Shoutbox

Google search results forwards me to 201.218.196.152 - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Tech Talk (/forumdisplay.php?fid=17)
+----- Thread: Google search results forwards me to 201.218.196.152 (/showthread.php?tid=77808)

Google search results forwards me to 201.218.196.152 by zaher1988 on 09-27-2007 at 08:37 AM

It happens so many times that whenever I try to click on a Google search results entry (Now i've experienced it also with Yahoo!), i'm directly forwaded to http://201.218.196.152 then to a random site after that and not the site that appeared in the search results.

Okay this seems like hijacking or some spyware etc.. I have AVG anti spyware and McAfee security center (with AntiSpy ware and AV), both updated to the latest definitions, and none of them was able to catch anything but cookies.


quote:
Originally posted by Hijackthis report

Logfile of HijackThis v1.99.1
Scan saved at 11:40:23 AM, on 9/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
D:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\zaher\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\zaher\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\zaher\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/...&embedded=false
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {EB4CBA0B-97A1-4EEB-A11B-6D1707FABFFC} - C:\WINDOWS\system32\capesnp.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] "C:\Acer\Empowering Technology\ePresentation\ePresentation.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 0
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] "C:\Acer\Empowering Technology\ePower\Boot.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Acer\OrbiCam\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Acer\OrbiCam\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [eFax 4.2] "d:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - d:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - d:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl...0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16DEF2DB-E39F-4AAD-99D9-74D28924974D}: NameServer = 172.22.22.246
O17 - HKLM\System\CCS\Services\Tcpip\..\{6780BCAB-C6D1-4901-94F5-15CD09567040}: NameServer = 194.126.16.38,193.188.135.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{D48E28B0-8DAA-4F00-90D5-A7F433D6C093}: NameServer = 194.126.16.38,193.188.135.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{16DEF2DB-E39F-4AAD-99D9-74D28924974D}: NameServer = 172.22.22.246
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



RE: Google search results forwards me to 201.218.196.152 by Spunky on 09-27-2007 at 09:05 AM

If you think it may be something malicious doing this, can you please not post it as a link in case somebody accidentally clicks it. I've gone to the address nonetheless and it's a 404 error.

So it takes you to that site and then you get re-directed?


RE: Google search results forwards me to 201.218.196.152 by zaher1988 on 09-27-2007 at 09:36 AM

quote:
Originally posted by SpunkyLoveMuff
If you think it may be something malicious doing this, can you please not post it as a link in case somebody accidentally clicks it. I've gone to the address nonetheless and it's a 404 error.

So it takes you to that site and then you get re-directed?

It is not the full link i have provided upthere. The full link is what in the following quote

quote:
Originally posted by Shortned link
http://201.218.196.152/click.php?c=........


So when i click on a google, yahoo etc.. search result entry, i'm forwarded to this link above, then from it i'm directly forwarded to a website called search-daily, from it i'm again forwarded to  other random sites, such:

  • http://www.search-daily.com/search.php?qq=company
  • http://duosearch.com/company.cfm?pt=2&rpt=1&kt=1
  • http://intosound.com/file.cfm?pt=2&rpt=1&kt=1
  • http://xmlenabled.com/file.cfm?pt=2&rpt=1&kt=1

RE: Google search results forwards me to 201.218.196.152 by Spunky on 09-27-2007 at 10:40 AM

this solution seemed to work for the person, but I can't find that entry in the Hijack this log you provided.

The other google result doesn't actually have a solution posted.


It would be a good idea to remove the rest of the link ;)

EDIT: This site is actually in English and seems work for them (Don't follow someones advice of searching for it in google :rofl:


RE: Google search results forwards me to 201.218.196.152 by zaher1988 on 09-27-2007 at 03:14 PM

Alright, 1st i have tried with RegSeek as per the first recommendation before i noticed it was stroke out, it didn't help of course.

I have then tried with Spyware doctor, even after deleting the infections found in there, the problem remained.

So, so far i have used AVG Anti Spyware, McAfee AntiSpyware, McAfee AV, Spyware Doctor and none was able to solve it.

Should i also try with more AVs and Anti Spywares?


RE: Google search results forwards me to 201.218.196.152 by pollolibredegrasa on 09-27-2007 at 03:52 PM

Something may have modified your HOSTS file.

