 |  |  |  |  |  |  |  |
Redirect of Google to Porn
 |
P.S.
I just found out a strange thing. When I search for ******.*** at Google I get no hit, but when I search for the same thing at Yahoo it finds Googl without problem.
Very odd!
I just found out a strange thing. When I search for ******.*** at Google I get no hit, but when I search for the same thing at Yahoo it finds Googl without problem.
Very odd!
Last edited by DMR; Apr 4th, 2005 at 12:34 am.
Those are lower case Q's, not G's; it's qooql, instead of googl, try doing some searching on your system for that.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
•
•
•
•
Originally Posted by dlh6213
Those are lower case Q's, not G's; it's qooql, instead of googl, try doing some searching on your system for that.
Can it be held responible.
Regards Trandill
Last edited by DMR; Apr 4th, 2005 at 12:30 am.
Yes, that could be the problem, have HJT fix this line and see if it helps:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hugason.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hugason.com
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
•
•
•
•
Originally Posted by dlh6213
Yes, that could be the problem, have HJT fix this line and see if it helps:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hugason.com
Sorry, that is my home page
Hi there
I finally found the solution. It was to simple to be true. Run Active Scan from www.pandasoftware.com
Here is the scan result. Some file here was the cause of my problem. I do not know wich one.
[LEFT]Incident Status Location
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Reynir\Local Settings\Temp\sp.html
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Deleted Items\Re: Hi\priv.zip[data.rtf .scr]
Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Deleted Items\
\AttachedDocument.zip
Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Deleted Items\:-)\Message.zip
Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Deleted Items\\AttachedDocument.zip
Virus:W32/Bagle.C.worm Disinfected Personal Folders\Inbox\Greet the day\dcccbaca.zip[dmaiaupl.exe]
Virus:W32/Bagle.D.worm Disinfected Personal Folders\Inbox\Accounts department\dcbaabbba.zip[fwdyvwps.exe]
Virus:W32/Bagle.E.worm Disinfected Personal Folders\Inbox\Price list\cdaa.zip[nhphgvoh.exe]
Virus:Trj/Citifraud.A Disinfected Personal Folders\Inbox\HSBC BANK: ACCOUNT UPDATE [Fri, 08 Oct 2004 14:25:52 -0700]\MSG_HTML.TXT
Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Deleted Items\\AttachedDocument.zip
Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Deleted Items\:-)\Message.zip
Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Deleted Items\\AttachedDocument.zip
Virus:W32/Bagle.C.worm Disinfected Personal Folders\Inbox\Greet the day\dcccbaca.zip[dmaiaupl.exe]
Virus:W32/Bagle.D.worm Disinfected Personal Folders\Inbox\Accounts department\dcbaabbba.zip[fwdyvwps.exe]
Virus:W32/Bagle.E.worm Disinfected Personal Folders\Inbox\Price list\cdaa.zip[nhphgvoh.exe]
Virus:Trj/Citifraud.A Disinfected Personal Folders\Inbox\HSBC BANK: ACCOUNT UPDATE [Fri, 08 Oct 2004 14:25:52 -0700]\MSG_HTML.TXT
Virus:Trj/Downloader.WT Disinfected C:\Documents and Settings\Reynir.MYXP\Desktop\4 spors listar\backups\backup-20050329-080518-140.inf
Virus:Trj/Downloader.WT Disinfected C:\Documents and Settings\Reynir.MYXP\Desktop\4 spors listar\backups\backup-20050329-080518-327.inf
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Reynir.MYXP\Desktop\4 spors listar\backups\backup-20050329-080519-408.inf
Adware:Adware/Minibug No disinfected C:\Program Files\AIM\Sysfiles\WxBug.EXE
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Virus:W32/Gaobot.ALK.worm Disinfected C:\WINDOWS\system32\TFTP3528
Virus:W32/Sdbot.CID.worm Disinfected C:\WINDOWS\system32\TFTP2296
Virus:Trj/Downloader.ASM Disinfected C:\WINDOWS\system32\usbn.exe
Virus:Bck/Small.HN Disinfected C:\WINDOWS\system32\thun32.dll
Virus:Trj/Downloader.WT Disinfected C:\WINDOWS\LastGood\Downloaded Program Files\eied.inf
Virus:Trj/Downloader.WT Disinfected C:\WINDOWS\LastGood\Downloaded Program Files\start85.inf
Adware:Adware/PurityScan No disinfected C:\WINDOWS\LastGood\Downloaded Program Files\start.INF
I finally found the solution. It was to simple to be true. Run Active Scan from www.pandasoftware.com
Here is the scan result. Some file here was the cause of my problem. I do not know wich one.
