I had and still have the same problem. I found that the following
Registry Key value were modified,
HKLM\System\CCS\Services\Tcpip\interfaces\{102DA901-56D9-4445-9C8D-194FFE2CE
9B1}:
NameServer = 85.255.114.40, 85.255.112.144
No anti-spyware software has found the trick, and could therefore not
fix it.
The IP addresses that causes the problems are, 85.255.114.40,
85.255.112.144. Of course this name server trick made my computer to
re-direct from Google or any other search engine. Last night it was OK,
but today it's back again.
These registry entries has been deleted as they are by HiJackThis
regarded as malware or equivalent.
O4 - HKCU\..\Run: [panel_its] SysEntry.exe
O4 - HKCU\..\Run: [bingo9] NsCplTray.exe
O4 - HKCU\..\Run: [dePloy] qwe.exe
Also a whole series with IP-addresses that point to a random selected
site has been identified. According to Internic they point at
http://www.estdomains.com. Strange, isn't it?
However, I would also need some tips and trick in this subject to get
this re-direct out of my system. Any ideas someone?
anders
I have the same symptoms as the original message. I've checked the
HOSTS file and it is empty. I've also run McAfee, Adaware, CCleaner,
etc and none of these detect what is happening.
Basically if I do a search and the results are displayed in Google, if
I click on the link I am redirected to a similar page but not the one I
am looking for. It follows the same pattern each time: the first time
is redirected, click back. Second time is redirected to a different
page, click back. Third time works - I am taken to the page I intended
to go to.
I am running IE 6 SP2 on Windows XP SP2. It's more annoying than
anything else; just would like to know how to clean it. I do not
believe this is a 302 redirect issue. It is hijacking searches and
displaying other pages for all types of webpages. Any info is
appreciated.
Kv
