Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is this related to the google 302 hijack?

Status
Not open for further replies.

GEAK

Instructor
Feb 1, 2001
90
US
This one is making me absolutely crazy. Here are the symptoms:
1. I load the google search engine (happens with both google.com or google.ca).
2. I enter a search criteria & it brings up a series of results.
3. Occasionally when I click on one of the SERPs I'm taken to a website in Germany (some are *.de, some are *.com, all are German).
If I hit the back button and click on the link a second time it either takes me to a different German web page or to the actual site referenced in the SERP. On rare occasions it redirects me to google.de using the same search criteria that I started with.

If I don't close the browser I'll get occasional popups, also to sites in Germany.

Incidentally, it is extremely hard to replicate. It happens about one in ten times that I do a google search.

I've run a virus scan (AVG), ad-aware, spybot s&d, spyware blaster, spy sweeper, ewido, hijack this and a couple others and everything comes up clean. I've got multiple PCs using a shared connection and only one is affected by this.

What is the most frustrating about it is that I work in tech support and I deal with these things all the time (including manual removal of some of the nastier ones). But nothing I've done can seem to stop this.

I've read about the google 302 exploit but this sounds decidedly different.
 
Follow-up: I guess it had been a while since I'd run an ewido scan - the last time must've been before this manifested itself. I reinstalled, updated & ran ewido and it found a BHO trojan. It appears to have been a valid BHO that was infected - explaining why I missed it in Hijack This.
I'm curious as to why it wasn't flagged by AVG. Since removing the infected files (there were two detected) I haven't been able to reproduce the problem.
 
well its the old common rule, no antivirus catches everything. This is the reason its wise to use more than one program.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top