Fixing a tricky browser hijack

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have google set up as my browser home page.
There is a translation program called babylon
that has stolen the link even though I keep changing it back.

I did a full spybot scan and also a quick malwarebytes
scan and it didn't find it.  I'm about to do a full malwarebytes
scan.

I did check out the .js file and it had
nothing custom written in it.  In fact, it
seems it has nothing but a commented note.

I selected "default" for the Home URL and so it has the Firefox one
in there now, but I'm still having the problem.  There are all these
"sponsored links"
that come up on the first full page of results, so you don't see
any google results until you scroll down.

I also did an msconfig to see if it was starting up and a control alt
delete to see if it was there.  I did uninstall it yesterday.

There is a site that describes it but it wants a fee.

Anyone have any ideas?

--
Robert Pearson
ParaMind Brainstorming Software http://www.paramind.net
Creative Virtue Press/Telical Books/Regenerative Music
http://www.rspearson.com

Re: Fixing a tricky browser hijack

On Wed, 13 May 2009 09:23:19 -0700 (PDT), Brainstormer

Quoted text here. Click to load it

Does anything at this link help you?
http://forums.cnet.com/5208-6122_102-0.html?messageID=3006321



Re: Fixing a tricky browser hijack



Quoted text here. Click to load it


| Reminds me of an episode of "Star Trek" with Harcourt Fenton Mudd's robots.


I remember that episode well :-)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Fixing a tricky browser hijack

On Wed, 13 May 2009 09:23:19 -0700 (PDT), Brainstormer after much
thought,came up with this jewel:

Quoted text here. Click to load it

*********begin canned responce******************

1.Ensure the built-in firewall is enabled (remove 3rd party PFW).

2.Internet Options
General tab
Under 'Browsing history' click the 'Delete...' button to delete
temporary
files, history, cookies etc..
Advanced tab
Under 'Security' [check] 'Empty Temporary Internet Files folder when
browser is closed'.
Click the OK button.

3.On-demand AV applications.
David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free /
Additional Instructions:
http://pcdid.com/Multi_AV.htm
--and/or--
Kaspersky's AVPTool
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool /
--or--
http://ftp.kaspersky.com/devbuilds/AVPTool /
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.
--and/or--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit /
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.
--and/or--
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

If you operating system is considered clean:
Flush your System Restore Cache
Right click "My Computer" icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [check] 'Turn
off
System Restore on all drives'.
Click 'Apply' then click OK
Reboot.
Right click "My Computer" icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [uncheck] 'Turn
off System Restore on all drives'.
Note: ensure that under 'Available drives' the Status of Drive does show
'Monitoring'.
And then manually create a Restore point.
Go to:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
And scroll down to: Create a Restore Point.

Then download/install:
Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com /
(The free version won't scan your emails.)
Unless you are using Microsoft Outlook or Loutus Notes (MAPI or VIM),
scanning email is worthless.
Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm
Ensure your e-mail program is configured to display e-mail messages in
'Plain Text' only.

And:
Windows® Defender
http://www.microsoft.com/downloads/details.aspx?familyid=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en

Then:
Download and execute HiJackThis! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is required in any of the forums
before posting a HJT log and please read the 'stickies'
(instructions/guidelines) for the respective HJT forum.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29
http://aumha.net/viewforum.php?f=30
http://forums.spywareinfo.com/index.php?&showforum=18
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://forum.malwareremoval.com/viewforum.php?f=11
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://forums.spywareinfo.com/index.php?showforum=18
http://www.techmonkeys.co.uk/forums/viewforum.php?f=8
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://forums.spywaretimes.com/index.php?showforum=2
http://www.bluetack.co.uk/forums/index.php?showforum=172
http://forums.techguy.org/f54-s.html
http://forums.subratam.org/index.php?showforum=7
http://www.wilderssecurity.com/forumdisplay.php?f=26
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security /
http://forums.security-central.us/forumdisplay.php?f=13
http://castlecops.com/forum67.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://www.lavasoftsupport.com/index.php?showforum=36
http://forum.piriform.com/index.php?showforum=12

Post back the URL where you posted your log, *not* the entire log!

Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

*************end canned responce******************

max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is specifically setup for use in USENET

Site Timeline