1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google Search Hijacked

Discussion in 'Virus & Other Malware Removal' started by Tridoc, Apr 13, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Tridoc

    Tridoc Thread Starter

    Joined:
    Apr 12, 2010
    Messages:
    5
    When I search with Google on firefox and IE the results appear appropriate but when I click on one of then I get redirected to a different page usually showing search results vaguely related to what I was searching. When I tried yahoo search this did not happen. Thanks for your help. Attached is my HijackThis log.
     

    Attached Files:

  2. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Hi Tridoc And Wecome to TSG!

    This version of HijackThis is very old. That's OK we are not going to use it.


    Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

    Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

    Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.
    ---------------------------------------------------------------------------------------------


    1. Download ComboFix from below:

      Combofix download


      * IMPORTANT !!! Place combofix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


      You can get help on disabling your protection programs here
    3. Double click on combofix.exe & follow the prompts.
    4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

      Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


      [​IMG]


      The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

      With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

      Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

      ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

      The Recovery Console was successfully installed.

      [​IMG]

      Click on Yes, to continue scanning for malware.
    5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    6. When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      ---------------------------------------------------------------------------------------------
    7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      ---------------------------------------------------------------------------------------------
     
  3. Tridoc

    Tridoc Thread Starter

    Joined:
    Apr 12, 2010
    Messages:
    5
    ComboFix Log
     

    Attached Files:

  4. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Run CFScript


    • Close any open browsers.
    • Open Notepad by click start
    • Click Run
    • Type notepad into the box and click enter
    • Notepad will open
    • Copy and Paste everything from the Code box into Notepad:
    Code:
    KILLALL::
    
    Reglock::
    [HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new MBAM log.


    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.


    Next


    Update Run Malwarebytes


    • Launch Malwarebytes' Anti-Malware
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
     
  5. Tridoc

    Tridoc Thread Starter

    Joined:
    Apr 12, 2010
    Messages:
    5
    ComboFix Log and MBAM log
     

    Attached Files:

  6. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Looking better! Smile we are getting closer. Good job you done there!


    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go here then click on: [​IMG]
    • Select the option YES, I accept the Terms of Use then click on: [​IMG]
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on: [​IMG]
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on: [​IMG]
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Next



    Download Security Check from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    In your next reply, please include these log(s):

    EsetOnlineScanner\log.txt
    checkup.txt


    Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.
     
  7. Tridoc

    Tridoc Thread Starter

    Joined:
    Apr 12, 2010
    Messages:
    5
    The computer seems to be running normal. No problems running the scans. Thanks for your help. Here are the scan results.
     

    Attached Files:

  8. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    This is a false positive:

    C:\hp\bin\AUTOPLAY.EXE

    So your OK.

    There are some older versions of Java on your computer. These can be a source of infection.

    [[​IMG]
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
    • Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 20 -
    • Click the Download button to the right.
    • Select the Windows platform from the dropdown menu.
    • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u120 -windows-i586-p.exe to install the newest version.
    • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave BOTH Checked
        • Applications and Applets
          Trace and Log Files
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.

    To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml
    When all is well, you should see Java Version: 1.6.0_20 from Sun Microsystems Inc.


    And be sure to use:

    Secunia software inspector & update checker
    ----------------------------------------------------------------------------------

    Your Computer is Clean
    [​IMG]





    Some final items:


    Follow these steps to uninstall Combofix and tools used in the removal of malware

    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    This will uninstall Combofix and anything assoicated with it.

    Here are some additional links for you to check out to help you with your computer security.

    Browsers

    Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

    If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

    NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

    Additional Security Measures


    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

    Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

    Secunia software inspector & update checker

    My Blog Malware And Spyware Tips

    Also, see here for system improvement: Help! My computer is slow!


    It was a pleasure working with you Tridoc


    [​IMG]
     
  9. Tridoc

    Tridoc Thread Starter

    Joined:
    Apr 12, 2010
    Messages:
    5
    Thanks for all your help.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/916638

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice