What is the Znoo.net hijacker?
The Malwarebytes research team has determined that the Znoo.net hijacker is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
This one uses browser shortcut hijacks and also displays advertisements.
How do I know if my computer is affected by Znoo.net hijacker?
You may see these warnings during install:
and this icon on your desktop during install:
your browser shortcuts on the taskbar, desktop and in the Startmenu will be altered to open this site:
and the altered shortcuts will look like this in their properties:
How did Znoo.net hijacker get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was offered as a key-generator for several software packages.
How do I remove Znoo.net hijacker?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes Znoo.net hijacker completely.
- Information about manually fixing altered shortcuts can be found here
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Znoo.net hijacker hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
There will be no signs in a HijackThis log.
Possible signs in FRST logs:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk C:\Users\Public\Desktop\Internet Explorer.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera C:\Users\Public\Desktop\Google Chrome.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk C:\Users\Public\Desktop\Opera.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk C:\Users\Public\Desktop\Mozilla Firefox.lnk ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Tarayýcýsý'ný Baþlat.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\Public\Desktop\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTIONAlterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs Adds the file Google Chrome.lnk"="11/12/2015 08:43, 1200 bytes, A Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1040 bytes, A Alters the file Mozilla Firefox.lnk 25/06/2015 08:41, 1159 bytes, A ==> 11/12/2015 08:43, 1023 bytes, A Alters the file Opera.lnk 25/06/2015 08:43, 1135 bytes, A ==> 11/12/2015 08:43, 976 bytes, A In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome Alters the file Google Chrome.lnk 11/12/2015 08:39, 2218 bytes, A ==> 11/12/2015 08:43, 1206 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Adds the file Opera.lnk"="11/12/2015 08:43, 982 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch Alters the file Google Chrome.lnk 04/12/2015 08:51, 2279 bytes, A ==> 11/12/2015 08:43, 1212 bytes, A Adds the file Internet Explorer Tarayýcýsý'ný Baþlat.lnk"="11/12/2015 08:43, 1052 bytes, A Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1052 bytes, A Adds the file Mozilla Firefox.lnk"="11/12/2015 08:43, 1035 bytes, A Adds the file Opera.lnk"="11/12/2015 08:43, 988 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu Adds the file Google Chrome.lnk"="11/12/2015 08:43, 1224 bytes, A Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1064 bytes, A Adds the file Mozilla Firefox.lnk"="11/12/2015 08:43, 1047 bytes, A Adds the file Opera.lnk"="11/12/2015 08:43, 1000 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar Alters the file Google Chrome.lnk 25/06/2015 08:47, 2290 bytes, A ==> 11/12/2015 08:43, 1224 bytes, A Alters the file Internet Explorer.lnk 24/06/2015 22:35, 1419 bytes, A ==> 11/12/2015 08:43, 1064 bytes, A Alters the file Mozilla Firefox.lnk 25/06/2015 08:41, 1159 bytes, A ==> 11/12/2015 08:43, 1047 bytes, A Alters the file Opera.lnk 25/06/2015 08:43, 1135 bytes, A ==> 11/12/2015 08:43, 1000 bytes, A In the existing folder C:\Users\Public\Desktop Alters the file Google Chrome.lnk 11/12/2015 08:39, 2183 bytes, A ==> 11/12/2015 08:43, 1188 bytes, A Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1028 bytes, A Alters the file Mozilla Firefox.lnk 25/06/2015 08:41, 1147 bytes, A ==> 11/12/2015 08:43, 1011 bytes, A Alters the file Opera.lnk 25/06/2015 08:43, 1135 bytes, A ==> 11/12/2015 08:43, 964 bytes, AMalwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/12/2015 Scan Time: 10:01 Logfile: mbamZnooNet.txt Administrator: Yes Version: 2.2.0.1020 Malware Database: v2015.12.11.02 Rootkit Database: v2015.12.07.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 311982 Time Elapsed: 5 min, 1 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1PUP.Optional.Amonetize.ShrtCln, C:\Users\{username}\Desktop\Installer.exe, Quarantined, [04cacbd84b40171f735851ffa9577a86], Physical Sectors: 0 (No malicious items detected) (end)Note: the log does not show the cleaned shortcuts, but when you see a detection with the ShrtCln addition the shortcuts were cleaned.
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention