Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

GOOGLE/YAHOO searches redirected

Created: 07 Aug 2009 • Updated: 21 May 2010 | 8 comments

I go to GOOGLE search "dogs" click on a link and it brings me to another page that has nothing to do with dogs.

I can not click on any links in GOOGLE or YAHOO as I get redirected to random sites.  I have NORTON 360 - MALWAREBYTES and PCTOOLS SPYWARE DOCTOR and none of them have detected any problems.

Can someone point me in the direction to fix this...
thanks
(=

Discussion Filed Under:

Comments 8 CommentsJump to latest comment

Ajit Jha's picture

Try to search norton/ Symantec and click the desiured link and see the status.

Update us.

Ajit

Regard's

Ajit Jha

Technical Consultant

ASC & STS

shp's picture

May know to which site's its redirected.....
If u have any toolbars (like ask toolbar) or additions search engines uninstall it and try.
 

Regards,
Srinivas H.P.
HCL Infosystems Ltd

Aniket Amdekar's picture

Looks like its a Browser Helper Object. You can go to Internet Explorer->Tools->Manage Add-ons  and see if you can see any abnormal add-ons listed. Also, please use the autoruns too, go to the Internet Expplorer tab in that tool and look for any maicious entries. You can delete the entries from there ad reboot the machine to check results.

Cheers,
Aniket

Ajit Jha's picture

U can also restore the default setting. Go-->IE-->Tool-->InternetOptions-->Advance-->Restore default

Regard's

Ajit Jha

Technical Consultant

ASC & STS

LeslieMiller's picture

The best bplace to have Norton questions answered is at http://norton.community.com.

Satyam Pujari's picture

Well..if 'links' of 'search engine results' are getting redirected then most probably you got a rootkit in the box.Some time back it's was in the wild named as 'TDSS rootkit'.

I've seen many variants and modified versions of this rootkit in recent days.I've submitted couple of 'em to SRT and those were detected and cleaned well.

Why your Search results get redirected ?

Usually,the rootkit is dropped by a worm.

-It changes the DNS settings for all network connections to two of the following IP addresses:-It installs a kernel driver..in most cases 'gaopdxserv.sys'

-It modifies the DNS entries on the compromised computer. In case of an infection in a Server/Client environment, clients on a compromised network might acquire malicious DNS addresses from an infected server (without actually being infected itself), redirecting queries to an address controlled by the remote attacker.

-It acts as a DHCP server for all computers on the compromised computer's LAN, serving the following malicious DNS addresses to redirect all DNS queries to an address controlled by the remote attacker:64.86.133.51 (primary)
63.243.173.162 (secondary)Read this write-up carefully & follow the removal steps(It's indepth and excellent)

http://www.symantec.com/security_response/writeup.jsp?docid=2009-032211-2952-99
&tabid=2

-Check If your DNS settings has bee modified in the box with ipconfig /all .( You'll see some different DNS servers entries.)

-See if you can find some of the 'files' related to this threat.If undetected files are found submit it here
https://submit.symantec.com/gold/

I'm damn sure Symantec detects and cleans most of the variants for this threat.But there're might be new variants for this threat in the presence.If you think the box is still infected you may call Symantec norton support.Thier virus removal service is great.You'll be satisfied..trust me.

http://www.symantec.com/norton/support/premium_services/virushelp.jsp

Inviting good karma to CPU...beep

M Samir0n's picture

Yes it's a nice post. helped me lot. also I have solved that issue by using one trends tool.

Vikram Kumar-SAV to SEP's picture

Looks you've played a lot with this one..

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.