Search hijacker

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I just got done cleaning up a computer that had one of the rogue
antimalware apps. This one was named "Control Center". After finally
figuring out a way to get around it in Safe Mode (it came up there too) I
was able to get rid of it with Malwarebytes. I went back in Normal mode and
ran it again. Also ran Superantispyware and am getting a clean bill of
health from both.

Antivirus is the free version of Avast.

I no sooner opened Firefox that up popped a notice, "Your computer is still
infected". Helluva time getting rid of that. Finally killed Firefox in Task
Manager and it went away.

Installed HiJack This and got rid of a lot of suspicious looking crap. That
took care of the pop ups, but still every time I Google for something, the
google links are getting redirected to all kinds of weird places. I
installed the MVPS hosts file and notice that it blocks almost all the
sites that I am being directed to.

I then ran ComboFix. Although it creates a log a mile long, I really don't
think it found anything and the hijack problem still persists.

So what is good for getting rid of browser hijackers?

--
        --- Everybody has a right to my opinion. ---

Re: Search hijacker



Lil' Abner wrote:
Quoted text here. Click to load it

HJT works for me.

Re: Search hijacker



Lil' Abner wrote:=20
Quoted text here. Click to load it

This is a new Rogue, removal guide here :=20
<http://www.bleepingcomputer.com/virus-removal/remove-control-center

Silj

--=20
"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable =
from
-- self-righteous sixteen-year-olds possessing infinite amounts of free =
time."
- Neil Stephenson, _Cryptonomicon_


Re: Search hijacker



september.org:

Quoted text here. Click to load it

Instructions for running Malwarebytes.
As mentioned above, that was the first thing I ran.

--
        --- Everybody has a right to my opinion. ---

Re: Search hijacker



Lil' Abner wrote:=20
Quoted text here. Click to load it

Noted, best bet is to post an HJT Log to your Forum of choice that =
supports HJT Logs.
As you already know you need to go this route or format and reinstall =
*but* since this is
a new known Rogue there is a possibility of recovery from the situation.

Good luck !

Silj

--=20
"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable =
from
-- self-righteous sixteen-year-olds possessing infinite amounts of free =
time."
- Neil Stephenson, _Cryptonomicon_


Re: Search hijacker





Lil' Abner wrote:
Quoted text here. Click to load it

Just curious if you had the latest def update and the latest version (1.41)
of MBAM?
Buffalo



Re: Search hijacker




Quoted text here. Click to load it

I installed mbam and updated it just before I ran it, so probably so.
I didn't really look at the version number.
A note of interest. I haven't used Adaware forever but I decided to
download it and try it. It didn't find much of anything but it did find a
bunch of entries in the HOSTS file it didn't like:
engine.awaps.net(127.0.0.1) @ 273
ads2.expatica.com(127.0.0.1) @ 707
www.hit-counter-download.com(127.0.0.1) @ 916
dl.jiangmin.com(127.0.0.1) @ 1069
ads.mcafee.com(127.0.0.1) @ 1229
directads.mcafee.com(127.0.0.1) @ 1230
vvww-avast.com(127.0.0.1) @ 5891
om.symantec.com(127.0.0.1) @ 10513
a.answers.com(127.0.0.1) @ 10897
microsoft.com.org(127.0.0.1) @ 12874
www.www.microsoft.com.org(127.0.0.1) @ 12875
wdcs.trendmicro.com(127.0.0.1) @ 15052

Those were all in the latest MVPS hosts file I just installed.

I am presently running AVG antispyware on it.

--
        --- Everybody has a right to my opinion. ---

Re: Search hijacker





Lil' Abner wrote:
Quoted text here. Click to load it
[snip]

Thanks for the reply.
Buiffalo



Re: Search hijacker



Have you checked for a rootkit?

Also, combofix sometimes works.

Quoted text here. Click to load it



Re: Search hijacker




Quoted text here. Click to load it

Hi there. You might try our forums for assistance. If you have something
new, we can deal with it. :)
http://www.malwarebytes.org/forums /
 



--
Dustin Cook [Malware Researcher]
MalwareBytes - http://www.malwarebytes.org
BugHunter - http://bughunter.it-mate.co.uk

Re: Search hijacker



Lil' Abner wrote:
Quoted text here. Click to load it

Did you try a-squared Free:

http://www.emsisoft.com/en/software/free /

or HiJackFree:

http://www.hijackfree.com/en /

--
  JD..

Site Timeline