Bing/Yahoo/Google redirects ... no other symptoms

Xander

Xander

Banned
Reaction score
66
Location
Niagara region, Ontario
Okay, it's been a while since I put my hat in my hand and posted one of these but this virus is kicking my ass.

Win7 Home system. MSN is his homepage and when he uses the Bing search box, it 404s. Tried going to Bing.com and it gives you a "You must update to Flash Player Pro" page.
All links on the page still say Bing.com. Even image properties on the page claim it's from Bing (thinking if it was some random site, I could search the registry for references).
It also does this in Safe Mode. :mad:

Reset anything network relevant with D7II.
Flushed DNS.
ADW found some common junk but didn't fix it.
MBAM ... same...just crumbs of the other stuff.
Combofix...nothing.
Nothing standing out in HijackThis.
Ran stuff I usually don't: Emsisoft CMD, Norton Power Cleaner, Norman and a few others....NOTHING.

Adapter settings are plain jane. Same results when wired or wireless.
HOSTS is empty.

He'd been running MSSE but I've swapped that for their KAV trial (nothing found).

I'm running a KAV offline disc but it's 90% done and has found nothing yet.

Next step will be an offline SFC in case it's one of those ATAPI.SYS type infections.

I even had him bring his router with him just in case it had been tampered with (but it did the same things on my network so it was just wishful thinking)
 
Have you run Rogue Killer? Might run that, and also use their tools there to try to kill off any proxies and to reset the host file.

Might take Kaspersky off temporarily and hit it with combofix also. What browser is he using? IE? Might try alternate browser to see if behaviors change. If so, then you might do a reset on IE. Also, maybe running the tweaking.com tool to reset all services etc may help?
 
Good ideas. As expected, the KAV Rescue found nothing.
Just restarted the offline SFC. Got a "found corrupt files but was unable to fix some of them." The CBS.log file was huge so I've deleted it and started it again for only-relevant info.
(Edit: Argh - second SFC didn't even create a log. Screw it. I'll come back to that one later)

Sorry, yes, Proxy settings were blank but now I'm remembering once where there was a second location other than Internet Options....where the heck was that? Did find that setting changed once, will just have to get back into Windows and try to remember where that location was.
 
Last edited:
What browser is the client using? I'd bet Firefox.

See if a manual proxy was set up.
 
Happens cross-browser.
Well, when I got into Windows, I was greeted with a 169.254 address. {sigh}
Before I spotted that, Bing was still redirected so it was still doing it offline. Hmmmm...

Pulled up Tweaking.com's Repair and ran that on the parts relevant. Rebooted and....normal Bing. Yay!...but I'd rather know exactly where the little ******* (setting) was hiding. This was the slipperiest little bugger I've come across in a couple of years.

And now I really want to remember where that other Proxy setting was that came up once. I'm thinking it was in the registry. Will need to find it and check if Nick has it covered in D7II's resets.
 
Last edited:
Just checked Tweaking's log.... nothing useful. Just "reset this" and "reset that", it doesn't do any checking on whether or not there's a bad setting in the first place.
 
every once in a while there is an additional proxy server entry in

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings .
 
Last edited:
You must log in or register to reply here.

Similar threads

lan101
Youtube TV Google account management change payment information
Replies
17
Views
2K
lan101
lan101
britechguy
Any favorite "off brand" NUCs you've tried?
2
Replies
27
Views
3K
britechguy
britechguy
Fred Claus
Removing Google My business reviews
Replies
12
Views
2K
NviGate Systems
NviGate Systems
HCHTech
Fun with Google Business listing
Replies
1
Views
609
ThatPlace928
ThatPlace928
lan101
Why do HP printers suck so bad lol
Replies
12
Views
826
GTP
GTP
Back
Top