CoachellaMVCD
asked on
redirecting trafic after googling,
Hi Everyone,
We have problem on one of ours employee computer. After he is doing google search, and tries to go to one of the results links, his trafic is getting redirected to the link http://pagead.googledoubleclicks.com our out baracuda firewall is blocking content of this site like a suspisitios site. When he try going directly to the same page he is able. Also when we hover over the link on baracuda blocking page, it is saying that link is going to homesearchdirectory, if anybody has any idea please let us know
CVMVCD IT Stuff
We have problem on one of ours employee computer. After he is doing google search, and tries to go to one of the results links, his trafic is getting redirected to the link http://pagead.googledoubleclicks.com our out baracuda firewall is blocking content of this site like a suspisitios site. When he try going directly to the same page he is able. Also when we hover over the link on baracuda blocking page, it is saying that link is going to homesearchdirectory, if anybody has any idea please let us know
CVMVCD IT Stuff
Sounds like the MEDFOS trojan. Have you done virus scans independent of your real-time antivirus?
ASKER
Hi Jornak,
thank you for your response, we are right now doing scan, and we will see results, also we found this liek possible answer http://www.zimbio.com/Spyware/articles/F7-aP5UwjPj/How+Remove+Trojan+Win32+Medfos+Get+Rid+Medfos do you think this will work
CVMVCD IT Stuff
thank you for your response, we are right now doing scan, and we will see results, also we found this liek possible answer http://www.zimbio.com/Spyware/articles/F7-aP5UwjPj/How+Remove+Trojan+Win32+Medfos+Get+Rid+Medfos do you think this will work
CVMVCD IT Stuff
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Jornak,
thank you a lot, we are working on fixing this problem, if we have any questions we will be asking you, if not we will accept you answer once we are done
CVMVCD IT Stuff
thank you a lot, we are working on fixing this problem, if we have any questions we will be asking you, if not we will accept you answer once we are done
CVMVCD IT Stuff
ASKER
Hi Jornak,
so far we are not successfull in finding MEDFOS, we are going to contuinue searching for it, and possible cleaning , do you think that anything else can cause this problem, except MEDFOS
CVMVCD IT Stuff
so far we are not successfull in finding MEDFOS, we are going to contuinue searching for it, and possible cleaning , do you think that anything else can cause this problem, except MEDFOS
CVMVCD IT Stuff
It definitely has to be malware. I have no doubt in my mind.
ASKER
Hi Jonak,
One important information, that we didn't say so far, we are running windows 7 64 bit
CVMVCD IT Stuff
One important information, that we didn't say so far, we are running windows 7 64 bit
CVMVCD IT Stuff
Ah, that shouldn't really change anything. Any more luck?
ASKER
Hi Jornak,
combofix did work, thank you very much
CVMVCD IT Stuff
combofix did work, thank you very much
CVMVCD IT Stuff
@CoachellaMVCD,
I suggest that you spend a little more time on that system and run some other scans. "ComboFix" is one of the very best tools available, but it can't hurt to fire off a couple more weapons.
For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.
If the tool finds a hidden service it will prompt you to type "delete", you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.
You can also try FixTDSS.exe from Symantec:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe
There are several EE Articles that cover all of the basics of proper malware removal and I encourage to to familiarize yourself with the steps you need to take.
"Google Hijack" - Google Search Gets Redirected:
THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED:
https://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great- name
https://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Ai d-for-Malw are
https://www.experts-exchange.com/A_6650.html Malware Fighting – Best Practices
I suggest that you spend a little more time on that system and run some other scans. "ComboFix" is one of the very best tools available, but it can't hurt to fire off a couple more weapons.
For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.
If the tool finds a hidden service it will prompt you to type "delete", you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.
You can also try FixTDSS.exe from Symantec:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe
There are several EE Articles that cover all of the basics of proper malware removal and I encourage to to familiarize yourself with the steps you need to take.
"Google Hijack" - Google Search Gets Redirected:
THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED:
https://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-
https://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Ai
https://www.experts-exchange.com/A_6650.html Malware Fighting – Best Practices