9:51:12 PM CDT
          • 2. Re: Another guy with a search engine redirect issue

            I have been experiencing exactly the same issue and symptoms. Scanning with McAfee reveals nothing. Prevx also finds nothing malicious. But a full scan with Malwarebytes finds the Koobface worm - in the McAfee directory! The infected file appears in Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data and takes the form TFRnn.TMP. Malwarebytes deletes the file, but on reboot another infected file appears with the same name format but with a different nn sequence number.

            • 3. Re: Another guy with a search engine redirect issue
              Peacekeeper

              I had this issue with my son in law's PC probably the thread mentioned above I posted in. It was fixed by Both Malwarebytes and Superantispyware being installed with renomed setup files and renamed folders. Of course in my case we also had updates to mcafee and all Antimalware products were blocked is this happening as well? Oh both programs were updated before running.

               

              First thing would be delete all windows temp and internet temp files. If no chop is there a system restore point before this issue try restoring to it. Lastly disable system restore reboot and retry scans and search.

               

              I assume you read http://community.mcafee.com/docs/DOC-1294

               

              All microsoft updates current?

               

              Called in the calvary

               

               

              Message was edited by: Peacekeeper on 31/05/10 8:09:54 PM

               

               

              Message was edited by: Peacekeeper on 31/05/10 8:16:30 PM
              • 4. Re: Another guy with a search engine redirect issue
                k3tg

                http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS100534

                 

                This link may provide some additional information for you regarding your issue

                • 5. Re: Another guy with a search engine redirect issue

                  I may have fixed my problem. Microsoft Support suggested I download Microsoft Security Essentials from http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=e1605e70 -9649-4a87-8532-33d813687a7f. As per their instructions, I uninstalled Ad-Aware, HijackThis, and Spybot, and disabled McAfee Live Scan and McAfee Firewall. I ran MSE full scan; it identified a problem with Win32/PowerRegScheduler. I clicked on "Clean Computer". It reported "Status: Succeeded". Since then I have been able to run Windows update, I have had no Service Start failures in 5 consecutive restarts, and I have been unable to replicate Browser redirects.

                   

                  I'm keeping my fingers crossed.