Re: Searches being hijacked to show results from search.pro
I had a user doing a search on google and it came up with a valid PSU link. When we clicked on the link it took us to a virus page. This happened 3 times before it finally said page not found. (fortunately, the virus scanner stopped the infection.) The link worked fine at Yahoo. I have also noticed that Yahoo is running some type of virus scanner on its web site. I have gotten a few links with the message underneath them that says possible virus site or something like that. I think there are quite a few google hacks going on. But then again, google is the big target, just like M$ Windose. Andy0 At 09:48 AM 7/21/2009, Bill Monicher wrote: Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Andy-Ofalt---863-3449--405-Ag-Admin-Bldg--for more information go to http://ict.cas.psu.edu/Contacts.html -- My little blurb to eat up bandwidth and make your mail box even larger +++ The real problem is that IP, a connectionless protocol, was never developed to be the universal protocol. ATM was developed to serve that purpose and failed. +++ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Searches being hijacked to show results from search.pro
+1 I feel similar about getting should I add RAM/HDD? questions, as generally if they need both, it's time for a new system. Nuke and pave, love it! I have new vernacular today. Dave -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 21, 2009 7:20 PM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro That (customer miffed at being billed for a cleanup that wasn't successful) is why I won't even offer the cleanup option any more. You want it cleaned, get somebody else. It takes the same amount of time to nuke and pave as it does to clean. Carl -Original Message- From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com] Sent: Tuesday, July 21, 2009 6:34 PM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro Luckily I do not do that anymore, too many ugly situations, now I am a junior admin again, at a small company, only this time, no exchange server (yeah!). I can tell you no fun telling the customer the bad news, no matter how nicely I worded it, and kept it simple. Plus we lost maybe 3 work hours each time it happened (imagine billing the customer 5 hours of labor for this, 2 to 3 for cleanup, plus 2 to 3 for backup/wipe/retore). Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, July 21, 2009 1:08 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Tried those, failed. Pulled data and rebuilt. It was some nasty stuff. If she would have had to go to a tech and paid for it, it would have been ugly. :) On Tue, Jul 21, 2009 at 12:20 PM, Gene Giannamoregene.giannam...@abideinternational.com wrote: Sometimes, a tech cannot wipe (even though we always should be able to). Because of that, we had to clean in 2 steps; 1) ubcd4win (installed and updated on a clean system), ran at least 1 cleaner and 1 antivirus, plus manually checked the usual startup locations in the registry 2) safe mode, installed spybot, antivir, ad-aware, etc., and ran those. Times change, not sure which current ones can be installed in safe mode. Sometimes the bootcd cleaners will remove an infection that hooked into the registry (win32 subsystem usually), and we would need to manually repair that section of the registry (just use the clean computer to find the correct text in the registry, or export and import). Worst part was having to tell customer windows install completely broken, even after a repair install. Some things cannot be fixed. We would do about 10 computer cleanings a day, between 3 techs (only had 7 locations we could work at). Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 21, 2009 9:48 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro Nuke and pave is the way to go if you want full confidence that your personal info is secure. No cleaning tool is 100% guaranteed to get everything, every time. Carl -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, July 21, 2009 12:35 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Oh I wish I'd known about that link before I gave up and wiped a laptop (good friend of wife, I didn't have plans of course I'd be happy to help her out dear) Sunday. Nasty little piece of work would disable AV and lock me out of the file system path. So I eventually just nuked the system and built it properly, probably for the best. Steven On Tue, Jul 21, 2009 at 8:31 AM, Alex Eckelberryal...@sunbelt-software.com wrote: Or run the free VIPRE tools: http://live.sunbeltsoftware.com/ Or http://www.vipreantivirus.com/ All free. Also check your host file to see if it's been modified as well as your local DNS settings... Alex From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, July 21, 2009 10:26 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro I would also recommend scanning with a copy of MalwareBytes from www.malwarebytes.com. It's a free anti-malware app that has found stuff that our antivirus/anti-spyware app overlooked. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 21, 2009 10:03 AM To: NT System Admin Issues Subject: Re: Searches being
RE: Searches being hijacked to show results from search.pro
