Weird IE re-directs

[Milehigh]

My wife's computer is acting weird, and I was hoping someone could maybe point in the direction of a fix. She is running IE 8 on an XP platform, and when she googles sites and clicks a link, it sends her to a totally random site not even related to the subject.

I've done virus scans, used Spybot, Malware and other spyware programs and her machine seems to be clean. It seems to be an issue within IE 8... any advice would be appreciated

 

[Vermillion]

Check the hosts file. Make sure there are no funky items added in there.

 

[MaxBurn]

Check out this process, malware is getting smarter all the time and you may have just stumbled on to something new.
http://likefunbutnot.org/2009Malware.php

Also how does a clean default install of firefox act on the same computer?

 

[Milehigh]

Thanks guys for the advice, at one point I installed a "custom" hosts file designed to eliminate known bad sites, but my wife had issues at that time opening sites she would use, and I went back to the stock hosts file... might be related, not sure. What would constitute a "funky" item and how would I identify a bad entry?

Maxburn, she does not use Firefox, but I do and like it... I'll try a clean install and see if that fixes her issues, and I'll review the link you provided tonight... thanks

 

[Vermillion]

Thanks guys for the advice, at one point I installed a "custom" hosts file designed to eliminate known bad sites, but my wife had issues at that time opening sites she would use, and I went back to the stock hosts file... might be related, not sure. What would constitute a "funky" item and how would I identify a bad entry?

Maxburn, she does not use Firefox, but I do and like it... I'll try a clean install and see if that fixes her issues, and I'll review the link you provided tonight... thanks

If you're not using something like Spybot to immunize a system then your hosts file is most likely blank except for

127.0.0.1 localhost

Anything funky would be any IP pointed to a URL. Recently cleaned off a work computer that was getting Google/Bing/Yahoo searches sent to strange places. hosts file looked something like this (The IP is totally made up by me) :

99.86.72.100 www.google.com
99.86.72.100 www.google.co.uk
99.86.72.100 www.google.cn
99.86.72.100 www.yahoo.com
99.86.72.100 www.yahoo.co.uk
99.86.72.100 www.bing.com

and so on. There was roughly 70-80 different entries in the host file all pointing to the same place.

 

[ProfessorKaos64]

If you are using XP, runt he Winsock XP reset tool, to reset your hosts files etc. If not you can run the following from command prompt


netsh winsock reset catalog
netsh winsock reset all
netsh int ip reset

Other than that, probe through the entries in Hijack This. Or run spyware removal software.

 

[-(Xyphox)-]

If you are using XP, runt he Winsock XP reset tool, to reset your hosts files etc. If not you can run the following from command prompt


netsh winsock reset catalog
netsh winsock reset all
netsh int ip reset

Other than that, probe through the entries in Hijack This. Or run spyware removal software.

I would agree with that, also try Dial-a-fix too has some nice tools there.
Some how your being redirected. My guess is your infected. Try Malware Bytes and Super Anti Spyware

 

[Snowknight26]

Out of curiosity, what are the links that Google's search results point to? go.google.com? If so, could be a rogue driver.

 

[ProfessorKaos64]

Yes Dial a Fix is a nice one too, try that if my suggestions above didnt work. One you do that you should be ok.

 

[Jim S.]

My girlfriend's computer had this issue last week. Both IE and Firefox would randomly redirect after Google or Yahoo searches, the hosts file was clean, MalwareBytes and Spybot wouldn't pick up anything.

Turns out it was TDSS, an extremely nasty rootkit.

I suggest that the OP find a program called TDSSkiller and see if it turns up anything.

 

[Eva_Unit_0]

My girlfriend's computer had this issue last week. Both IE and Firefox would randomly redirect after Google or Yahoo searches, the hosts file was clean, MalwareBytes and Spybot wouldn't pick up anything.

Turns out it was TDSS, an extremely nasty rootkit.

I suggest that the OP find a program called TDSSkiller and see if it turns up anything.

In a similar vein, a computer at work recently (as in 3 days ago) came down with some very tricky trojan that would cause random redirects from google searches. It also had a fun sasser-style forced reboot. The only program that could even detect it was MSE. Malwarebytes, Ad-aware, Super Antispyware, and McAfee all missed it. MSE identified it as Trojan Gord.A, but it couldn't remove it. Ended up having to format the box.

So anyway, yes, I think that random redirects like that are a very bad sign.

EDIT: also, there is at least one other thread about the same problem around here. I hope this isn't some new pandemic.

 

[Milehigh]

Thanks MaxBurn for the malware link, some good stuff there. I may have fixed my wife's computer temporarily, not sure if it is permanent or not. There seemed to be multiple issues and some that are still causing me concern.

FYI, MalwareBytes is down currently and returns some errors, supposed to be fixed soon according to their forums, but the software won't run on my wife's computer.

Even MORE troubling, her computer will NOT start in SAFE mode, you select it, it appears to be loading the basic files, then reboots again. I'm suspecting something very deep here, not sure at this point.

 

[Pkirk618]

i've been on the other end of that. I stop using IE completely after the last one.