I know that I have "getsearchredirect" but I can't get rid of it. I think it's a Bing + Edge thing.

H2OGuy · Aug 24, 2022

Hello,

I am using Edge on a Windows 10 computer using the Bing search engine. I am fairly certain that I am infected with "getsearchredirect" because I can watch it in my search bar (address bar) go to the getsearchredirect.com page. Two things. First of all, it doesn't redirect me to another page in the end. I go exactly where I want to go. It just eats up time going to the redirect page before sending me where I want to go, and I'd rather not have a redirect malware. Second, nothing that I do can seem to get rid of it. I've gone to the specific MalwareTips page, and none of it works. I don't have any obvious installed programs to remove, or any apparent browser items to remove. This started at least a month ago, probably more, and I did nothing about it because it wasn't actually taking me anywhere that I don't want to go. However, I recently realized that it could be not just eating up browser time with the redirect, but could be capturing user-specific information as well.

Malwarebytes just detects some false positives. ADW detects nothing, and I haven't tried Hitman because I don't want to get involved with Sophos, I've had a very bad experience with them in the past.

I did try SpyBot, and it detected some "ZippyShare" items that I don't recognize, but couldn't remove them without paying.

It appears to be an Edge + Bing specific item, as I can use other native search engines and other browsers (Firefox) without any interruption. I'm using ZoneAlarm firewall (free version) and BitDefender antivirus (free version).

I'd hate to know that it's anything tucked into Windows somewhere that's messing with my normal files as well. So if there's something on my computer that publishes the malware... I'd like to know.

Many thanks for your assistance. This is the first time that I've opened up a new post on MalwareTips.

nasdaq · Aug 25, 2022

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please execute Malwarebytes one more time and delete all the items that will reported.

Restart the computer normally after the removal.

If the problem persists run the Farbar Program and post fresh logs for my review.
Include a fresh Malwarebytes logs also.

H2OGuy · Aug 26, 2022

Hello, thank you for assisting me!

I did what you asked, with the one additional detail of first uninstalling the program that was generating all of the false positives.

I then ran MalwareBytes, which showed a clean system. Then I rebooted and ran MalwareBytes again, and it showed a clean system.

I checked in with Edge/Bing and discovered that "getsearchredirect" is still active, unfortunately.

I then ran MalwareBytes a third time in order to generate a log.

Then I ran Farbar RST again, so I could post the log for you. I hope it helps!

Edit: The system is not allowing me to post a FRST log. It uploads but does not display the FRST as being posted. Any help?

nasdaq · Aug 29, 2022

Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

No malware was found in your logs.
This fix is just some maintenance.

Please post the Fixlog.txt and let me know what problem persists.

H2OGuy · Aug 31, 2022

Hello! Thank you again.

I just ran the FRST and it said that it fixed everything (if you read my earlier version of this post, I was stupid because I had the Fix file in the wrong folder).

Where do I go now?

Thank you!

H2OGuy · Aug 31, 2022

I just went to use my browser, and it is still using getsearchredirect.

The connection is worse than ever. When I do a search now, it tries to connect to ".trovi.com".

If I do a search on my Bing homepage, getsearchredirect takes over and shows me a bunch of results using Google (supposedly).

I don't know if this is helpful or not, but I used SpyHunter (free) and it discovered getsearchredirect at:

c:\users\%me%\appdata\local\microsoft\edge\user data\default\preferences :: Sorry

nasdaq · Sep 1, 2022

Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

After the restart Clear browsing data stored on your device

View and delete browser history in Microsoft Edge

Learn how to view and delete your browser history and other history in Microsoft Edge.

support.microsoft.com

Restart Edge.

If the problem persist continue with the link above and Clear browsing data stored in the cloud (if you’ve turned on sync or personalization)

Please post the Fixlog.txt and let me know what problem persists.

H2OGuy · Sep 1, 2022

Hello.

Unfortunately, I'm still getting redirected through getsearchredirect into what is supposedly a Google search (that has next to nothing to do with my Bing search).

I had a Windows Update take place, do I need to make a new FRST Log for you? I don't know how FRST works, obviously.

H2OGuy · Sep 1, 2022

Unfortunately I'm still getting getsearchredirect when I use Bing on Edge. It doesn't affect anything else. I'm having trouble attaching the Fix log to this post.

I don't know if this is important or not, but I have had some system and software changes since I ran the first FRST that is being used. Do you want me to run another one with the updated information?

nasdaq · Sep 2, 2022

Hi,

Please run a scan with the Farbar program and post fresh logs for my review.
If you have difficulties in attaching the logs copy and paste them in our next reply.