That's why I have the AVG Safe Surf plugin in my Firefox. J It's stopped browser hijackers a time or two. That being said, I have also had machines which have still gotten infected, apparently in a drive-by install of spyware/malware in spite of the AVG Safe Surf/Safe Search toolbar. John-AldrichTile-Tools From: andy [mailto:afo...@psu.edu] Sent: Wednesday, July 22, 2009 10:01 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro I had a user doing a search on google and it came up with a valid PSU link. When we clicked on the link it took us to a virus page. This happened 3 times before it finally said page not found. (fortunately, the virus scanner stopped the infection.) The link worked fine at Yahoo. I have also noticed that Yahoo is running some type of virus scanner on its web site. I have gotten a few links with the message underneath them that says possible virus site or something like that. I think there are quite a few google hacks going on. But then again, google is the big target, just like M$ Windose. Andy0 At 09:48 AM 7/21/2009, Bill Monicher wrote: Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro http://www.search.pro/ , not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro http://www.search.pro/ Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Andy-Ofalt---863-3449--405-Ag-Admin-Bldg--for more information go to http://ict.cas.psu.edu/Contacts.html%A0 http://ict.cas.psu.edu/Contacts.html -- My little blurb to eat up bandwidth and make your mail box even larger +++ The real problem is that IP, a connectionless protocol, was never developed to be the universal protocol. ATM was developed to serve that purpose and failed. +++ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.23/2254 - Release Date: 07/22/09 05:59:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: Searches being hijacked to show results from search.pro
If the users are only users and not power user or admins of the pc can the drive-by install still work?? - Original Message - From: John Aldrich To: NT System Admin Issues Sent: Wednesday, July 22, 2009 10:41 AM Subject: RE: Searches being hijacked to show results from search.pro That's why I have the AVG Safe Surf plugin in my Firefox. J It's stopped browser hijackers a time or two. That being said, I have also had machines which have still gotten infected, apparently in a drive-by install of spyware/malware in spite of the AVG Safe Surf/Safe Search toolbar. From: andy [mailto:afo...@psu.edu] Sent: Wednesday, July 22, 2009 10:01 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro I had a user doing a search on google and it came up with a valid PSU link. When we clicked on the link it took us to a virus page. This happened 3 times before it finally said page not found. (fortunately, the virus scanner stopped the infection.) The link worked fine at Yahoo. I have also noticed that Yahoo is running some type of virus scanner on its web site. I have gotten a few links with the message underneath them that says possible virus site or something like that. I think there are quite a few google hacks going on. But then again, google is the big target, just like M$ Windose. Andy0 At 09:48 AM 7/21/2009, Bill Monicher wrote: Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Andy-Ofalt---863-3449--405-Ag-Admin-Bldg--for more information go to http://ict.cas.psu.edu/Contacts.html -- My little blurb to eat up bandwidth and make your mail box even larger +++ The real problem is that IP, a connectionless protocol, was never developed to be the universal protocol. ATM was developed to serve that purpose and failed. +++ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.23/2254 - Release Date: 07/22/09 05:59:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Searches being hijacked to show results from search.pro
Possibly. That being said, I my case most of the users are at least power users, due to the needs of software to run with enhanced permission. L John-AldrichTile-Tools From: David W. McSpadden [mailto:dav...@imcu.org] Sent: Wednesday, July 22, 2009 10:53 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro If the users are only users and not power user or admins of the pc can the drive-by install still work?? - Original Message - From: John Aldrich mailto:jaldr...@blueridgecarpet.com To: NT System Admin Issues mailto:ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, July 22, 2009 10:41 AM Subject: RE: Searches being hijacked to show results from search.pro That's why I have the AVG Safe Surf plugin in my Firefox. J It's stopped browser hijackers a time or two. That being said, I have also had machines which have still gotten infected, apparently in a drive-by install of spyware/malware in spite of the AVG Safe Surf/Safe Search toolbar. John-AldrichTile-Tools From: andy [mailto:afo...