Expert: James Filmer - 12/3/2009

Question
QUESTION: Google search links are being redirected to commercial websites, often related to the search subject, but useless.
AVG Free 9.0 found only FakeAlert.LF. Its in the vault. I run Windows XP/SP3, Adaware free, Spybot, Stinger, Zone Alarm.

This happens with Firefox, IE and Safari. Thanks for any help you can provide.

ANSWER: Please install SuperAntispyware, a-squared or Malwarebytes.  Free and free-trial full versions are available on Enrgy21.com. Run a full system scan twice. All 3 are excellent. Having two is OK (one might miss something), but one should only have only as much security as they can understand and keep updated. Keep Spybot and Stinger. Let me know what you find and if the problem persists.


---------- FOLLOW-UP ----------

QUESTION: I ran all three of your suggested security apps. Malwarebytes and SuperAntispyware found nothing. a-squared found an exploit, 4 trojans and a virus, all associated with java. It removed the virus, the exploit and the trojan (quarantine). Said could not remove the other trojans. I'm afraid to search for removal tools because I keep getting sent to questionable sites. I tried to attach a screen shot of the a-squared report Thanks for your help.

Keefe

ANSWER: Keefe,


Turn off System Restore:

http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may1

Restart and run a-sguared again. That might allow you to remove the other trojans/spyware and fix the problem. Let me know.

Another solution: download and install HiJackthis: http://free.antivirus.com/hijackthis/

There are several forums that specialize in analyzing the logs: http://hjt-data.trendmicro.com/hjt/analyzethis/index.php

There are allexperts that review logs too: http://www.allexperts.com/el/Computer-Security-Viruses/

I'm a log expert as well, but a person should always have a TEAM of experts to review logs and give advice. A team is much better than one person when it comes to this utility.

Or, if you can't or rather not (HiJackThis), there are other things we can do manually. Just let me know. Make sure you have the latest Windows security updates as well, and use a temp cleaner like CCleaner.com to clean your cache, cookies...(unless you already do this). Basic info can be found on enrgy21.com's tips.

On my profile it says, "Please, no HiJackThis logs unless I request it. There are several reputable forums that specialize in analyzing them." Some logs require more analysis than others. I believe yours might fall into that category.


---------- FOLLOW-UP ----------

QUESTION: Ran a-square again as above. This time it showed only cookies, marked as potential threats. I made a hijackthis log but haven't sent it anywhere yet. Using Add/Remove programs I removed anything with java in the title, including something called update 6. I haven't put in the latest java yet. The redirection seems to have stopped and things seem to be back to normal, although I doubt this machine is clean. a-square occasionally warns of a redirection, which it blocks. Should I get the latest Java, and if so where. Thanks for all the help and useful info.

Keefe

Answer
Keefe,

(* new 4th paragraph)

"Clean" is a relative term. Unless you're a computer security genius, it's unlikely you can keep all threats off your system, all the time. That's why it's good to have more than antispyware application, real-time virus scanning and a Firewall. And, it's good to develop your own system security maintenance procedures like checking for software updates, malware (virus, trojan...) scanning, and removal of temp files, cookies and cache at least once a week (see Tips, enrgy21.com)

Here's a small security tool that may identify and remove an additional threat if you have it;
http://free.antivirus.com/cwshredder/

Also, consider learning about and using Spybot advanced features IE tweak: Lock Hosts file read-only as protection against hijackers and ; Hosts File-Add Spybot S&D hosts list.

*System and browser immunization is available in Spybot and very helpful as well.

Spybot Resident is helpful for overall security, but if you enable them, SDHelper and Teatimer (or 1) be aware you might need to disable (uncheck) if major update in another security application fails.

http://www.java.com/en/download/index.jsp is where you get Java.

Please let me know if you're having any more problems. Note too that if you have any toolbars (Yahoo for example), they sometimes redirect (some more than others). Do you have any addon toolbars?