Expert: James Filmer - 1/6/2010

Question
QUESTION: Using a Dell Dimension 4100 desktop PC. O/S is : Windows XP. This is the first time I have had this problem but....I have had it for days. I am an intermediate user.

Example of Problem: Let's say I am on the google home page and type something into the search box. When I hit the search button, It takes me to someplace else and opens at least one or two more windows, all with advertisments of other search engines or web questionares or something like that. I have come to the conclusion that this must be sometype of spyware or something hidden in a trojan horse or something along those lines.
I have tried finding something with AVG, Malwarebites and another trojan finder program, all to no avail. I even emailed another advisor to check out a couple of possible things in my C: drive that I thought it could have been.

I don't know what else to do or try other than just wipeing my hard drive clean and starting again. Any suggestions on what else I can try or look for that is causing this PC to do this?

Any help you can give me would be appreciated.

ANSWER: Don,
I'll need some more info to help you find the fix.
Do you use only one browser? Which one? Do you use more than one? If so, does it happen in the other(s)? Have you added any toolbars lately, or new software that comes with or without a toolbar?

What security applications (names and versions) are on your system (in Add/Remove Programs) and which ones do you actually use? (besides AVG and Malwarebytes) Is it AVG antivirus only, or AVG Internet Security?

Do you clean your cookies, history and cache? If not, install CCleaner or a similar free, safe cleaner (enrgy21.com/tools or ccleaner.com).

Do you accept third party cookies in your browser? Do you know how to reconfigure cookie settings?

There's more discussion about your problem here: http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/resolv
Scroll past the HijackThis logs for posts about cleaning, disabling system restore...but don't want you to try anything yet (unless you want to), just provide a little more info. Thanks.


---------- FOLLOW-UP ----------

QUESTION: James,
I only use one browser, Internet Explorer 8. I only use one toolbar and that would be the standard MS toolbar that is included in XP. A far as security software, I use both AVG (Anti-Virus Only)and Zone Alarm. I also use ad-aware and Malwarebites to regulary scan (Almost on a daily basis) for spyware and malware. I clean my cookies, history and cache at least once a day and sometime twice depending on which websites I have visited. I also do not accept third party cookies. I also clean my registry about once or twice a week.

After a lot of digging around and reading, I think that I know what the virus is: Google redirect Virus. It seems to be some type of Trojan virus / browser hijacker. It looks like, from what I have been able to find, that it is becoming a wide problem and very few answers that someone with my skill level can understand mush less fix.

Any other info you need, just ask... I am about ready to hang my sister-in-laws son since he was the one using my PC when it got infected. Hopefully you can save his life....lol

Thanks fo all of the help.

ANSWER: Don,

Open IE and click Tools > Manage Add-ons and tell me what you see Enabled
under Toolbars and Extensions, Search Providers and Accelerators.  (will do what I can to help him - and you lol)



---------- FOLLOW-UP ----------

QUESTION: James,

Here is the info:

Under Toolbar:      Adobe Shockwave Flash    Enabled
         Adobe PDF Link Helper    Enabled
         AVG Safe Search          Enabled
         Windows Messenger        Disabled


Under Search Provider:         Bing


Under Accelerators:          Live.Com

Under In Private Filtering:    "None"


I hope that this helps. As always, anything else you need, don't hesitate to ask. Since our last correspondance earlier today, a friend of mine who actuall has a small (Sideline) PC repair businesss gave me a ring. He has one of his customers who brought in their PC and it is doing the exact same thing. After reading all those blogs last night and hearing his story...I am wondering just when this thing went viral??  

Don

Answer
Install Hijackthis and run a scan that includes the log. Copy/Paste the log here and reply.
http://free.antivirus.com/hijackthis/ Let me take a closer look at what's on your system.

Do you use Spybot's immunization feature? Open Spybot to Help>Index>Immunization. Enable that feature, fully immunize, and check for updates at least once a week.

You may also need to further restrict 3rd party vendors (and their cookies). You can do that in IE by going to Tools>Internet Options>Advanced>Override automatic...Accept First-Party Cookies>Check Always allow session cookies and Block or Prompt. Test both ways, Blocked works for me in all browsers and can still access what I want fine. Also, most other browsers don't use ActiveX which can be used by sites for pop-ups and redirects.

Might try a different one like Firefox, K-Meleon or Opera (more on enrgy21.com/tools) for general surfing. But if not, that's fine too. In IE Include Google as an Enabled Search Provider just in case it not being there, is related to the problem.