Results 1 to 9 of 9

Thread: 1st two results always ads for google

  1. #1
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Default 1st two results always ads for google

    Hi,

    Whenever I do a google search, and then click on a link, the first two times I do will be some random webpage. It will then go to the correct link the third time.

    It is consistent behavior and always two random pages then fine.

    I have run the latest spybot as well a Defender and nothing is found.

    Any ideas?

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello DarrelB,

    we need more information on this to make an analysis.
    For instance which webrowser are you using and which operating system and so on. Do you remember when this behaviour first appeared? Did you install anything or did anyone else use your computer?

    Some of these question can be answered by submitting a Spybot report.
    You can get a Spybo report, if you switch Spybot into advanced mode (see Mode), then click on "Tools", and then "View Report". There confirm that the checkboxes are checked and click on the green button with the arrow labeled "View report" . Export the report to a text file and attach it to your next post.

    If possible also submit some screenshots of the ad redirection within your googlesearch.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Default

    Thank you for your reply. I will run that report tonight (problem is with my home computer).

    What I do know is:
    I am running XP Home Edition with latest updates.
    I am using IE (latest version before 7)

    I have a feeling it may have got me when I loaded a codec to view a movie from youtube. I only say thins because I have 3 computers networked at home and none of the other are infected. I also am very careful about going to sites which are usspicious and installing a codec is something I know can come back to bite you but I run NAV Enterprise edition and always have fileprotection up to date and running so assumed I was at least mostly protected.

    I will post the results of the log file as soon as I can run it.

    The redirection is real fast and had to SS. I know it goes to an ipaddress starting with 85.255. I did manage to catch the address and write it down, and a searcg on the interent does not show the address as a hit for anything giving me the impression it is blacklisted, always a bad sign.

    The closest I can come is another post here referencing searchesengine. IT is like that. My borwser is hijacked and redirected to random sites but only the 1st two times.

    I booted to safe mode and ran SpyBot, SpyDoctor, NAV, Ewido and one other and got clean results. Rebooted to normal mode and the redirect is still present.

    I have deleted my temp internet files, temp files, turned off Restore, deleted the temp files from my login Local Settings, edited the registry to remove any DHCPNAME Server references...damn thing is persistent.
    Last edited by DarrelB; 2006-11-13 at 19:32.

  4. #4
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Default

    ok. The report is 200kb and I am only allowed 19kb. Is there a particular section I can cut out and attach?

  5. #5
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Default

    One other thing. The site it is redirecting me to is 85.255.116.222.

    I have run the ulitmate boot cd using all the malware and anti-virus tools and still no go for a fix. I am dreading a complete wipe and re-install so any help would be appreciated!

  6. #6
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Default

    Quote Originally Posted by Yodama View Post
    hello DarrelB,

    we need more information on this to make an analysis.
    For instance which webrowser are you using and which operating system and so on. Do you remember when this behaviour first appeared? Did you install anything or did anyone else use your computer?

    Some of these question can be answered by submitting a Spybot report.
    You can get a Spybo report, if you switch Spybot into advanced mode (see Mode), then click on "Tools", and then "View Report". There confirm that the checkboxes are checked and click on the green button with the arrow labeled "View report" . Export the report to a text file and attach it to your next post.

    If possible also submit some screenshots of the ad redirection within your googlesearch.
    It should be noted that it only happens with IE. Firefox works fine and seem sto ignore the infestation. I d/l a trial version of RemoveIt Pro which supposedly found something called Sys32.alcxmntr but would only clean it if I upgraded to the non-trial version.

    I am a little suspicious because if you remove the Sys32. it is the name of my realtek driver and a search of the web did not find one mention of sys32.alcxmntr so it smells of rats.

  7. #7
    Junior Member
    Join Date
    Nov 2006
    Posts
    1

    Default

    Hi,

    I have the same problem on a friend computer. Each google search are redirected to this IP address (only first click on the result).

    There are no strange software installed, I have installed F-Prot BETA 6 and Spybot with full updated and resident activated but the problem is not fixed.

    Did you revolved the problem ?
    I have uninstall all Yahoo, Adobe and Google toolbar for IE.

    The problem does not appears with Google search with Firefox.

  8. #8
    Junior Member
    Join Date
    Nov 2006
    Posts
    1

    Post First two results always ada for Google.

    Hi, Darrel
    I have had exactly the same problem for the last two weeks. Whenever I click on a site listed by Google, it matters not what the subject is, I get a dropdown window from the Spyware Doctor program that this site,
    85.255.116.222, is dangerous and do I want to continue.
    After trying umpteen programs without success I sent Spyware Doctor data on my computer, through tools>malware detective, and am now hoping their Level 2 can come up with a solution.
    Have you had any success? If affirmative, I would be grateful for your input.

  9. #9
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Hello everyone.
    IP address: 85.255.116.222
    Reverse DNS: 85.255.116.222-xbox.dedi.inhoster.com.
    Reverse DNS authenticity: [Could be forged: hostname 85.255.116.222-xbox.dedi.inhoster.com. does not exist]
    ASN: 27595
    ASN Name: INTERCAGE
    IP range connectivity: 0
    Registrar (per ASN): ARIN
    Country (per IP registrar): BY [Belarus]
    Country Currency: Unknown
    Country IP Range: 85.255.112.0 to 85.255.127.255
    Country fraud profile: High
    City (per outside source): Kharkiv, Kharkivs'Ka Oblast'
    Country (per outside source): UA [Ukraine]
    If you would like to post a Spybot S&D log so that we can check the System please do the following:

    Spybot-S&D version 1.4
    Version 1.4 :Systems Supported
    • Close all browsers
    • Open SpyBot, check for and get any updates available
    • Check for problems and fix everything found in red
    • Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
    • Uncheck[ ] do not report disabled or known legitimate Items.
    • Uncheck[ ] Include a list of services in report.
    • Uncheck[ ] Include uninstall list in report.
    • Now select (near the top) view report.
    • Click export and in the 'save in' box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.


    If you cannot attach the Spybot-S&D log take as many posts as needed, however the instructions given usually produce manageable logs.

    Or:
    Follow the instructions in this sticky topic to post a HJT log in malware removal.
    "BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D

    Then start your own thread in the malware forum and copy/paste the HJT log into the topic:
    Malware Removal Forum

    Cheers.
    Last edited by tashi; 2006-11-26 at 21:08. Reason: Added info
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •