Browser hijack [Closed]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Browser hijack [Closed], Trojan

Options

Raktor View Member Profile	Oct 25 2009, 10:17 PM Post #2
Trusted Helper Posts: 211 OS: Windows 7 Professional x64 RTM, Mac OS X 10.5	Hi, welcome to the G2G Forums. My username is Raktor, and I would be glad to help you with your malware issues. I'd be grateful if you would note the following: Absence of symptoms does not always mean the computer is clean Please do not run any scans or fixes without my direction. Finally, stay with this topic until I give you the final 'All clear' post. 1) exeHelper Please download exeHelper to your desktop. Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan) Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file). 2) DDS Please download DDS and save it to your desktop from here or here or here. Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt Save both reports to your desktop. 3) RR Please download RootRepeal.zip. Save it to your Desktop. Alternate download links here or here. Please print these instructions, you will not have an Internet connection! If you have a 3rd party "unzipping" program...use it to open the zipped file...then skip to Step 5. Otherwise... Right click on RootRepeal.zip and select "Extract All".... Click Next on the "Welcome to the Compressed (zipped) Folders Extraction Wizard." Click on the Browse...button, then click on Desktop, then click OK. Once done, check (tick) the Show extracted files box and click Finish. Before running RootRepeal: Disconnect from the Internet as your system will be unprotected while using this tool. Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan. Open the RootRepeal folder and double-click on RootRepeal.exe to launch it. When the program opens, click the Report tab at the bottom, then click the Scan button. In the Select Scan, dialog which asks What do you want to include in the scan?, check ALL the boxes. Click OK. In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK. The scan can take some time to finish. Do not use the computer while the scan is running. When the scan has completed, a list of files will be generated in the RootRepeal window. Click on the Save Report button and save it as "rootrepeal.txt" to your desktop. Close and exit RootRepeal Double-click on the file rootrepeal.txt... Notepad will open... copy/paste the file contents in your next reply. Make sure to enable your anti-virus, Firewall and any other security programs you disabled. Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "safe mode". 4) What You Will Need To Post: exeHelper log DDS logs RR log

Michael435 View Member Profile	Oct 26 2009, 07:20 AM Post #3
New Member Posts: 6 OS: Windows Vista	exeHelper instantly closes, says something but I can't see it DDS will run but - "The Process cannot access the file because it is bsing used by another process." x2 Rootrepeal gets a [bleep]load of memory read errors, probably same reason, the virus is using all of the access points. Crashes and gives me no log.

Raktor View Member Profile	Oct 26 2009, 05:35 PM Post #4
Trusted Helper Posts: 211 OS: Windows 7 Professional x64 RTM, Mac OS X 10.5	Please redownload exeHelper from here. It will be called explorer.exe. Run that, and post the log produced (if it doesn't close instantly).

Raktor View Member Profile	Oct 26 2009, 08:45 PM Post #6
Trusted Helper Posts: 211 OS: Windows 7 Professional x64 RTM, Mac OS X 10.5	Download Combofix from any of the links below but rename it to michael.com before saving it to your desktop. Link 1 Link 2 ================================== Double click on the renamed ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.

Raktor View Member Profile	Oct 28 2009, 04:37 PM Post #8
Trusted Helper Posts: 211 OS: Windows 7 Professional x64 RTM, Mac OS X 10.5	1) Combofix 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: c:\windows\win32k.sys Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "????r"=- Save this as "CFScript.txt", and as Type: All Files (.) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. 2) MBAM Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected . When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. 3) ESET You can use either Internet Explorer or Mozilla FireFox for this scan. Please go here then click on: QUOTE Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install. All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. Now click on Advanced Settings and select the following: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology Now click on: The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. When completed the Online Scan will begin automatically. Do not touch either the Mouse or keyboard during the scan otherwise it may stall. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! Now click on: Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Copy and paste that log as a reply to this topic. 4) What You Will Need To Post: Combofix log MBAM log ESET log

Raktor View Member Profile	Nov 5 2009, 04:14 AM Post #9
Trusted Helper Posts: 211 OS: Windows 7 Professional x64 RTM, Mac OS X 10.5	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal IE Browser Hijack [Closed]	6 / 727	23rd April 2009 - 12:55 PM bretty1980 started - last by Rorschach112
Virus, Spyware and Trojan Removal Adware, Spyware, Browser Hijack [Closed]	2 / 575	20th June 2009 - 01:42 PM Adam Lonsdale started - last by Rorschach112
Virus, Spyware and Trojan Removal browser hijack [Closed]	8 / 167	4th August 2009 - 11:02 PM amans started - last by fenzodahl512
Virus, Spyware and Trojan Removal Browser Hijack [Closed]	10 / 152	23rd August 2009 - 03:52 AM scitom started - last by Rorschach112