@psu.edu] Sent: Wednesday, July 22, 2009 10:01 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro I had a user doing a search on google and it came up with a valid PSU link. When we clicked on the link it took us to a virus page. This happened 3 times before it finally said page not found. (fortunately, the virus scanner stopped the infection.) The link worked fine at Yahoo. I have also noticed that Yahoo is running some type of virus scanner on its web site. I have gotten a few links with the message underneath them that says possible virus site or something like that. I think there are quite a few google hacks going on. But then again, google is the big target, just like M$ Windose. Andy0 At 09:48 AM 7/21/2009, Bill Monicher wrote: Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro http://www.search.pro/ , not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro http://www.search.pro/ Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Andy-Ofalt---863-3449--405-Ag-Admin-Bldg--for more information go to http://ict.cas.psu.edu/Contacts.html%A0 http://ict.cas.psu.edu/Contacts.html -- My little blurb to eat up bandwidth and make your mail box even larger +++ The real problem is that IP, a connectionless protocol, was never developed to be the universal protocol. ATM was developed to serve that purpose and failed. +++ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.23/2254 - Release Date: 07/22/09 05:59:00 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.23/2254 - Release Date: 07/22/09 05:59:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: Searches being hijacked to show results from search.pro
Me too I was just thinking of a business model and adding that as some of the justification to kill those types of perms. - Original Message - From: John Aldrich To: NT System Admin Issues Sent: Wednesday, July 22, 2009 11:04 AM Subject: RE: Searches being hijacked to show results from search.pro Possibly. That being said, I my case most of the users are at least power users, due to the needs of software to run with enhanced permission. L From: David W. McSpadden [mailto:dav...@imcu.org] Sent: Wednesday, July 22, 2009 10:53 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro If the users are only users and not power user or admins of the pc can the drive-by install still work?? - Original Message - From: John Aldrich To: NT System Admin Issues Sent: Wednesday, July 22, 2009 10:41 AM Subject: RE: Searches being hijacked to show results from search.pro That's why I have the AVG Safe Surf plugin in my Firefox. J It's stopped browser hijackers a time or two. That being said, I have also had machines which have still gotten infected, apparently in a drive-by install of spyware/malware in spite of the AVG Safe Surf/Safe Search toolbar. From: andy [mailto:afo...@psu.edu] Sent: Wednesday, July 22, 2009 10:01 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro I had a user doing a search on google and it came up with a valid PSU link. When we clicked on the link it took us to a virus page. This happened 3 times before it finally said page not found. (fortunately, the virus scanner stopped the infection.) The link worked fine at Yahoo. I have also noticed that Yahoo is running some type of virus scanner on its web site. I have gotten a few links with the message underneath them that says possible virus site or something like that. I think there are quite a few google hacks going on. But then again, google is the big target, just like M$ Windose. Andy0 At 09:48 AM 7/21/2009, Bill Monicher wrote: Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Andy-Ofalt---863-3449--405-Ag-Admin-Bldg--for more information go to http://ict.cas.psu.edu/Contacts.html -- My little blurb to eat up bandwidth and make your mail box even larger +++ The real problem is that IP, a connectionless protocol, was never developed to be the universal protocol. ATM was developed to serve that purpose and failed. +++ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.23/2254 - Release Date: 07/22/09 05:59:00 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.23/2254 - Release Date: 07/22/09 05:59:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Searches being hijacked to show results from search.pro
Sometimes, a tech cannot wipe (even though we always should be able to). Because of that, we had to clean in 2 steps; 1) ubcd4win (installed and updated on a clean system), ran at least 1 cleaner and 1 antivirus, plus manually checked the usual startup locations in the registry 2) safe mode, installed spybot, antivir, ad-aware, etc., and ran those. Times change, not sure which current ones can be installed in safe mode. Sometimes the bootcd cleaners will remove an infection that hooked into the registry (win32 subsystem usually), and we would need to manually repair that section of the registry (just use the clean computer to find the correct text in the registry, or export and import). Worst part was having to tell customer windows install completely broken, even after a repair install. Some things cannot be fixed. We would do about 10 computer cleanings a day, between 3 techs (only had 7 locations we could work at). Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 21, 2009 9:48 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro Nuke and pave is the way to go if you want full confidence that your personal info is secure. No cleaning tool is 100% guaranteed to get everything, every time. Carl -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, July 21, 2009 12:35 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Oh I wish I'd known about that link before I gave up and wiped a laptop (good friend of wife, I didn't have plans of course I'd be happy to help her out dear) Sunday. Nasty little piece of work would disable AV and lock me out of the file system path. So I eventually just nuked the system and built it properly, probably for the best. Steven On Tue, Jul 21, 2009 at 8:31 AM, Alex Eckelberryal...@sunbelt-software.com wrote: Or run the free VIPRE tools: http://live.sunbeltsoftware.com/ Or http://www.vipreantivirus.com/ All free. Also check your host file to see if it's been modified as well as your local DNS settings... Alex From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, July 21, 2009 10:26 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro I would also recommend scanning with a copy of MalwareBytes from www.malwarebytes.com. It's a free anti-malware app that has found stuff that our antivirus/anti-spyware app overlooked. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 21, 2009 10:03 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Try HijackThis or similar. Looks like something has sneaked right under your radar 2009/7/21 Bill Monicher bmacd5...@gmail.com Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Searches being hijacked to show results from search.pro
Tried those, failed. Pulled data and rebuilt. It was some nasty stuff. If she would have had to go to a tech and paid for it, it would have been ugly. :) On Tue, Jul 21, 2009 at 12:20 PM, Gene Giannamoregene.giannam...@abideinternational.com wrote: Sometimes, a tech cannot wipe (even though we always should be able to). Because of that, we had to clean in 2 steps; 1) ubcd4win (installed and updated on a clean system), ran at least 1 cleaner and 1 antivirus, plus manually checked the usual startup locations in the registry 2) safe mode, installed spybot, antivir, ad-aware, etc., and ran those. Times change, not sure which current ones can be installed in safe mode. Sometimes the bootcd cleaners will remove an infection that hooked into the registry (win32 subsystem usually), and we would need to manually repair that section of the registry (just use the clean computer to find the correct text in the registry, or export and import). Worst part was having to tell customer windows install completely broken, even after a repair install. Some things cannot be fixed. We would do about 10 computer cleanings a day, between 3 techs (only had 7 locations we could work at). Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577 Office (707) 935-9387 Fax (707) 766-4185 Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 21, 2009 9:48 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro Nuke and pave is the way to go if you want full confidence that your personal info is secure. No cleaning tool is 100% guaranteed to get everything, every time. Carl -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, July 21, 2009 12:35 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Oh I wish I'd known about that link before I gave up and wiped a laptop (good friend of wife, I didn't have plans of course I'd be happy to help her out dear) Sunday. Nasty little piece of work would disable AV and lock me out of the file system path. So I eventually just nuked the system and built it properly, probably for the best. Steven On Tue, Jul 21, 2009 at 8:31 AM, Alex Eckelberryal...@sunbelt-software.com wrote: Or run the free VIPRE tools: http://live.sunbeltsoftware.com/ Or http://www.vipreantivirus.com/ All free. Also check your host file to see if it's been modified as well as your local DNS settings... Alex From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, July 21, 2009 10:26 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro I would also recommend scanning with a copy of MalwareBytes from www.malwarebytes.com. It's a free anti-malware app that has found stuff that our antivirus/anti-spyware app overlooked. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 21, 2009 10:03 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Try HijackThis or similar. Looks like something has sneaked right under your radar 2009/7/21 Bill Monicher bmacd5...@gmail.com Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Searches being hijacked to show results from search.pro
Luckily I do not do that anymore, too many ugly situations, now I am a junior admin again, at a small company, only this time, no exchange server (yeah!). I can tell you no fun telling the customer the bad news, no matter how nicely I worded it, and kept it simple. Plus we lost maybe 3 work hours each time it happened (imagine billing the customer 5 hours of labor for this, 2 to 3 for cleanup, plus 2 to 3 for backup/wipe/retore). Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, July 21, 2009 1:08 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Tried those, failed. Pulled data and rebuilt. It was some nasty stuff. If she would have had to go to a tech and paid for it, it would have been ugly. :) On Tue, Jul 21, 2009 at 12:20 PM, Gene Giannamoregene.giannam...