Redirected to ads when search in google

Hi,
I've been having this problem for a few days now. Whenever i search on google and click on the page i want to view, i get redirected to ads instead. Why is this so? I've tried scanning for viruses and antispyware but found nothing. I'm using firefox.

 

What scanners have you tried?

And what browsers have you tried? Oh yeah you said Firefox... have you tried any others?

Anyway I think it's malware. Even if your scan didn't find it... try some other scanners... you can get some recommendations in the security subforum.

 

Yepp, I can only second that.

One other thing I could immagine is that Firefox was reprogrammed to redirect you if you click onto links... but that would have to originate somewhere.

 

i tried superantispyware, windows defender and nod32

 

I'd try using another browser to see if you get the same outcome, and then also maybe an additional scanner or 2 (Malwarebytes).

 

Sounds like your browser has been hijacked.

I highly recommend using Spybot S&D and immunizing your browser/s.

 

i scanned with malwarebytes and it found trojans. removed it and going to try spybot as well

 

yup browser hijacked.

also imo try smitfraudfix

 

If you start seeing enlargement pill ads on NBR, that is also a sign of a browser hijack.

 

darn it. i still get redirected. only in firefox though. thought i would post a hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:14, on 3/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220426532703
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 5561 bytes

 

if i reinstall firefox, will it help?

 

Try uninstalling the browser, run a registry cleaner and reinstall the lastest FF.

You logs looks clean to me.

 

which registry cleaner would you recommend?

 

CCleaner is generally recommended - check every entry though as to whether it "sounds right".

 

looks clean to me also imo. i would also try a reinstall of ff.

 

If you are going to uninstall Firefox, I suggest deleting all Firefox entries in your appdata folder. Type %appdata% in the run box. It'll open a window and you'll see Firefox with other programs in their as well. Just delete all Firefox entries.

Then reinstall Firefox.

 

Yeah, Ccleaner or use Revo Uninstaller to remove Firefox.

Ccleaner is a essential tool for Windows.

 

ok i tried removing firefox and cleaned my registry but i still get redirected to ads. what else can i do?

 

Have you tried what Rodknee said?

If that doesnt work then your DNS host file probably is poisoned, meaning it will maliciously redirect it to the wrong sites.

Google Hosts file and there should be a guide somewhere to restore/rebuild it

 

i did actually but it still did not work so i decided to do a clean install instead. thanks for your help

 

Had exactly same problem. Cause was stupid to download letitbit.
Don't remember for sure how I solved it. But it should be tifferent anyway.
Try checking for weird extensions in firefox.
Did u try safe mode?

 

May i make another suggestion to do after re install of windows?

ok, a lot of stuff gets on your puter via web browsing and can infect you without your knowledge right?

ok, so how about installing sandboxie? its free ware and you can run your browser trapped inside a sandbox. that way if you get hit again, you close the sandboxed browser, and from sandboxie control delete the sandbox. along with the sandbox, the trapped malware gets deleted too.

once you re open sand boxie a new sandbox is created and you are back to scratch. just a thought.


ev

 

As an added benefit, you can run just about any program you want, sandboxed. heckuva useful tool.


ev

 

So, nothing gets though? What if you want to download a file?

 

i only had foxytunes and google toolbar installed. no idea what it was though.

 

will give it a try, thanks

 

You've had first hand experience of FifeRox, now give Opera a try. It's safer and faster.

 

Opera has a few annoying bugs...

It regularly doesn't close properly - i.e. end the process.

Although I have to say it feels faster, but, that is because Vista optimized it.

Safer - debateable, user patterns are more important.

From my point of view, stay with Firefox if you like it.

 

Had a similar issue about a month ago. Got a malware that changed my dns settings causing my computer to display different pages when searching google instead of the ones that a normal pc would find. Also it stopped me from downloading a lot of programs. For eg if i went to msn messengers web site i got redirected to a phishing site instead.

Check your connection settings to make sure they are like they should be and run a few more scanners including Malwarebytes' Anti-Malware.

 

Not much point now as he's reinstalled.

 

yeah but would like to see what others had done

 

That's a fair comment, if you don't know, you can't try in the future.