|
Title: WTF is up with Google... Post by: Merusk on January 18, 2009, 06:12:33 AM Ok in the last week any google searches I've done have wound-up with a page and a half of crappy redirects masquerading as real links. For example this morning right before this post I searched "Harry Potter" to check. The first 5 answers said "Official Site" or "Wikipedia" in the title, but if you look at the link they're redirects to spyware, adware etc. I did a search a few minutes before that on "what do you call people with black hair" and yep, the same problem.
Anyone else having the same problem? Has google finally been gamed into uselessness or am I riddled with spyware that I'll have to beat someone in the family for? Title: Re: WTF is up with Google... Post by: Cadaverine on January 18, 2009, 06:19:56 AM At a guess I'd say spyware. I googled 'what do you call people with black hair', and it came up with links to Yahoo answers, WikiAnswer, and some other sites.
And I call them brunettes, for what it's worth. :grin: Title: Re: WTF is up with Google... Post by: Trippy on January 18, 2009, 06:20:49 AM Your computer is very likely hosed.
If you go here: C:\Windows\system32\drivers\etc do you see a file called "hosts"? If so what's in it (you can open it with Notepad or any text editor). Are you using some sort of search toolbar to search Google? If so is it built into browser or was it something you installed separately? Title: Re: WTF is up with Google... Post by: Merusk on January 18, 2009, 06:57:35 AM All I have in hosts is the local host. 127.0.0.1
No search toolbar other than the one in basic Firefox - the little drop-down in the upper right. Now that you mention it, though, there was one installed a few weeks ago that I uninstalled. I think it was a yahoo bar and I have no idea who put it there. I just did another google search and noticed something; it's going to 7.7.7.0 for the results. That doesn't seem normal, either. Fuck me. Title: Re: WTF is up with Google... Post by: Merusk on January 18, 2009, 07:00:24 AM At a guess I'd say spyware. I googled 'what do you call people with black hair', and it came up with links to Yahoo answers, WikiAnswer, and some other sites. And I call them brunettes, for what it's worth. :grin: Yeah I got those answers, too on the headings. But the links go to clickndirect.com, hairbykayla.com, toseeka.com for the first 3 results. Also, brunette isn't technically right. That's brown hair. :grin: Title: Re: WTF is up with Google... Post by: Trippy on January 18, 2009, 07:14:16 AM Your browser may be setup to go through a (bogus) proxy then.
Do you get the same result if you try a different browser? What happens if you go to, say, here: http://74.125.19.147/ (that's a valid www.google.com IP address) If you bring up a command prompt and type in: nslookup www.google.com do you see various 74.125.19.XXX IP addresses? Title: Re: WTF is up with Google... Post by: Merusk on January 18, 2009, 07:15:43 AM Found it on a search on the wife's machine. It's a relatively new malware that installs itself via java/ adobe pdfs. It's in system32/wdmaud.sys
Thanks for the help, folks. Title: Re: WTF is up with Google... Post by: Merusk on January 18, 2009, 07:20:04 AM Hrm.. that file is labeled 4/13/08. Deleting it did fix the redirect problem, though.
trip, that page still redirected me. It's a redirect that's messing with google searches themselves in the OS apparently. Title: Re: WTF is up with Google... Post by: Aez on January 18, 2009, 07:35:06 AM I chekeced my Host file. Is this text normal?
Quote # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost Title: Re: WTF is up with Google... Post by: Xuri on January 18, 2009, 07:42:35 AM Yep, looks normal to me.
Title: Re: WTF is up with Google... Post by: NiX on January 18, 2009, 09:17:28 AM That's the default hosts file.
Seems like Merusk is finally paying for the death of Elf porn. Title: Re: WTF is up with Google... Post by: Hawkbit on January 18, 2009, 09:19:41 AM I picked up a naaaasty virus about 2 months ago that applied itself off a stupid wrestling movie that someone linked off another forum. As soon as I clicked on the play button on the movie I was hosed.
I could open a normal browser and run a search for Star Wars and get back some fairly relevant links, but most of them were caches from long ago pages. Or else it would redirect me to spyware removal sits. The irony is when I would search for spyware removal and do any searches for the virus name that hit me, it would redirect me to either pr0n sites or fake spyware removal sites. Those little malicious geniuses.... making a virus to sell you anti-virus software. :uhrr: Title: Re: WTF is up with Google... Post by: Ubvman on January 21, 2009, 12:23:23 AM If you think you caught the malware, perhaps your machine is still caching the bad dns?
Open up a command line and type: ipconfig /flushdns See if that fixes the problem. Title: Re: WTF is up with Google... Post by: MahrinSkel on January 21, 2009, 02:40:09 AM Get Sandboxie (http://www.sandboxie.com/). I use it for everything I'm not totally comfortable with (that includes most of the links you freaks post). Worst that can happen is that you have to flush a Sandbox, and lose any reconfigurations you've done it or installs you've made.
--Dave Edit by Trippy: fixed link Title: Re: WTF is up with Google... Post by: Draegan on January 26, 2009, 08:56:44 AM My coworker has this same issue. I tried the a few of the things listed here to no avail it still directs to different sites. For instance clicking on Continental Airlines homepage brings you to cheap ticket sites.
wdmaud.sys is in the \system32\drivers folder and a few other places like \386\ and in a few sp3 and sp2 .cab's. I delete the few that were in the directories but the one in the drivers folder keeps popping up with a 4/13/2008 date. Any ideas? Title: Re: WTF is up with Google... Post by: Engels on January 26, 2009, 09:12:06 AM Uhm, that file is an audio driver file. Aparently there is a trojan that infects it, but you will still need to replace it with a real one.
C:\WINDOWS\system32\Drivers\wdmaud.sys <=this one is legit C:\WINDOWS\system32\wdmaud.sys <=this one is not! Title: Re: WTF is up with Google... Post by: Merusk on January 26, 2009, 09:50:37 AM What Engles said.
Also, when you click the link check the status bar at the bottom of the browser window for where it's connecting to. When I noticed it was going to 7.7.7.0 I did a google search on a clean machine for "7.7.7.0 virus" and found the solution. It could be that there's variants out there now redirecting to different sites and using different file names. |