@abideinternational.com wrote: Sometimes, a tech cannot wipe (even though we always should be able to). Because of that, we had to clean in 2 steps; 1) ubcd4win (installed and updated on a clean system), ran at least 1 cleaner and 1 antivirus, plus manually checked the usual startup locations in the registry 2) safe mode, installed spybot, antivir, ad-aware, etc., and ran those. Times change, not sure which current ones can be installed in safe mode. Sometimes the bootcd cleaners will remove an infection that hooked into the registry (win32 subsystem usually), and we would need to manually repair that section of the registry (just use the clean computer to find the correct text in the registry, or export and import). Worst part was having to tell customer windows install completely broken, even after a repair install. Some things cannot be fixed. We would do about 10 computer cleanings a day, between 3 techs (only had 7 locations we could work at). Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577 Office (707) 935-9387 Fax (707) 766-4185 Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 21, 2009 9:48 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro Nuke and pave is the way to go if you want full confidence that your personal info is secure. No cleaning tool is 100% guaranteed to get everything, every time. Carl -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, July 21, 2009 12:35 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Oh I wish I'd known about that link before I gave up and wiped a laptop (good friend of wife, I didn't have plans of course I'd be happy to help her out dear) Sunday. Nasty little piece of work would disable AV and lock me out of the file system path. So I eventually just nuked the system and built it properly, probably for the best. Steven On Tue, Jul 21, 2009 at 8:31 AM, Alex Eckelberryal...@sunbelt-software.com wrote: Or run the free VIPRE tools: http://live.sunbeltsoftware.com/ Or http://www.vipreantivirus.com/ All free. Also check your host file to see if it's been modified as well as your local DNS settings... Alex From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, July 21, 2009 10:26 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro I would also recommend scanning with a copy of MalwareBytes from www.malwarebytes.com. It's a free anti-malware app that has found stuff that our antivirus/anti-spyware app overlooked. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 21, 2009 10:03 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Try HijackThis or similar. Looks like something has sneaked right under your radar 2009/7/21 Bill Monicher bmacd5...@gmail.com Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL
RE: Searches being hijacked to show results from search.pro
That (customer miffed at being billed for a cleanup that wasn't successful) is why I won't even offer the cleanup option any more. You want it cleaned, get somebody else. It takes the same amount of time to nuke and pave as it does to clean. Carl -Original Message- From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com] Sent: Tuesday, July 21, 2009 6:34 PM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro Luckily I do not do that anymore, too many ugly situations, now I am a junior admin again, at a small company, only this time, no exchange server (yeah!). I can tell you no fun telling the customer the bad news, no matter how nicely I worded it, and kept it simple. Plus we lost maybe 3 work hours each time it happened (imagine billing the customer 5 hours of labor for this, 2 to 3 for cleanup, plus 2 to 3 for backup/wipe/retore). Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, July 21, 2009 1:08 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Tried those, failed. Pulled data and rebuilt. It was some nasty stuff. If she would have had to go to a tech and paid for it, it would have been ugly. :) On Tue, Jul 21, 2009 at 12:20 PM, Gene Giannamoregene.giannam...@abideinternational.com wrote: Sometimes, a tech cannot wipe (even though we always should be able to). Because of that, we had to clean in 2 steps; 1) ubcd4win (installed and updated on a clean system), ran at least 1 cleaner and 1 antivirus, plus manually checked the usual startup locations in the registry 2) safe mode, installed spybot, antivir, ad-aware, etc., and ran those. Times change, not sure which current ones can be installed in safe mode. Sometimes the bootcd cleaners will remove an infection that hooked into the registry (win32 subsystem usually), and we would need to manually repair that section of the registry (just use the clean computer to find the correct text in the registry, or export and import). Worst part was having to tell customer windows install completely broken, even after a repair install. Some things cannot be fixed. We would do about 10 computer cleanings a day, between 3 techs (only had 7 locations we could work at). Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577 Office (707) 935-9387 Fax (707) 766-4185 Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 21, 2009 9:48 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro Nuke and pave is the way to go if you want full confidence that your personal info is secure. No cleaning tool is 100% guaranteed to get everything, every time. Carl -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, July 21, 2009 12:35 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Oh I wish I'd known about that link before I gave up and wiped a laptop (good friend of wife, I didn't have plans of course I'd be happy to help her out dear) Sunday. Nasty little piece of work would disable AV and lock me out of the file system path. So I eventually just nuked the system and built it properly, probably for the best. Steven On Tue, Jul 21, 2009 at 8:31 AM, Alex Eckelberryal...@sunbelt-software.com wrote: Or run the free VIPRE tools: http://live.sunbeltsoftware.com/ Or http://www.vipreantivirus.com/ All free. Also check your host file to see if it's been modified as well as your local DNS settings... Alex From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, July 21, 2009 10:26 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro I would also recommend scanning with a copy of MalwareBytes from www.malwarebytes.com. It's a free anti-malware app that has found stuff that our antivirus/anti-spyware app overlooked. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 21, 2009 10:03 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Try HijackThis or similar. Looks like something has sneaked right under your radar 2009/7/21 Bill Monicher bmacd5...@gmail.com Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige
RE: Searches being hijacked to show results from search.pro
Somehow I got this one too. It's a rootkit of some sort. Pretty sure this is what I used to remove it: http://www.combofix.org/ Malwarebytes, Symantec, MRT none of those picked it up. Search results looked normal, but when you clicked a link it redirected somewhere. For me it was right after Firefox downloaded an update, so I am wondering if that is where it came from. -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 21, 2009 19:20 To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro That (customer miffed at being billed for a cleanup that wasn't successful) is why I won't even offer the cleanup option any more. You want it cleaned, get somebody else. It takes the same amount of time to nuke and pave as it does to clean. Carl -Original Message- From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com] Sent: Tuesday, July 21, 2009 6:34 PM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro Luckily I do not do that anymore, too many ugly situations, now I am a junior admin again, at a small company, only this time, no exchange server (yeah!). I can tell you no fun telling the customer the bad news, no matter how nicely I worded it, and kept it simple. Plus we lost maybe 3 work hours each time it happened (imagine billing the customer 5 hours of labor for this, 2 to 3 for cleanup, plus 2 to 3 for backup/wipe/retore). Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, July 21, 2009 1:08 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Tried those, failed. Pulled data and rebuilt. It was some nasty stuff. If she would have had to go to a tech and paid for it, it would have been ugly. :) On Tue, Jul 21, 2009 at 12:20 PM, Gene Giannamoregene.giannam...@abideinternational.com wrote: Sometimes, a tech cannot wipe (even though we always should be able to). Because of that, we had to clean in 2 steps; 1) ubcd4win (installed and updated on a clean system), ran at least 1 cleaner and 1 antivirus, plus manually checked the usual startup locations in the registry 2) safe mode, installed spybot, antivir, ad-aware, etc., and ran those. Times change, not sure which current ones can be installed in safe mode. Sometimes the bootcd cleaners will remove an infection that hooked into the registry (win32 subsystem usually), and we would need to manually repair that section of the registry (just use the clean computer to find the correct text in the registry, or export and import). Worst part was having to tell customer windows install completely broken, even after a repair install. Some things cannot be fixed. We would do about 10 computer cleanings a day, between 3 techs (only had 7 locations we could work at). Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577 Office (707) 935-9387 Fax (707) 766-4185 Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 21, 2009 9:48 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro Nuke and pave is the way to go if you want full confidence that your personal info is secure. No cleaning tool is 100% guaranteed to get everything, every time. Carl -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, July 21, 2009 12:35 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Oh I wish I'd known about that link before I gave up and wiped a laptop (good friend of wife, I didn't have plans of course I'd be happy to help her out dear) Sunday. Nasty little piece of work would disable AV and lock me out of the file system path. So I eventually just nuked the system and built it properly, probably for the best. Steven On Tue, Jul 21, 2009 at 8:31 AM, Alex Eckelberryal...@sunbelt-software.com wrote: Or run the free VIPRE tools: http://live.sunbeltsoftware.com/ Or http://www.vipreantivirus.com/ All free. Also check your host file to see if it's been modified as well as your local DNS settings... Alex From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, July 21, 2009 10:26 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro I would also recommend scanning with a copy of MalwareBytes from www.malwarebytes.com. It's a free anti-malware app that has found stuff
Searches being hijacked to show results from search.pro
Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
re: Searches being hijacked to show results from search.pro
Run Antimalware... www.malwarebytes.com Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Searches being hijacked to show results from search.pro
Try a diff browser to see if FF has been hijacked somehow. You mentioned checking extensions, have you tried running FF with them all disabled? You might also see if there's a BHO scanner for FF (I dunno if http://www.nsauditor.com/anti_adware_spyware_tools/browser_helper_object s_scanner.html works with FF or not) -sc -Original Message- From: Bill Monicher [mailto:bmacd5...@gmail.com] Sent: Tuesday, July 21, 2009 9:49 AM To: NT System Admin Issues Subject: Searches being hijacked to show results from search.pro Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Searches being hijacked to show results from search.pro
You got malware. The below looks interesting for your issue. http://www.geekstogo.com/forum/Google-Search-Hijack-System-Virus-t199259.html -Original Message- From: Bill Monicher [mailto:bmacd5...@gmail.com] Sent: Tuesday, July 21, 2009 9:49 AM To: NT System Admin Issues Subject: Searches being hijacked to show results from search.pro Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Searches being hijacked to show results from search.pro
Try HijackThis or similar. Looks like something has sneaked right under your radar 2009/7/21 Bill Monicher bmacd5...@gmail.com Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Searches being hijacked to show results from search.pro
You have malware. Download MalwareBytes. -Original Message- From: Bill Monicher [mailto:bmacd5...@gmail.com] Sent: Tuesday, July 21, 2009 6:49 AM To: NT System Admin Issues Subject: Searches being hijacked to show results from search.pro Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Searches being hijacked to show results from search.pro
I would also recommend scanning with a copy of MalwareBytes from www.malwarebytes.com. It's a free anti-malware app that has found stuff that our antivirus/anti-spyware app overlooked. John-AldrichTile-Tools From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 21, 2009 10:03 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Try HijackThis or similar. Looks like something has sneaked right under your radar 2009/7/21 Bill Monicher bmacd5...@gmail.com Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. http://raythestray.blogspot.com No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.21/2252 - Release Date: 07/21/09 05:58:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: Searches being hijacked to show results from search.pro
Then, boot in safe mode and run it. safe mode safe mode safe mode... -- ME2 On Tue, Jul 21, 2009 at 10:18 AM, Martin Blackstonemblackst...@gmail.com wrote: You have malware. Download MalwareBytes. -Original Message- From: Bill Monicher [mailto:bmacd5...@gmail.com] Sent: Tuesday, July 21, 2009 6:49 AM To: NT System Admin Issues Subject: Searches being hijacked to show results from search.pro Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Searches being hijacked to show results from search.pro
Or run the free VIPRE tools: http://live.sunbeltsoftware.com/ Or http://www.vipreantivirus.com/ All free. Also check your host file to see if it's been modified as well as your local DNS settings... Alex From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, July 21, 2009 10:26 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro I would also recommend scanning with a copy of MalwareBytes from www.malwarebytes.com. It's a free anti-malware app that has found stuff that our antivirus/anti-spyware app overlooked. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 21, 2009 10:03 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Try HijackThis or similar. Looks like something has sneaked right under your radar 2009/7/21 Bill Monicher bmacd5...@gmail.com Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. http://raythestray.blogspot.com No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.21/2252 - Release Date: 07/21/09 05:58:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: Searches being hijacked to show results from search.pro
