Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Znoo.net hijacker

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,138 posts
Content is republished with permission from Malwarebytes.

What is the Znoo.net hijacker?

The Malwarebytes research team has determined that the Znoo.net hijacker is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
This one uses browser shortcut hijacks and also displays advertisements.

How do I know if my computer is affected by Znoo.net hijacker?

You may see these warnings during install:

warning1.png

warning2.png

and this icon on your desktop during install:

icons.png

your browser shortcuts on the taskbar, desktop and in the Startmenu will be altered to open this site:

main.png

and the altered shortcuts will look like this in their properties:

warning3.png

How did Znoo.net hijacker get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was offered as a key-generator for several software packages.

How do I remove Znoo.net hijacker?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of Znoo.net hijacker?
  • No, Malwarebytes' Anti-Malware removes Znoo.net hijacker completely.
  • Information about manually fixing altered shortcuts can be found here
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Znoo.net hijacker hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png


Technical details for experts

There will be no signs in a HijackThis log.

Possible signs in FRST logs:

 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
 C:\Users\Public\Desktop\Internet Explorer.lnk
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera
 C:\Users\Public\Desktop\Google Chrome.lnk
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
 C:\Users\Public\Desktop\Opera.lnk
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
 C:\Users\Public\Desktop\Mozilla Firefox.lnk


ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Tarayýcýsý'ný Baþlat.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION
Alterations made by the installer:

File system details [View: All details] (Selection)
---------------------------------------------------
    In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs
       Adds the file Google Chrome.lnk"="11/12/2015 08:43, 1200 bytes, A
       Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1040 bytes, A
       Alters the file Mozilla Firefox.lnk
        25/06/2015 08:41, 1159 bytes, A ==> 11/12/2015 08:43, 1023 bytes, A
       Alters the file Opera.lnk
        25/06/2015 08:43, 1135 bytes, A ==> 11/12/2015 08:43, 976 bytes, A
    In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
       Alters the file Google Chrome.lnk
        11/12/2015 08:39, 2218 bytes, A ==> 11/12/2015 08:43, 1206 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera
       Adds the file Opera.lnk"="11/12/2015 08:43, 982 bytes, A
    In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
       Alters the file Google Chrome.lnk
        04/12/2015 08:51, 2279 bytes, A ==> 11/12/2015 08:43, 1212 bytes, A
       Adds the file Internet Explorer Tarayýcýsý'ný Baþlat.lnk"="11/12/2015 08:43, 1052 bytes, A
       Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1052 bytes, A
       Adds the file Mozilla Firefox.lnk"="11/12/2015 08:43, 1035 bytes, A
       Adds the file Opera.lnk"="11/12/2015 08:43, 988 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu
       Adds the file Google Chrome.lnk"="11/12/2015 08:43, 1224 bytes, A
       Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1064 bytes, A
       Adds the file Mozilla Firefox.lnk"="11/12/2015 08:43, 1047 bytes, A
       Adds the file Opera.lnk"="11/12/2015 08:43, 1000 bytes, A
    In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
       Alters the file Google Chrome.lnk
        25/06/2015 08:47, 2290 bytes, A ==> 11/12/2015 08:43, 1224 bytes, A
       Alters the file Internet Explorer.lnk
        24/06/2015 22:35, 1419 bytes, A ==> 11/12/2015 08:43, 1064 bytes, A
       Alters the file Mozilla Firefox.lnk
        25/06/2015 08:41, 1159 bytes, A ==> 11/12/2015 08:43, 1047 bytes, A
       Alters the file Opera.lnk
        25/06/2015 08:43, 1135 bytes, A ==> 11/12/2015 08:43, 1000 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Alters the file Google Chrome.lnk
        11/12/2015 08:39, 2183 bytes, A ==> 11/12/2015 08:43, 1188 bytes, A
       Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1028 bytes, A
       Alters the file Mozilla Firefox.lnk
        25/06/2015 08:41, 1147 bytes, A ==> 11/12/2015 08:43, 1011 bytes, A
       Alters the file Opera.lnk
        25/06/2015 08:43, 1135 bytes, A ==> 11/12/2015 08:43, 964 bytes, A
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/12/2015
Scan Time: 10:01
Logfile: mbamZnooNet.txt
Administrator: Yes

Version: 2.2.0.1020
Malware Database: v2015.12.11.02
Rootkit Database: v2015.12.07.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311982
Time Elapsed: 5 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1PUP.Optional.Amonetize.ShrtCln, C:\Users\{username}\Desktop\Installer.exe, Quarantined, [04cacbd84b40171f735851ffa9577a86], 

Physical Sectors: 0
(No malicious items detected)


(end)
Note: the log does not show the cleaned shortcuts, but when you see a detection with the ShrtCln addition the shortcuts were cleaned.

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.