ReDirected to wrong sites

When ever I run a search on Google (or any search engine), if I click on a link I get redirected to a dif site that has junk and malware on it.  I follow the directions for cleaning up the hosts files but did not help. Tried using NPE, did not find anything.  Clicked on link for next step in the help process but the site will not open.  The site is: 

http://sitedirector.symantec.com/932743328/?ssdcat=221&lcid=1033&origin=techsup&env=prod&layout=esd&tooltype=nbrt

 

Any ideas on how I can stop this redirecting from happening?  Real pain in the neck.   Thank you,  HDT

When ever I run a search on Google (or any search engine), if I click on a link I get redirected to a dif site that has junk and malware on it.  I follow the directions for cleaning up the hosts files but did not help. Tried using NPE, did not find anything.  Clicked on link for next step in the help process but the site will not open.  The site is: 

http://sitedirector.symantec.com/932743328/?ssdcat=221&lcid=1033&origin=techsup&env=prod&layout=esd&tooltype=nbrt

 

Any ideas on how I can stop this redirecting from happening?  Real pain in the neck.   Thank you,  HDT

Using Norton INS 2012, no infections found, have even tried Norton Power Eraser.  running WinXPpro, on a Intel CoreDuo machine btw,  All updates installed on both.  Makes no dif if I run the search in InEx 8, FireFox, or Opera  Same thing happens with all three.

Hi HeyDoubleT:

 

From what you are saying, I think that your search results have been hijacked.

Could you try deleting your browser cache in each of the browsers, restart them and let us know?

 

Let's take it from there.

 

Thanks.

 

Atomic_Blast :)

Have done that with same results, tyvm for the sugestion though. 

Hi HeyDoubleT:

 

You might want to try running a full system scan with the free Malwarebytes' Anti-Malware (MBAM) scanner.  MBAM will occasionally detect malware missed by a NIS full system scan.

 

During your MBAM installation, decline the 15-day trial offer to use the advanced Pro features, since this might activate the real-time protection mode in MBAM, and it's never a good idea to have more than one security program trying to handle real-time protection on your system.  MBAM might find some old registry entries and PUPs (potentially unwanted programs), which are often just inert files on your hard drive left over from uninstalled toolbars, etc., and these types of detections often aren't a cause for concern.

------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Hello HeyDoubleT

 

Since 3 browsers are involved here and you have already tried some scans, I would recommend a visit to one of the free malware removal sites. They can give you the proper scans and tools to help clean up your machine if it's infected. They work with you 1 on  1 which can not be done here. Please register with one of them and describe your problem to them. Please let us know which one and how you are making out. Once they start helping you, we can't, but you can give us an update..

 

Please go to one of these free Forums for help in removing your bad malware or rootkits.


http://www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

(Thanks to Delph for providing the list of sites)

 

 

Please come back and let us know how you made out. Thanks.

Hi floplot:

 

Kind of funny, but I was thinking along similar lines.

Possibly some unusal type of Malware or Rootkit.

 

Thanks for posting those resources.

 

Hopefully, DoubleT will post back in this thread with the outcome.

 

Atomic_Blast :)

 

 

Ran the Malwarebytes, found one item, it fixed it. Then ran spybot, it found 3 more, fixed them.  Problem still there   I also think the seach results are being hijacked.  Going to try the others on the list next and see if that nasty little bugger can be found.  Will let you know what results I get   Thanks again to everyone for thier help.  

Why an unusual type of Malware / Rootkit??

 

Quads

Hello Quads:

 

Well, perhaps not unusual, but not detected by the above methods, I would think.

Any suggestions as to what it could be?

 

It seems you know quite a bit about these things, after looking at some of your posts.

Any expertise you can lend would be greatly appreciated. I'm curious myself. :smileyhappy:

 

Thanks,

 

Atomic_Blast :)

 

Edit - additional info.        

Hi HeyDoubleT:

 

Since the NIS, MBAM and Spybot S & D scans don't seem to have solved problem, all of the links that floplot listed in message # 7 to malware removal forums come highly recommended.  I've used the WhatTheTech Virus, Spyware & Malware Removal forum myself (see their instructions here for posting HijackThis, OTL and DDS logs in their forum) and I was assigned a tech expert that worked with me one-on-one until the problem was resolved.

 

Is it possible you had Spybot S & D TeaTimer module running on your PC in real-time protection mode at the same time as NIS 2012?  There are several reports in the forum of malware being able to get past NIS and other Norton products because of a conflict with the real-time protection from another security program.

--------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Hi Quads:

Yesterday, Mountain_Cougar reported here that NIS had blocked an intrusion attempt from the malicious Couch Potato adware, and that the attacking site was reported as liveupdate.symantecliveupdate.com.  I noticed that HeyDoubleT is reporting here that the re-direction is associated with http://sitedirector.symantec.com/......nbrt.

Do you know if there is any way for a user to determine if malware is simply spoofing the Symantec servers or if they're actually being infected when they connnect to the Symantec site (e.g., during an automatic LiveUpdate)?  
---------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Had this same problem. Norton Internet Security said it blocked something but that didn't stop the problem. And a full scan revealed nothing. Norton Power Eraser found nothing but Malwarebytes found three items. Erased those and the problem appears to have been fixed. Bit worrying that a free program can do what NIS and NPE couldn't.


hazjo wrote:

Had this same problem. Norton Internet Security said it blocked something but that didn't stop the problem. And a full scan revealed nothing. Norton Power Eraser found nothing but Malwarebytes found three items. Erased those and the problem appears to have been fixed. Bit worrying that a free program can do what NIS and NPE couldn't.


Welcome,

Malwarebytes free scanner is a great compliment to your Norton product. They look at things a bit differently and so tend to catch some of the things that slip through the cracks. Yes, there are cracks, no security product is perfect nor can any one of them stay ahead of the creators of the 'nasties'.

I keep Malwarebytes free scanner on my desktop and makes sure that it stays current so it's ready when I need it. I also hold NPE in reserve as it is a powerful tool and can cause some problems. Using the two, NIS and MWB, regularly is the best insurance you have against infections. Should one find you we'll be here to help squash it.

Good advice. And it seems I spoke a bit too soon. The problem seemed to be fixed after I ran Malwarebytes but now I'm getting misdirected about 50% of the time, usually to a page called Infomash. Ran MWB again and it found one more file but I'm still getting misdirected some of the time. I'll try some of the things suggested earlier in this thread but if you have any new suggestions I'd like to hear them.