[LEFT]Incident Status Location
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Reynir\Local Settings\Temp\sp.html
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Deleted Items\Re: Hi\priv.zip[data.rtf .scr]
Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Deleted Items\
\AttachedDocument.zip Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Deleted Items\:-)\Message.zip
Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Deleted Items\
\AttachedDocument.zip Virus:W32/Bagle.C.worm Disinfected Personal Folders\Inbox\Greet the day\dcccbaca.zip[dmaiaupl.exe]
Virus:W32/Bagle.D.worm Disinfected Personal Folders\Inbox\Accounts department\dcbaabbba.zip[fwdyvwps.exe]
Virus:W32/Bagle.E.worm Disinfected Personal Folders\Inbox\Price list\cdaa.zip[nhphgvoh.exe]
Virus:Trj/Citifraud.A Disinfected Personal Folders\Inbox\HSBC BANK: ACCOUNT UPDATE [Fri, 08 Oct 2004 14:25:52 -0700]\MSG_HTML.TXT
Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Deleted Items\
\AttachedDocument.zip Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Deleted Items\:-)\Message.zip
Virus:W32/Bagle.pwdzip Disinfected Personal Folders\Deleted Items\
\AttachedDocument.zip Virus:W32/Bagle.C.worm Disinfected Personal Folders\Inbox\Greet the day\dcccbaca.zip[dmaiaupl.exe]
Virus:W32/Bagle.D.worm Disinfected Personal Folders\Inbox\Accounts department\dcbaabbba.zip[fwdyvwps.exe]
Virus:W32/Bagle.E.worm Disinfected Personal Folders\Inbox\Price list\cdaa.zip[nhphgvoh.exe]
Virus:Trj/Citifraud.A Disinfected Personal Folders\Inbox\HSBC BANK: ACCOUNT UPDATE [Fri, 08 Oct 2004 14:25:52 -0700]\MSG_HTML.TXT
Virus:Trj/Downloader.WT Disinfected C:\Documents and Settings\Reynir.MYXP\Desktop\4 spors listar\backups\backup-20050329-080518-140.inf
Virus:Trj/Downloader.WT Disinfected C:\Documents and Settings\Reynir.MYXP\Desktop\4 spors listar\backups\backup-20050329-080518-327.inf
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Reynir.MYXP\Desktop\4 spors listar\backups\backup-20050329-080519-408.inf
Adware:Adware/Minibug No disinfected C:\Program Files\AIM\Sysfiles\WxBug.EXE
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Virus:W32/Gaobot.ALK.worm Disinfected C:\WINDOWS\system32\TFTP3528
Virus:W32/Sdbot.CID.worm Disinfected C:\WINDOWS\system32\TFTP2296
Virus:Trj/Downloader.ASM Disinfected C:\WINDOWS\system32\usbn.exe
Virus:Bck/Small.HN Disinfected C:\WINDOWS\system32\thun32.dll
Virus:Trj/Downloader.WT Disinfected C:\WINDOWS\LastGood\Downloaded Program Files\eied.inf
Virus:Trj/Downloader.WT Disinfected C:\WINDOWS\LastGood\Downloaded Program Files\start85.inf
Adware:Adware/PurityScan No disinfected C:\WINDOWS\LastGood\Downloaded Program Files\start.INF
An infection that redirects URLs but doesn't show up in a HJT scan? That's not good.
Glad you were able to get rid of it, although I can't tell you which of the infected entities was responsible.
There is no Images choice on the googl page I'm looking at. 
As far as seeking legal retribution- that could be a long and frustrating process; the address/contact info in their WHOIS record is bogus...
Glad you were able to get rid of it, although I can't tell you which of the infected entities was responsible.
•
•
•
•
About Googl as a porn side. Try clicking on Images on the the main page.
As far as seeking legal retribution- that could be a long and frustrating process; the address/contact info in their WHOIS record is bogus...
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
•
•
Originally Posted by DMR
An infection that redirects URLs but doesn't show up in a HJT scan? That's not good.
Glad you were able to get rid of it, although I can't tell you which of the infected entities was responsible.
There is no Images choice on the googl page I'm looking at.
..
Maybe I will have to run ActiveScan again.
Regards Trandill
Last edited by DMR; Apr 4th, 2005 at 12:28 am.
Sorry, but given the content on the websites we're getting in to, I've had to edit some of the links in our discussion here.
Going to www.my*****.*** and to www.googl.com bring up entirely different pages for me. Yes- the my*****.*** site does bring up the porn links as you said, but simply going to "www.googl.com" does not.
It seems that we're getting off of (or perhaps more deeply into) the original question, so I should advise the following:
Please don't post any further references to the "my*****.***" site/URL. They will be immediately deleted, as that site contains content that is entirely inappropriate here.
Going to www.my*****.*** and to www.googl.com bring up entirely different pages for me. Yes- the my*****.*** site does bring up the porn links as you said, but simply going to "www.googl.com" does not.
It seems that we're getting off of (or perhaps more deeply into) the original question, so I should advise the following:
Please don't post any further references to the "my*****.***" site/URL. They will be immediately deleted, as that site contains content that is entirely inappropriate here.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Thank You - Hotoffers Popup gone!
- Next Thread: For kgraczyk: iSearch Spyware
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
