What is the Znoo.net hijacker?
The Malwarebytes research team has determined that the Znoo.net hijacker is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
This one uses browser shortcut hijacks and also displays advertisements.
How do I know if my computer is affected by Znoo.net hijacker?
You may see these warnings during install:
and this icon on your desktop during install:
your browser shortcuts on the taskbar, desktop and in the Startmenu will be altered to open this site:
and the altered shortcuts will look like this in their properties:
How did Znoo.net hijacker get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was offered as a key-generator for several software packages.
How do I remove Znoo.net hijacker?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes Znoo.net hijacker completely.
- Information about manually fixing altered shortcuts can be found here
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Znoo.net hijacker hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
There will be no signs in a HijackThis log.
Possible signs in FRST logs:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
C:\Users\Public\Desktop\Internet Explorer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera
C:\Users\Public\Desktop\Google Chrome.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
C:\Users\Public\Desktop\Opera.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
C:\Users\Public\Desktop\Mozilla Firefox.lnk
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Tarayýcýsý'ný Baþlat.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTIONAlterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Adds the file Google Chrome.lnk"="11/12/2015 08:43, 1200 bytes, A
Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1040 bytes, A
Alters the file Mozilla Firefox.lnk
25/06/2015 08:41, 1159 bytes, A ==> 11/12/2015 08:43, 1023 bytes, A
Alters the file Opera.lnk
25/06/2015 08:43, 1135 bytes, A ==> 11/12/2015 08:43, 976 bytes, A
In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
Alters the file Google Chrome.lnk
11/12/2015 08:39, 2218 bytes, A ==> 11/12/2015 08:43, 1206 bytes, A
Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera
Adds the file Opera.lnk"="11/12/2015 08:43, 982 bytes, A
In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
Alters the file Google Chrome.lnk
04/12/2015 08:51, 2279 bytes, A ==> 11/12/2015 08:43, 1212 bytes, A
Adds the file Internet Explorer Tarayýcýsý'ný Baþlat.lnk"="11/12/2015 08:43, 1052 bytes, A
Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1052 bytes, A
Adds the file Mozilla Firefox.lnk"="11/12/2015 08:43, 1035 bytes, A
Adds the file Opera.lnk"="11/12/2015 08:43, 988 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu
Adds the file Google Chrome.lnk"="11/12/2015 08:43, 1224 bytes, A
Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1064 bytes, A
Adds the file Mozilla Firefox.lnk"="11/12/2015 08:43, 1047 bytes, A
Adds the file Opera.lnk"="11/12/2015 08:43, 1000 bytes, A
In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
Alters the file Google Chrome.lnk
25/06/2015 08:47, 2290 bytes, A ==> 11/12/2015 08:43, 1224 bytes, A
Alters the file Internet Explorer.lnk
24/06/2015 22:35, 1419 bytes, A ==> 11/12/2015 08:43, 1064 bytes, A
Alters the file Mozilla Firefox.lnk
25/06/2015 08:41, 1159 bytes, A ==> 11/12/2015 08:43, 1047 bytes, A
Alters the file Opera.lnk
25/06/2015 08:43, 1135 bytes, A ==> 11/12/2015 08:43, 1000 bytes, A
In the existing folder C:\Users\Public\Desktop
Alters the file Google Chrome.lnk
11/12/2015 08:39, 2183 bytes, A ==> 11/12/2015 08:43, 1188 bytes, A
Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1028 bytes, A
Alters the file Mozilla Firefox.lnk
25/06/2015 08:41, 1147 bytes, A ==> 11/12/2015 08:43, 1011 bytes, A
Alters the file Opera.lnk
25/06/2015 08:43, 1135 bytes, A ==> 11/12/2015 08:43, 964 bytes, A
Malwarebytes Anti-Malware log:Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/12/2015
Scan Time: 10:01
Logfile: mbamZnooNet.txt
Administrator: Yes
Version: 2.2.0.1020
Malware Database: v2015.12.11.02
Rootkit Database: v2015.12.07.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311982
Time Elapsed: 5 min, 1 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1PUP.Optional.Amonetize.ShrtCln, C:\Users\{username}\Desktop\Installer.exe, Quarantined, [04cacbd84b40171f735851ffa9577a86],
Physical Sectors: 0
(No malicious items detected)
(end)Note: the log does not show the cleaned shortcuts, but when you see a detection with the ShrtCln addition the shortcuts were cleaned.As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