H2OGuy · Sep 2, 2022

Hello again, thank you for putting up with me, I really do appreciate all of the time and effort that you're showing me.

Here are the two new FRST logs.

nasdaq · Sep 3, 2022

Hi,

Nothing suspicious was found in your logs.

I found this link Remove Getsearchredirecting.com Redirect (Removal Guide)

Remove Getsearchredirecting.com Redirect (Removal Guide)

This guide teaches you how to remove the Getsearchredirecting.com browser hijacker by following easy step-by-step instructions.

malwaretips.com

Some of the suggested tool have been used. No arm in going to the process again.
Try the other suggestions.

===

You may also have a problem with the Windows Updates.

Open the Addition.txt logs and look in the = Restore Points = section.

This error may be the cause or these multiple tries.

Under Application errors:
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.1889, time stamp: 0xd1439b88

I suggest your download and run the troubleshooter

Windows Update Troubleshooter

Windows Update Troubleshooter

Learn how to run Windows Update Troubleshooter to resolve errors downloading or installing Windows updates.

support.microsoft.com

Please keep ke posted of any development.

H2OGuy · Sep 3, 2022

Hello.

Well, thanks for reading the logs. Before I go, would it make any difference if Edge was open or closed during the Farbar scan?

I tried that link, but it didn't find any malware to remove. My Bing searches just keep getting redirected.

If this is a browser Edge/Bing issue, would resetting my whole computer get rid of it, or would it just hang around in memory or my personal filles? I don't know if Edge gets a clean start when Windows does.

nasdaq · Sep 4, 2022

Hi

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.

Code:

start

Comment: For your security a new restore point will be created.
CreateRestorePoint:
Comment: We need to close all processes to complete the fix.
CloseProcesses:

FilesInDirectory: c:\users\%me%\appdata\local\microsoft\edge\user data\default\preferences\*.*


Comment: The system will restart.
Reboot:

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

H2OGuy · Sep 4, 2022

Thank you again. Here is the log; now it is all of the search engines in Edge.

One thing that might need to be taken into account... when I originally posted the file path, I used "%me%" just to represent my name. It should actually be "mdv88" So,

c:\users\mdv88\appdata\local\microsoft\edge\user data\default\preferences\*.*

for instance. I hope that this hasn't been messing up all of your searches. I apologize for that. Maybe it will help?

nasdaq · Sep 5, 2022

Hi,

Can you open the folder in bold and see if there is such a folder or filles in it?

It may be hidden so make sure you can see all the files.

Show hidden files

Learn how to display hidden files, folders, and drives.

support.microsoft.com

H2OGuy · Sep 6, 2022

I'm sorry, I don't see a link in bold, but this is the only one that I can see, so:

c:\users\mdv88\appdata\local\microsoft\edge\user data\default\preferences\*.*

I can't get into any "preferences" fold (there isn't any). Yes, I can see hidden files and folders.

Sorry if I'm missing the bold link...

nasdaq · Sep 7, 2022

Hi,

You did good.

Let see if by chance the bad folder was created as a super hidden file.

refer to this link.

Make a Super Hidden Folder in Windows Without any Extra Software

Almost anyone knows how to make a “hidden” folder in Windows, but then again almost anyone knows how to make explorer show hidden folders. Let’s take a look at how to make a folder so hidden, only you will know its there.

www.howtogeek.com

If check uncheck this button.

Click the “View” tab. Uncheck the “Hide protected operating system files (Recommended)” box.

H2OGuy · Sep 7, 2022

As much as I wish that I had found an answer, I'm not sure that I did. Here's a screen capture of what I did and what I found:

nasdaq · Sep 8, 2022

Hi,

There someting in Windows 10 that eludes me.

Please start a topic in this Forum.

Windows 10 operating system.

Windows 10 Support Forum

Windows 10 Support: Use this forum to ask questions, and give answers for Microsofts Windows 10 operating system. Note: Any discussion topics on Windows 10 should be posted in the Windows 10 Discussion subforum

www.bleepingcomputer.com

An expert with that system may be able to help you find the files in the preferences folder.

When found you should delete them possibly in Safe Mode.

Keep me posted..

I know that I have "getsearchredirect" but I can't get rid of it. I think it's a Bing + Edge thing.

New Member

Attachments

Moderator

New Member

Attachments

Moderator

Attachments

New Member

Attachments

New Member

Moderator

Attachments

New Member

Attachments

New Member

Moderator

New Member

Attachments

Moderator

New Member

Moderator

New Member

Attachments

Moderator

New Member

Moderator

New Member

Moderator

Similar threads