Author Topic: Getting rerouted to other sites when clicking Google links  (Read 4432 times)

0 Members and 1 Guest are viewing this topic.

ceo3west

  • Guest
Getting rerouted to other sites when clicking Google links
« on: June 13, 2009, 05:38:56 PM »
This has been happening for a week since my PC had been infected with a virus.  I installed avast which captured a few viruses & trojans but this is still happening.  Specifically, when I do a google or yahoo search and click a link from the search, it takes me to different websites.  Anyone ever experience this?  Any recommendations?  Avast has not found any other viruses, not sure whats causing this.  Thanks.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Getting rerouted to other sites when clicking Google links
« Reply #1 on: June 13, 2009, 06:54:26 PM »
Hi ceo3west,

Sounds like an IE infestation, could be a rogue BHO or other adware/spyware issue, post a hjt log txt file as an attached txt file in your net posting, and we here will have a serious look at it.
You can download hijackthis from here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

ceo3west

  • Guest
Re: Getting rerouted to other sites when clicking Google links
« Reply #2 on: June 13, 2009, 10:46:45 PM »
Hi ceo3west,

Sounds like an IE infestation, could be a rogue BHO or other adware/spyware issue, post a hjt log txt file as an attached txt file in your net posting, and we here will have a serious look at it.
You can download hijackthis from here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

polonus


Thanks for the help on this, attached is the file.

CharleyO

  • Guest
Re: Getting rerouted to other sites when clicking Google links
« Reply #3 on: June 14, 2009, 12:01:21 AM »
***

An analysis of your HJT log shows the following problems :

We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall.

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
Unnecessary (deactivated) entry that can be fixed. AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat reader.

O4 - HKUS\S-1-5-21-1219393502-2404566984-3178860527-1006\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h (User 'Sarah')
While this entry itself is not bad, this is a possible infection point as are all P2P programs.

The below are questionable entries all related to Yahoo components :

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Uses excessive system and memory resources with no corresponding benefit.
http://www.pcpitstop.com/libraries/process/i/yahooauservice.exe.html

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO able to monitor Internet browser activity.
http://www.file.net/process/ytsingleinstance.dll.html

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Uses excessive system and memory resources with no corresponding benefit.
http://www.pcpitstop.com/libraries/process/i/yahooauservice.exe.html



Overview of running tasks :

smss.exe   
System task   
Session Manager Subsystem

winlogon.exe   
System task   
Microsoft Windows Logon Process

services.exe   
System task   
Windows Service Controller

lsass.exe   
System task   
Local Security Authority Service

svchost.exe   
System task   
Microsoft Service Host Process

svchost.exe   
System task   
Microsoft Service Host Process

svchost.exe   
System task   
Microsoft Service Host Process

aswUpdSv.exe   
Virusscan   
Avast Anti-Virus Component

Explorer.EXE   
System task   
Microsoft Windows Explorer

ashServ.exe   
Virusscan   
Avast

spoolsv.exe   
System task   
Microsoft Printer Spooler Service

AppleMobileDeviceService.exe   
Backgroundtask   
Apple Mobile Device Service

mDNSResponder.exe   
Backgroundtask   
Bonjour for Windows Component

jqs.exe   
Backgroundtask   
jqs.exe

LSSrvc.exe   
Backgroundtask   
NERO Light Scribe Module

nvsvc32.exe   
Application   
NVIDIA Driver Helper Service

svchost.exe   
System task   
Microsoft Service Host Process

svchost.exe   
System task   
Microsoft Service Host Process

VongoService.exe   
Unknown task      (a movie download service for portable devices)
Unknown task        http://www.file.net/process/vongoservice.exe.html

YahooAUService.exe   
Unknown task          (Yahoo AutoUpdater for Yahoo Instant Messenger)
Unknown task            http://www.pcpitstop.com/libraries/process/i/yahooauservice.exe.html

hpqwmiex.exe   
Backgroundtask   
HP ProtectTools security manager

ashMaiSv.exe   
Virusscan   
Avast Anti-Virus Component

ashWebSv.exe   
Virusscan   
avast! Web Scanner

HP Wireless Assistant.exe   
Backgroundtask   
JHP Wireless Assistant.exe

HPWuSchd2.exe   
Backgroundtask   
Hewlett Packard Software Update Scheduler

issch.exe   
Application   
InstallShield Update Service

QTTask.exe   
Backgroundtask   
Apple QuickTime Tray Icon

iTunesHelper.exe   
Application   
Apple Itunes

ashDisp.exe   
Virusscan   
Avast AntiVirus

jusched.exe   
Backgroundtask   
Sun Java Update Scheduler

ctfmon.exe   
System task   
Alternative User Input Services

TeaTimer.exe   
Application   
Spybot S&D Realtime Scanner

mlb-nexdef-autobahn.exe   
Unknown task               (If you have both Autobahn and MLB NexDef installed, you will run into issues.)
Unknown task                 http://www.getautobahn.com/faqs Scroll to bottom of page.

iPodService.exe   
Backgroundtask   
Apple iTunes

firefox.exe   
Application   
Mozilla Firefox

winlogon.exe   
System task   
Microsoft Windows Logon Process

java.exe   
Application   
Java runtime

HijackThis.exe   
Application   
Merijn Hijackthis


***

Spiritsongs

  • Guest
Re: Getting rerouted to other sites when clicking Google links
« Reply #4 on: June 14, 2009, 12:38:16 AM »
 :)  Hi :

 Since your HijackThis log shows you have Spybot ( you did NOT mention IF
 you have run their program !? ), I recommend you ask their experienced,
 certified, Volunteer "Malware Removal Specialists" for help on their Support
 Forums at http://forums.spybot.info .

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Getting rerouted to other sites when clicking Google links
« Reply #5 on: June 14, 2009, 12:54:06 AM »
CharleyO is right there, look here: http://www.prevx.com/filenames/X2370485212263648554-X1/ARES+ULTRA.EXE.html
Description: Ares Ultra.exe is located in a subfolder of "C:\Program Files". Known file sizes on Windows XP are 2,658,816 bytes (33% of all occurrence), 2,831,360 bytes, 3,780,608 bytes.
There is an icon for this program on the taskbar next to the clock. The program has a visible window. Program can be uninstalled in the Control Panel. File Ares Ultra.exe is not a Windows system file. The process uses ports to connect to LAN or Internet. Ares Ultra.exe is able to record inputs, manipulate other programs. Therefore the technical security rating is 12% dangerous, however also read the users reviews.

Recommended: Identify Ares Ultra.exe related errors

Important: Some malware camouflage themselves as Ares Ultra.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the Ares Ultra.exe process on your pc whether it is pest.  Update the file to virustotal.com and give us the results as an attached txt file,

P2P although it might be partly legit is a protocol that is frowned upon by certain BigMedia parties, that to say it politely are not too amused about these online download activities and will try to frustrate it, so it can be a source of malcode, so if you are into that take utmost care not to get infested with malicious software.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!