Google searches being redirected

  StuFromPoole 14:30 03 Apr 2011
Locked

I read that there were problems with an SQL Injection called Lizamoon; am I being affected? When I Google a serach, both in IE and Firefox, a click on the returned links is being intercepted and I am redirected to other web pages. My AV reports that an attempt attack my PC has been blocked. I am curently running a deep scan and also running a SpyBot scan. If this returns no results (this is the second scan I have run today and all previous issues were reported as being resolved) should I worry and what can I do? As no-one else is asking this question, I worry that I am infected. Please help!

  birdface 14:47 03 Apr 2011

Try running HitmanPro and see if that finds any problems.

click here

If it finds any problems you have to activate it to remove any problems then you have 30 days before it runs out and you would need to delete it or pay for it.

  onthelimit1 15:02 03 Apr 2011

Try running the TDSS Killer from Kaspersky click here. This cured a similar probelm on my PC.

  StuFromPoole 15:48 03 Apr 2011

Hitman Pro found Malware "MDIMONS.DLL" and TDSS found and fixed one threat. However, the problem remains. If I type the web address the site loads properly. If I click on a link from Google or Bing etc for the same site, I am redirected, sometimes harmlessly to say Facebook, other times my AV pops up an Attack Warning. Any further help appreciated. Thanks.

  onthelimit1 17:00 03 Apr 2011

That is exactly the same prob I had - I'd run the TDSS Killer again.

  StuFromPoole 20:07 03 Apr 2011

So, I am now pretty sure I have a redirect virus. My AV finds nothing, Spybot finds nothing, TDSS Killer finds no threat when run the second time. Hitman Pro finds the following Malware and reports that it will be deleted on reboot, but the removal fails. The reported file is C:\windows\system32\mdimons.dll The report is that is a Gen. Variant. Vundo!IK
The file does not appear at the reported location, though. (Although ther eis a file called mdimon.dll) I have spent an hour in an online chat with my AV provider and drawn a blank. They say it may be a new variant without a fix right now. Any help grately appreciated.

  onthelimit1 20:55 03 Apr 2011

Might be worth trying an on-line scanner such as click here (free)

  birdface 21:18 03 Apr 2011

maybe try the free version of MalwareBytes and see if it removes it.

click here

  StuFromPoole 17:53 05 Apr 2011

Thanks to all for your assistance on this. To update you, MalwareBytes did not find or therefore fix any threats. So, I did a bit of further research and tried increasingly powerful tools. I was directed to a free tool called ComboFix that appears to have done the trick. My clicked links now take me to where I would expect and I have had a full day of safe surfing. ComboFix comes with its own warning of being a very powerful tool so use with care. Thanks again!

  songbird72884 00:13 26 May 2011

Hiya, I'm having a similar problem with google redirections, where can I get the ComboFix tool from? I'm wary of just googling it in case I get an infected site, but I'm starting to lose patience with all the 'clean' scans on everything else.

  lotvic 00:41 26 May 2011

Join the forum at beepingcomputer.com and they will guide you through it. Combofix can be downloaded from their site ClickHere for info

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 hack: How secure is your Wi-Fi?

HP’s new Surface Pro rival is designed specifically for Adobe-using designers and artists

Best kids apps for iPhone & iPad

Que faire si son iPhone ou iPad est tombé dans de l'eau ?