It's in %SystemRoot%\system32\drivers\etc\

Open it up in Notepad (or similar) and try find those entries. IIRC, the default one installed with Windows only has one entry, which is something like

quote:
127.0.0.1       localhost


RE: Google search results forwards me to 201.218.196.152 by zaher1988 on 09-27-2007 at 03:59 PM

That's my hosts file

quote:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost


I think it is clean
RE: Google search results forwards me to 201.218.196.152 by RaceProUK on 09-27-2007 at 08:06 PM

Google's IP is 64.233.183.147, for future reference ;)


RE: Google search results forwards me to 201.218.196.152 by zaher1988 on 09-30-2007 at 11:52 AM

I have also tried  Spy Sweeper with no sign of overcoming this issue.

Any other suggestions?


RE: Google search results forwards me to 201.218.196.152 by djdannyp on 09-30-2007 at 12:49 PM

try opening a clean version of IE (Start->Programs->Accessories->System Tools->Internet Explorer (No-add Ons)

also try resetting all the advanced settings, etc

Delete all browsing history/temporary files/cookies/downloaded program files (Tools->Internet Options)

Failing that try a clean install of IE


RE: Google search results forwards me to 201.218.196.152 by zaher1988 on 09-30-2007 at 01:40 PM

quote:
Originally posted by djdannyp
also try resetting all the advanced settings, etc

Delete all browsing history/temporary files/cookies/downloaded program files (Tools->Internet Options)

One of these has done it, in spite that i did those things from the begning and before trying to use any AV or anti spyware, but now for some reason it worked it out.

Thanks to all who contributed in this thread.

RE: Google search results forwards me to 201.218.196.152 by zaher1988 on 10-02-2007 at 01:26 PM

quote:
Originally posted by zaher1988
quote:
Originally posted by djdannyp
also try resetting all the advanced settings, etc

Delete all browsing history/temporary files/cookies/downloaded program files (Tools->Internet Options)

One of these has done it, in spite that i did those things from the begning and before trying to use any AV or anti spyware, but now for some reason it worked it out.

Thanks to all who contributed in this thread.

Okay i withdraw what i said.

This seemed either to fix it temporary or never fixed it, because just today, a day or two after applying this i'm again faced with the same issue even though i'm not browsing any suspecious site so that i catch the spyware again.


RE: Google search results forwards me to 201.218.196.152 by Adeptus on 10-02-2007 at 09:30 PM

Try to disable any IE add-ons (Tools->Manage Add-ons). 

Other than that, it is safe to say that you have acquired malware of some sort.  If no antivirus and antispyware product will find and remove it (which is possible -- there's always something new out there), then you may just have to reinstall Windows clean.


RE: Google search results forwards me to 201.218.196.152 by zaher1988 on 10-02-2007 at 09:38 PM

there are two weird addons one is called capesnp.dll another called Research, both with no publisher mentioned.


RE: Google search results forwards me to 201.218.196.152 by Adeptus on 10-02-2007 at 10:00 PM

The "Research" add-on usually comes from Microsoft Office, in which case it is safe.  However, you can disable it anyway, as it is only required for the research pane nobody uses.

The other one is definitely malware trying to disguise itself as a system file.  The Windows system DLL of similar name is capesnpn.dll and it's not a BHO.   Disable it and see if that fixes your problem (at least for a while -- malware often manages to come back).


201.218.196.152 [SOLVED...FOR NOW] by rk302 on 10-03-2007 at 03:50 PM

I've been experiencing the same thing here since Sept 27.  Went thru all of the suggestions found all over the internet (not many because this, I think is a relatively new malware) including SmitFraudFix.  Finally, as a result of Adeptus's fine suggestion, I started disabling all of the unsigned or un-verified publisher add ons on MSIE.  This worked!  Then I started re-enabling them one by one to see if I could zero in on the culprit.  For me, it was a file called ACTXPRX.DLL    Anyway, for now, I am not being hijacked by 201.218.196.152   Good Luck....Thanks Adeptus!

Oh, by the way, the problem was unique (of course) to MSIE.  Never had the problem when running other browsers (Firefox), which I need to do because I'm a web developer.


RE: Google search results forwards me to 201.218.196.152 by RaceProUK on 10-03-2007 at 06:01 PM

Firefox doesn't have BHOs, which is why its not vulnerable.


RE: Google search results forwards me to 201.218.196.152 by zaher1988 on 10-04-2007 at 04:17 PM

I can confirm so far after searching for couple of days without being redirected that disabling the addon called capesnp.dll solved the problem.

The file is in system32, i just wonder why no program was able to identify it as something wrong. Anyway i guess it is safe to manually delete the dll file from there.

Thank you again