cancel
Showing results for 
Search instead for 
Did you mean: 

GOOGLE/YAHOO searches redirected

wendallzmom
Not applicable
I go to GOOGLE search "dogs" click on a link and it brings me to another page that has nothing to do with dogs.

I can not click on any links in GOOGLE or YAHOO as I get redirected to random sites.  I have NORTON 360 - MALWAREBYTES and PCTOOLS SPYWARE DOCTOR and none of them have detected any problems.

Can someone point me in the direction to fix this...
thanks
(=
8 REPLIES 8

Ajit_Jha
Level 6
Partner Accredited
Try to search norton/ Symantec and click the desiured link and see the status.

Update us.

Ajit

shp
Level 3

May know to which site's its redirected.....
If u have any toolbars (like ask toolbar) or additions search engines uninstall it and try.
 

Aniket_Amdekar
Level 3
Looks like its a Browser Helper Object. You can go to Internet Explorer->Tools->Manage Add-ons  and see if you can see any abnormal add-ons listed. Also, please use the autoruns too, go to the Internet Expplorer tab in that tool and look for any maicious entries. You can delete the entries from there ad reboot the machine to check results.

Cheers,
Aniket

Ajit_Jha
Level 6
Partner Accredited
U can also restore the default setting. Go-->IE-->Tool-->InternetOptions-->Advance-->Restore default

LeslieMiller
Level 6
The best bplace to have Norton questions answered is at http://norton.community.com.


Satyam_Pujari1
Level 2

Well..if 'links' of 'search engine results' are getting redirected then most probably you got a rootkit in the box.Some time back it's was in the wild named as 'TDSS rootkit'.

I've seen many variants and modified versions of this rootkit in recent days.I've submitted couple of 'em to SRT and those were detected and cleaned well.

Why your Search results get redirected ?

Usually,the rootkit is dropped by a worm.

-It changes the DNS settings for all network connections to two of the following IP addresses:-It installs a kernel driver..in most cases 'gaopdxserv.sys'

-It modifies the DNS entries on the compromised computer. In case of an infection in a Server/Client environment, clients on a compromised network might acquire malicious DNS addresses from an infected server (without actually being infected itself), redirecting queries to an address controlled by the remote attacker.

-It acts as a DHCP server for all computers on the compromised computer's LAN, serving the following malicious DNS addresses to redirect all DNS queries to an address controlled by the remote attacker:64.86.133.51 (primary)
63.243.173.162 (secondary)
Read this write-up carefully & follow the removal steps(It's indepth and excellent)


http://www.symantec.com/security_response/writeup.jsp?docid=2009-032211-2952-99
&tabid=2


-Check If your DNS settings has bee modified in the box with ipconfig /all .( You'll see some different DNS servers entries.)

-See if you can find some of the 'files' related to this threat.If undetected files are found submit it here
https://submit.symantec.com/gold/

I'm damn sure Symantec detects and cleans most of the variants for this threat.But there're might be new variants for this threat in the presence.If you think the box is still infected you may call Symantec norton support.Thier virus removal service is great.You'll be satisfied..trust me.

http://www.symantec.com/norton/support/premium_services/virushelp.jsp

Vikram_Kumar-SA
Level 5
Employee Accredited
Looks you've played a lot with this one..

M_Samir0n
Level 4
Yes it's a nice post. helped me lot. also I have solved that issue by using one trends tool.