My mom's computer is having a problem in which when we try to use Google when we select a result we get something totally random instead.

If one copies the link and pastes it into the box on the navigation bar, it does not happen. Clicking on links that navigate within a website does not seem to do it.

Any ideas where to look to fix this?

ETA: She's running XP Pro 2002 w/ Service pack 3, using Firefox 2.0.0.20 to browse.

I once had this problem. It was due to a sneaky piece of malware.

>> deleted after seeing your edit<<

My mom's computer is having a problem in which when we try to use Google when we select a result we get something totally random instead.

If one copies the link and pastes it into the box on the navigation bar, it does not happen. Clicking on links that navigate within a website does not seem to do it.

Any ideas where to look to fix this?

ETA: She's running XP Pro 2002 w/ Service pack 3, using Firefox 2.0.0.20 to browse.

This may be what a friend suffered from. Google for the text of the error mesage and you may find it's a known problem and the temporary fix is to disable saved name and password for Mom. She'll have to type it in every time she's prompted for it.

My wife is having a similar problem. I suspect our problem is malware re-directing DNS requests to some "let's serve our ads instead" DNS server in some eastern block country, as that's what it was last time.

Yours may be something different, especially since you can copy and paste links and go where you're expecting.

Last time, I got far enough into investigating it to determine that the DNS redirects had planted themselves in the Windows registry, and decided that the only way I'd feel safe running that computer again was with a complete bare-disk re-install of the operating system and software.

If you decide to re-install, and took a complete disk image backup of your own hard drive the last time you installed the software, getting up and running should just be a matter of re-loading that image on the hard drive. I'd do that from another computer.

If not, I'd format the hard drive and re-install everything.

I wouldn't try to save a step and use some "virus cleaner" program, but that's just me.

ETA: In re-reading your problem again, if your problem is malware, it may be that the malware you have is not quite so sophisticated, and is only re-directing Google. You might take a look at your hosts file (usually c:\windows\system32\drivers\etc\hosts) to see if someone has written an entry for Google there. If so, you might be able to fix your problem by removing the Google lines.

I'd also try using Internet Explorer, to see if it exhibits the same behavior.

This is fairly common malware. Relatively harmless as far as malware goes, but annoying as hell. You're being redirected to links provided by an affiliate program (pay-per-click) that the scammer has signed up with.

Essentially, all these seemingly random redirects are earning the scammer money by abusing a company's affiliate program.

Nuking Windows and reinstalling is total overkill. This is a simple problem to fix once found. Try Malwarebytes' Anti-Malware (http://www.malwarebytes.org/) or Spybot - Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html).

Nuking Windows and reinstalling is total overkill. This is a simple problem to fix once found. Try Malwarebytes' Anti-Malware (http://www.malwarebytes.org/) or Spybot - Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html).
The virus my wife had back in January had infiltrated the OS to such an extent that (a) it wouldn't allow the browser to go to the MalwareBytes' website, (b) wouldn't allow Malwarebytes to be installed from a USB drive after it had been downloaded on another computer.

I did manage to install it by renaming the installer, and had to rename the runtime also to get it to run.

Even after it ran, the malware kept coming back.

While it's quite possible that Malwarebytes has discovered how they were doing what they were doing in January and modified their software to handle it, as far as I'm concerned once malware has its hooks that deeply into the OS, nuking it and starting over is not total overkill, but simple prudence.

A keylogger can steal your banking or Paypal passwords, and there is no guarantee that the malware has not hooked or replaced some low-level Windows module Malwarebytes is using to scan for viruses, rendering itself invisible.

But everyone can determine for himself what level of risk they're comfortable with. If your mom is just using her computer to read the news and view her friends photos on Flickr, it may be no big deal. If she's using it for paying her bills online, I'd recommend better safe than sorry.

If it's not malware, you might also want to check the proxy server (http://en.wikipedia.org/wiki/Proxy_server) settings in the web browser. It could be that proxy server that is messing things up.