1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: IE7 Google search results jump/redirect malware

Discussion in 'Virus & Other Malware Removal' started by rherber1, Oct 15, 2008.

Thread Status:
Not open for further replies.
  1. rherber1

    rherber1 Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    2
    I have a similar problem to that previously described in a now closed thread, ie. http://forums.techguy.org/malware-r.../587485-solved-ie7-google-search-results.html

    As an example, a Google search for a particular financial organisation in Australia turns up several pages of results. When I clicked on one link I was directed via jump and redirect malware to a different site to that selected. I discovered the Recent Pages button (next to the Forward button) had 2 new entries, A "Jump" entry and a "Redirect" entry.

    The malware only appears to function on the first Google search of an IE7 session on a new tab or window. A subsequent Google search following the redirection using an existing tab or window does not result in a redirection.

    I include Hijackthis and Panda Activescan logs for your analysis. I hope that I will be as successful in eradicating this problem as it is causing me some angst.
     

    Attached Files:

  2. rherber1

    rherber1 Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    2
    I followed the instructions recommended by cybertech in this thread http://forums.techguy.org/malware-removal-hijackthis-logs/757092-possible-malware-infection.html and after running both ATF and Malwarebytes and rebooting, the problem was gone. perhaps the FakeAlert trojan or the may have been the cause.

    Here is the mbam log file taken before rebooting.

    Malwarebytes' Anti-Malware 1.28
    Database version: 1274
    Windows 5.1.2600 Service Pack 2
    10/16/2008 10:29:53 AM
    mbam-log-2008-10-16 (10-29-53).txt
    Scan type: Quick Scan
    Objects scanned: 44742
    Time elapsed: 2 minute(s), 50 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{410108EA-E613-EB50-DBDD-096F10D03F68} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\smartui (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\Program Files\yxixuce\smartui.dll (Trojan.FakeAlert.H) -> Delete on reboot.

    As a result of the effectiveness of Malwarebytes in solving this problem I immediately purchased a copy and gave AdaWare the flick.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/759390

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice