Weird Google Search Results
May 20, 2004 9:27 AM   Subscribe

Every once in a while, when I search Google, I end up with some weird search results. All ads. It doesn't happen all the time and I don't know if it's Google stooping to a new low, or if it's me and some kind of adware. Note that I also get a pop-up window with this page that has a couple other ad links.

I'm running Symantec SystemWorks and Adaware. I know I got something on my system a few days ago, but I thought I'd had it cleared out. Apparently not...?
posted by MrAnonymous to Computers & Internet (16 answers total)
 
Those are definitely not real Google search results. Is the URL of the page a google.com URL? You have that status bar turned off, it looks like.
posted by bcwinters at 9:34 AM on May 20, 2004


Looks very much like Spyware/virus to me. Try Spybot and update your virus definitions and perform a hardware sweep.

The problem will probably be easily spotted if you look in your "hosts" file in your windows directory. If it has an entry for Google, then it means that when you do www.google.com it actually takes you elsewhere.

Spybot allows you to lock the hosts file so that it can't get changed by the scumware out there.
posted by ralawrence at 9:34 AM on May 20, 2004


Yep, definitely spyware. Update your spyware definitions in Ad-Aware and Spybot Search & Destroy, and scan your system again.
posted by waxpancake at 10:06 AM on May 20, 2004


I saw this on someone's computer once. For what it's worth, clicking "Next" will take you to the real results.
posted by whatnotever at 10:30 AM on May 20, 2004


Response by poster: The search results page shows google.com, but I guess it could be spoofing it somehow.

whatnotever: Yeah, clicking "Next" does bring up the real results.

I'll update everything, get Spybot and hopefully this will fix it. Otherwise, there's always formatting.
posted by MrAnonymous at 11:09 AM on May 20, 2004


Look at your hosts file first. There's undoubtedly an entry that is remapping Google.com to some other IP.

Just for educational purposes, if you could post the IP it's sending you to, I'd appreciate it.
posted by bshort at 11:15 AM on May 20, 2004


Response by poster: Looking at the hosts file, I don't see anything.

I ran updates and scans on both Adaware and Spybot and I'm still getting the same page.
posted by MrAnonymous at 11:49 AM on May 20, 2004


Otherwise, there's always formatting.

Nooooooo! I hear this all the time from people, and it just about breaks my heart. There are a few tools I use regularly to maintain 60+ work PCs (whose users regularly do dumb things online) and my own PCs, and any side jobs I take on, and with those I have never had to format a PC's hard drive to repair it.

You really only need to know a few things to stay happy and reformatting-your-hard-drive-free.

. Keep AdAware and Spybot in your arsenal. Update them every time you run them, and run them any time something weird happens with your PC. Really explore Spybot to take advenatage of all its features. You'd be surprised how many fucked up things will go away after a good scrubbing. (CometCursor can totally screw Acrobat Reader, for example.) I occasionally try out other things--Hijack This and CrapCleaner--but AdAware and Spybot will save you just about every time. I am forever in awe that these tools are so effective, so free(ish), and so commonly overlooked.

. Take advantage of online virus scanners like TrendMicro's Housecall and Panda's ActiveScan when your computer acts fruity. They often detect new threats before your installed virus scanner can update and detect them. You can also usually get indivdual virus/worm/trojan removal tools from the major antivirus product vendors.

. Do them Winders updates. (Update, update, update.)

. Google weird error messages when you get them, verbatim, in quotation marks. You'll come across message boards where others got the same error, and at least one of those will have your problem and solution spelled out for you. I very rarely see a hardware problem--once maybe every six months. Everything else has a software explanation, and if there is a software explanation, there is an answer to be found on a message board. Tek-tips.com and other point-based help sites are great.

. In general, make nice gestures and offerings toward your PC . . . . I think computers are very Zen despite being binary. Or maybe because of it.

. Maintain your disc with defragging and so forth.

. Check annoyances.org and other optimization sites for files you can clean up and other system improvements you can do.

. Make friends with download.com, tucows.com, nonags.com, majorgeeks.com, and other shareware sites as sources of removal tools.

. I've been very happy with data keys as a maintenance tool for when you're shitbogged AND can't get an internet connection. I keep Spybot, AdAware, and AVG on one and occasionally manually update and drop the files onto the data key. They're cheap, great for backup, portable, and all that good stuff.

Don't reformat your hard drive every time your computer is all asspants over ankles . . . just be aware of what spyware/malware/viruses/worms look like and feel like. You know a few sites that definitely don't have popups--google and MeFi, for starters--so popups at those places are a definite sign something is wrong. I hope I don't sound like an ass here . . . I just feel strongly about buying the world a Coke and teaching it that formatting is almost never necessary (at least in my experience, however anecdotal).
posted by littlegreenlights at 11:51 AM on May 20, 2004


Try Hijack this. It'll let you look for auto-started programs and IE extensions. It isn't blacklist-based like Ad-Aware and Spybot S&D, so you'll have to look for IE extensions that look funny and disable them yourself.
posted by zsazsa at 11:54 AM on May 20, 2004


Try running Spybot once.
Then set Spybot to run on boot up.
Shutdown, start up and let Spybot do it's thing again.

That might pick off anything that's hanging around in resident memory or in the registry.
posted by grum@work at 11:54 AM on May 20, 2004


I ran into a similar problem - something sneaky on my computer that adaware and spybot were not catching. I ran hijack this , copied the log and posted it to http://forums.techguy.org and they found the trojan that was hiding out in my system. You should give them a try they were extremely helpful to me.
posted by Julnyes at 12:14 PM on May 20, 2004


Response by poster: I wasn't able to locate an IP (unless someone can instruct me), but this is the page I initally get. When I click next, I get this, which does show it as the first page of results.

I have to head off to work, but I may try Hijack This when I get back. I'll let SystemWorks do a scan while I'm gone, though I doubt it will solve much.

I did get the last few Windows updates as well.
posted by MrAnonymous at 12:16 PM on May 20, 2004


I just got this message via email from a non-member with the address Christian.Gunsolley@cityofmesa.org, it looks promising:

That's caused by CoolWebSearch spyware (doesn't modify the HOSTS file). It's not removed by either Adaware or Spyware S&D. Have the user download and run CWShredder.exe. It'll fix the problem - I've been there.

url for CWShredder = http://www.spywareinfo.com/~merijn/downloads.html

... I need a Mefi account. =/

Chris

posted by zsazsa at 1:30 PM on May 20, 2004


Someone familiar with the problem e-mailed me and said that you're infected with a variant of the CoolWebSearch spyware, which isn't detected by Ad-Aware or Spyware S&D. They said you should run CWShredder, a tool written specifically for removing it.
posted by waxpancake at 1:42 PM on May 20, 2004


Response by poster: zsazsa/waxpancake: Thanks a lot. I'll try that tonight.
posted by MrAnonymous at 2:22 PM on May 20, 2004


Response by poster: CWShredder worked. Thanks to waxpancake and non-member Chris (who also emailed me) for pointing it out.

PS, Chris does need a Mefi account.
posted by MrAnonymous at 10:16 PM on May 20, 2004


« Older How can I sync PIM data between multiple computers...   |   How to clone a hard drive in Win2k? Newer »
This thread is closed to new comments.