Search Results Redirected

Solved/Closed
CJK - Jan 30, 2009 at 03:22 PM
 kenramse - Dec 28, 2010 at 11:43 AM
Hello,

I Just thought I should post my own experience dealing with a similar problems to those reported above. Thanks to all the posters above for their contributions. I am knowledgeable, to an extent, but I do not consider myself an expert.

Symptoms:

Search page result links go to a random webpage, affected Google and Yahoo. Manual entry of the same address in the address bar worked fine.
Unable toget to www.avg.com or any other AV website.
Windows update & McAfee updates do not work.
Unable to install from hard disc any AV or AntiMalware products I could find, download to another PC and copy over.

So I had to revert to manual procedures and removed:

WFX5.exe and 249832153.exe both in the Run section of the registry. Deleted using regedt32.

TWEXT.exe had attached itself to the userinit registry key. This one was more stubborn, it will not delete from the registry. It looks like it has but if you exit and return to the same registry key it has returned. Eventually booted XP from CD into the Recovery Console and deleted the .exe file directly.

After all this I still found that I could not get to www.avg.com or any other AV or anti-malware sites they were all resolving to 127.0.0.1 other websites were fine. I figured that it was something added elsewhere in the registry but couldnt find anything that would identify or remove it until I found this topic. The link above to https://www.simplysup.com/tremover/download.html pointed me in the right direction. I downloaded Trojan Remover to another PC copied it over, installed it (this one actually would install) and it found and removed TDSSMXFE.sys and its associated entries from the registry. I can now get to www.avg.com and am running every anti-malware program I can find to try and identify anything else I do not know I have got. The above process maybe not the most elegant technical solution to my problems, for which I apologise to the experts here, but it appears to have solved them.

I hope my experience is of some help to anyone else with the same problems, at least you know there is a way out.

Good Luck
Related:

4 responses

Thank you so much fo the info. I've fixed my problem with Trojan Remover that you suggested in just 2 minutes.

The Trojan was located here:

C:\WINDOWS\system32\dihiniwe.dll

Thanks again. Good luck!
10
xpcman Posts 19528 Registration date Wednesday October 8, 2008 Status Contributor Last seen June 15, 2019 1,824
Jan 30, 2009 at 03:36 PM
Thanks for sharing your experience with us.
2
On another forum I found a fix.

Proceed to the Windows\system32\drivers\etc\ folder and open the Hosts file using Notepad or Wordpad. Delete all the hostfiles but the 127.0.0.1 file. Save the file back to the hosts file.

Afterwards using whatever malware detection product you have, protect that file or lock it.

That should clear up the redirects.
2
Easy fix after long days of frustration.
I downloaded HijackThis - a popular free tool. Performed a scan and found one very odd entry: it starts with O2-BHO-Google Dictionary.... and ends with fastsearch value added. Honestly, the rest of the files looked fine, it's just this one. I applied fix and closed all browsers. Restarted and attempted to search Google for all kinds of stuff and went to actual websites! Tried same in IE and Firefox and both worked just fine. I went back and deleted saved log file entry in HijackThis just to be safe id does not come back. If it does I will reply.
1