Go Back   AnandTech Forums > Software > Security

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2013
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 05-08-2012, 08:14 AM   #1
Ryland
Platinum Member
 
Ryland's Avatar
 
Join Date: Aug 2001
Posts: 2,562
Default Stop search result redirect after scareware

My computer had gotten infected with Smart Fortress 2012 scareware which I proceeded to cleanup using malwarebytes. I then switched from MSIE to Kaspersky because this is the 3rd machine which had been running MSIE that has gotten infected with scareware. Kaspersky, Malwarebytes and superantispyware all say that this machine is clean yet I still get search redirects in at least FireFox. I have proceeded to run ComboFix, TDSSKiller, verfied my hosts file, checked my proxy and DNS settings but I just cant kill it off. Where else can I look to clean this up?
__________________
HeatWare 86-0-0
eBay Rating(350-0-1)
GA-Z68X-UD3H-B3, Corsair 650 PSU, Intel 2500K, Corsair DDR3 16GB , Samsung and Seagate SATA drives, OCZ Vertex 3, Gigabyte 660
Ryland is online now   Reply With Quote
Old 05-08-2012, 07:59 PM   #2
VirtualLarry
Lifer
 
VirtualLarry's Avatar
 
Join Date: Aug 2001
Posts: 25,101
Default

router infected? Check router DNS settings.
__________________
Rig(s) not listed, because I change computers, like some people change their socks.
ATX is for poor people. And 'gamers.' - phucheneh
haswell is bulldozer... - aigomorla
"DON'T BUY INTEL, they will send secret signals down the internet, which
will considerably slow down your computer". - SOFTengCOMPelec
VirtualLarry is offline   Reply With Quote
Old 05-09-2012, 08:32 AM   #3
Ryland
Platinum Member
 
Ryland's Avatar
 
Join Date: Aug 2001
Posts: 2,562
Default

I ended up doing what I should have done in the first place and restored from an Acronis image I made at the end of April. Problem solved in an hour vs the many hours I spent trying to fix it.
__________________
HeatWare 86-0-0
eBay Rating(350-0-1)
GA-Z68X-UD3H-B3, Corsair 650 PSU, Intel 2500K, Corsair DDR3 16GB , Samsung and Seagate SATA drives, OCZ Vertex 3, Gigabyte 660
Ryland is online now   Reply With Quote
Old 05-15-2012, 02:57 AM   #4
makken
Golden Member
 
Join Date: Aug 2004
Posts: 1,460
Default

having the same issue; google search results are getting redirected on first click, second click seems to bring up the correct site.

Happening on both Chrome and IE. I'm still trying to figure out how I got infected.

Edit: played around with it a bit more: malwarebytes detected trojan.happili which was removed. Had no effect.
Ran symantec's fixTDSS tool, found nothing.
My master boot record seems to be fine.
Other devices on my network are not getting redirected so I'm assuming its not at the router level.
The redirect only seems to happen on my limited user (win7) account; it doesn't happen when I log in under my admin account.

Ill play around with this a bit more after I get some sleep.

Last edited by makken; 05-15-2012 at 06:45 AM.
makken is offline   Reply With Quote
Old 05-15-2012, 01:51 PM   #5
Ryland
Platinum Member
 
Ryland's Avatar
 
Join Date: Aug 2001
Posts: 2,562
Default

I was originally infected with Smart Fortress 2012 but still had the redirects even after every anti-everything program I could throw at it came up clean plus the computer was randomly locking up (only the mouse would move but not click).
__________________
HeatWare 86-0-0
eBay Rating(350-0-1)
GA-Z68X-UD3H-B3, Corsair 650 PSU, Intel 2500K, Corsair DDR3 16GB , Samsung and Seagate SATA drives, OCZ Vertex 3, Gigabyte 660
Ryland is online now   Reply With Quote
Old 05-15-2012, 03:11 PM   #6
jjsbasmt
Senior Member
 
jjsbasmt's Avatar
 
Join Date: Jan 2005
Location: SW PA
Posts: 442
Default

How about clearing your browser cache, and perhaps any cookies, and if that doesn't work, try a System Restore, and clear the browser cache again, or perhaps running those removal tools in Safe Mode if possible. Also it is prudent to read up on all the changes that any trojan or virus makes to your system such as files added and any new registry entries created or changed.
__________________
Q9550/Asus P5Q Turbo/ 8GB OCZ Gold PC8500/PC P&C Silencer 500/Sapphire Radeon HD5670/Crucial M500 240/Caviar Black 1 TB/SONY SATA Lightscribe/12 in-one Media Card Reader/4- USB 3.0, 6 USB 2.0/Bluetooth/Dell 22" HDMI, Win 8.1 Pro 64, in CoolerMaster Centurion, Protected by APC XS 1000/Samsung SCX-3405W

Last edited by jjsbasmt; 05-15-2012 at 03:15 PM. Reason: added text
jjsbasmt is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 08:30 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.