[Inactive] Google redirecting user to newsfudge website and others

[angelatarantula]

User on Windows 7 x64 business desktop, using google and getting redirected all the time no matter what searching for, does not seem to happen for administrator log on.  The attached HJT log is run as administrator, but on reading your stickys I am going to run another as the user and repost.  Let me know if you need more information.

[angelatarantula]

pls find attached log for user profile and not admin.

[1972vet]

Greetings angelatarantula and Welcome to our Forums,

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. Next, please download the free utility DDS from any of these locations...Here, Here...or Here.
Note - Some infections may prevent certain executable files from running on your computer. If one of these download locations results in a failed run of the utility, please try the next location until you find one that will work on your machine
Double click dds.scr to run the tool

• When it completes, DDS will open two (2) logs:
• DDS.txt
• Attach.txt
• Save both reports to your desktop.

Next, please install WinPatrol Free version Here...and install it using default settings (change nothing during the installation). When the installation completes, double-click the WinPatrol icon in your system tray to open the user interface. Click on the "Options" tab. Click on the Hijack Log button. Wait for a notepad file to open containing the logged system analysis information and save it to your destktop. You can name the log "WinPatrol Hijack" log.

Please remember to include the following logs in your next reply.

• DDS.txt
  
• Attach.txt
  
• WinPatrol Hijack Log
  

[angelatarantula]

I have McAfee Version 8.8i and there is no option to exit to temporarily disable.  I've tried to search for answers but too many results to trawl through, our antivirus is controlled by group policy if this helps.  It has a virus console - we have limited access, If i change anything as an admin - it will revert back after a certain amount of time.

I may not be able to revisit this until Thursday.

Thanks for your help.

Angela.

[1972vet]

Can you confirm for me that you have permission from the business to make changes to that computer? I assume there is no IT department?

[angelatarantula]

Yes, I am the It admin on site.

[1972vet]

Alright, thanks. Despite your inability to disable McAfee, were you able to run the tools I requested that you download?

[1972vet]

Are you still with us angelatarantula? Still needing assistance?

[angelatarantula]

Sorry out of the office yesterday, I am running everything today.

[angelatarantula]

Unable to disable McAfee.

Ran DDS and only got one log file DDS (not Attach).

[1972vet]

Thanks. In order for us to continue helping you with this issue, there are a couple things I need to point out...the troubled computer needs to be taken offline, and the troubled computer needs to have McAfee disabled. Since I already know about the problem you had with McAfee, I need to ask you to uninstall it.

Would you be able to do this?

[1972vet]

From the WinPatrol log you posted, I am able to ascertain that the system has some connection with a domain registered from Romania. This is evidently due to a proxy in use. Is this what you wanted and did you set this up?

This behavior seems related to the program WatchGuard. Did you install this and do you use it for this purpose? I suspect that this is actually by design and such behavior is intended for avoiding, or confusing a "sidejack". Sidejacking is a relatively new technique wherein a remote hacker, using web sniffing tools, can find the IP address of any user connected via a shared wireless connection, and view a listing of every place that user has browsed on that network (for that session).

If this isn't something that YOU set up, then it's entirely possible that someone (remotely) has already sidejacked that system.

Other than this particular item I've noted, I see no other questionable event or item from anything you've posted so far. That said, if your issue persists, then we do need to take that system offline, uninstall McAfee (making certain first, that you've "un-encrypted" the hard drive)...in order to take a deeper look inside the box so we can decide which way to proceed. Let me know if this is something you'd like to do. Thanks!

[1972vet]

Still with us angelatarantula?

[angelatarantula]

Hi,

Thanks for your help, we do indeed have watchguard but this is by design.

I am taking the PC off the network as you advise and working on the matter in house.

I'll close this thread, thanks for your help.

[1972vet]

I understand you've fixed this issue yourself? Please tell us what you have done that eliminated your redirecting issues. Thanks!

PS---not just because I'm curious, but because this thread would be the second thread you created where you haven't followed through with the instructions posted for you. It would be much better for all of us if you would share your findings so that other forum readers can benefit as well from your issue as it is resolved.

As is, this thread, and This one will have had no final outcome.