Oh I wish I'd known about that link before I gave up and wiped a laptop (good friend of wife, I didn't have plans of course I'd be happy to help her out dear) Sunday. Nasty little piece of work would disable AV and lock me out of the file system path. So I eventually just nuked the system and built it properly, probably for the best. Steven On Tue, Jul 21, 2009 at 8:31 AM, Alex Eckelberryal...@sunbelt-software.com wrote: Or run the free VIPRE tools: http://live.sunbeltsoftware.com/ Or http://www.vipreantivirus.com/ All free. Also check your host file to see if it's been modified as well as your local DNS settings... Alex From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, July 21, 2009 10:26 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro I would also recommend scanning with a copy of MalwareBytes from www.malwarebytes.com. It’s a free anti-malware app that has found stuff that our antivirus/anti-spyware app overlooked. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 21, 2009 10:03 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Try HijackThis or similar. Looks like something has sneaked right under your radar 2009/7/21 Bill Monicher bmacd5...@gmail.com Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. http://raythestray.blogspot.com No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.21/2252 - Release Date: 07/21/09 05:58:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Searches being hijacked to show results from search.pro
Nuke and pave is the way to go if you want full confidence that your personal info is secure. No cleaning tool is 100% guaranteed to get everything, every time. Carl -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, July 21, 2009 12:35 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Oh I wish I'd known about that link before I gave up and wiped a laptop (good friend of wife, I didn't have plans of course I'd be happy to help her out dear) Sunday. Nasty little piece of work would disable AV and lock me out of the file system path. So I eventually just nuked the system and built it properly, probably for the best. Steven On Tue, Jul 21, 2009 at 8:31 AM, Alex Eckelberryal...@sunbelt-software.com wrote: Or run the free VIPRE tools: http://live.sunbeltsoftware.com/ Or http://www.vipreantivirus.com/ All free. Also check your host file to see if it's been modified as well as your local DNS settings... Alex From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, July 21, 2009 10:26 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro I would also recommend scanning with a copy of MalwareBytes from www.malwarebytes.com. Its a free anti-malware app that has found stuff that our antivirus/anti-spyware app overlooked. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 21, 2009 10:03 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Try HijackThis or similar. Looks like something has sneaked right under your radar 2009/7/21 Bill Monicher bmacd5...@gmail.com Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Searches being hijacked to show results from search.pro
Yeah... sometimes it's better to just nuke it from orbit and rebuild. :-) At least that way you *know* there are no nasties left hiding anywhere! -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, July 21, 2009 12:35 PM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Oh I wish I'd known about that link before I gave up and wiped a laptop (good friend of wife, I didn't have plans of course I'd be happy to help her out dear) Sunday. Nasty little piece of work would disable AV and lock me out of the file system path. So I eventually just nuked the system and built it properly, probably for the best. Steven On Tue, Jul 21, 2009 at 8:31 AM, Alex Eckelberryal...@sunbelt-software.com wrote: Or run the free VIPRE tools: http://live.sunbeltsoftware.com/ Or http://www.vipreantivirus.com/ All free. Also check your host file to see if it's been modified as well as your local DNS settings... Alex From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, July 21, 2009 10:26 AM To: NT System Admin Issues Subject: RE: Searches being hijacked to show results from search.pro I would also recommend scanning with a copy of MalwareBytes from www.malwarebytes.com. Its a free anti-malware app that has found stuff that our antivirus/anti-spyware app overlooked. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 21, 2009 10:03 AM To: NT System Admin Issues Subject: Re: Searches being hijacked to show results from search.pro Try HijackThis or similar. Looks like something has sneaked right under your radar 2009/7/21 Bill Monicher bmacd5...@gmail.com Has anyone seen this before? When I do a search using Google or Yahoo, I'm presented with the usual list of links matching the search terms. When I click on one, I am very briefly presented with a page with a beige rectangle in the centre and an arrow. The legends says Skip this page and Your request is loading When it completes I am at www.search.pro, not the seach choice I wanted. I'm using Firefox. AVG w/ all of the latest updates I looked in the usual places -- add-ons, extensions etc but to no avail. The URL on the redirect page seems to change several time before it shows the list of choices. shopica.com is often there, tho I've seen others. the URL of the destination is www.search.pro Has anyone seen this? It appears new -- there is little on google about it, but then searching on search or pro is hardly going to narrow the field much. My surfing habits make this sort of thing very rare, so I've no idea how I got it. It has only shown up over the past week or so. --BM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. http://raythestray.blogspot.com No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.21/2252 - Release Date: 07/21/09 05:58:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.21/2252 - Release Date: 07/21/09 05:58:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~