Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Chrome and Internet Explorer hijacked

hijack browser

  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

I've got a 94 year old father-in-law who goes to porn sites and picks up all sorts of stuff.  Suggest you put TeamViewer on his PC before you give it back to him.  That way you don't have to physically be where the PC is.  (Test it before you give it back to him)

 

Also it's a good idea to get rid of the old System Restore points that might have malware hiding in them.  We usually do that with delfix:

 

This removes our tools and their logs and quarantines and also removes all but the latest System Restore point so there is no chance of the malware coming back with a system restore.  Follow the instructions and ignore the picture since it doesn't show the correct options as checked.
 
 
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
 
Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
 
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
Last time I downloaded it you had to give them your IP address and they would send you the link to download it.  When it ran it asked if you were sure your PC was clean then it would try to allow everything on your PC to continue running.  The free version does not update on its own so you should check for updated versions once in a while.  If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
Make sure Windows Updates is turned and that it works.  

  • 0

Advertisements


#17
cgnolte

cgnolte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I tried System Restore to the point prior to the online scan tool, but Windows still complained Windows was not genuine, so I undid the System Restore.  Then I ran Delfix:

# DelFix v1.011 - Logfile created 13/02/2016 at 17:38:13

# Updated 18/08/2015 by Xplode
# Username : Sue - BOOTS
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Sue\Desktop\Addition.txt
Deleted : C:\Users\Sue\Desktop\AdwCleaner.exe
Deleted : C:\Users\Sue\Desktop\Fixlog.txt
Deleted : C:\Users\Sue\Desktop\FRST.txt
Deleted : C:\Users\Sue\Desktop\FRST64.exe
Deleted : C:\Users\Sue\Desktop\JRT.exe
Deleted : C:\Users\Sue\Desktop\JRT.txt
Deleted : C:\Users\Sue\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Sue\Downloads\FRST.txt

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #736 [JRT Pre-Junkware Removal | 02/13/2016 10:44:47]
Deleted : RP #737 [Windows Update | 02/13/2016 18:13:51]
Deleted : RP #738 [Removed Skype™ 7.5 | 02/13/2016 18:21:47]
Deleted : RP #739 [Removed Google Drive | 02/13/2016 18:25:09]
Deleted : RP #740 [Removed Google Chrome | 02/13/2016 18:28:13]
Deleted : RP #741 [Restore Operation | 02/13/2016 19:41:04]
Deleted : RP #742 [Windows Update | 02/13/2016 20:05:54]
Deleted : RP #743 [Restore Operation | 02/13/2016 20:21:58]
Deleted : RP #744 [Windows Update | 02/13/2016 20:51:45]
Deleted : RP #745 [Restore Operation | 02/13/2016 20:54:03]

New restore point created !

########## - EOF - ##########
 

I then unenabled JavaScript in Acrobat DC. Closed Acrobat and immediately Shockwave crashed...


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

Don't know why it crashed but he probably doesn't need Shockwave. You can just uninstall it or try a newer version.


  • 0

#19
cgnolte

cgnolte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Ok, I think we're mostly good to go here. I downloaded the Windows Update Readiness Tool, which ran ok. Now it is giving a more official-looking prompt to re-validate our copy of Windows 7.  The problem is, it came preinstalled when my wife got the computer from Lenovo, and she has no idea where the license certificates are, if she ever got them.  Until we get that resolved, I think we won't be able to do any Windows updates.  But maybe FIL can use it for another month or so before returning to China...

 

You mentioned that McAfee is useless.  What virus protector do you recommend for the casual user? Are any of the pay options actually better than free ones, such as AVG?


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

There should be a sticker with the license number on the bottom or you can contact Lenovo with the serial number of the laptop.  I think you have 30 days until it turns into a pumpkin.  

 

I use the free Avast on all of my PCs.  It's pretty good about blocking access to bad websites and their boot-time scan is really good and can remove a lot of stuff that other anti-viruses can't because it loads before windows really gets started.  Doesn't slow your system down like Norton.   It will also remind you to update certain important programs like Flash or Java.   

Download Avast from

https://www.avast.com/index

 

Save it but don't install it yet.

If you install Crytoprevent probably best to uninstall it when changing anti-viruses and reinstall it afterward.

 

Download the McAfee Removal tool (McAfee is notorious for not completely uninstalling)
(If you think you might want to reinstall McAfee later then follow the instructions here to save your license info:
http://service.mcafe...spx?id=TS100507 Also make sure you turn off automatic renewal so it doesn't charge your credit card )
Uninstall McAfee, run the McAfee uninstall tool, reboot.
Install Avast (right click and Run as Admin)
 
You need to register but they just want a name and an email address.  You will need to reregister each year.  The free (basic) option will always be available but probably not the default choice.  
 

I do like to go into Settings and set the top two  popups settings to 1 second since they like to use them for ads to get you to upgrade.  I also uncheck the Scan Completed box under sounds so it doesn't wake me up. 

 

  • 0

#21
cgnolte

cgnolte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Once I removed the battery cover I found the Windows certificate code.  After reauthenticating I was able to complete Windows update, and I think everything is now good to go. I also installed Avast.  FYI, AdwareBlock shows it is blocking 26 things when I go to the start page father-in-law uses.  Let's hope he can stay virus free for the next month he's using this computer.

 

Thanks for all your help. This site is great. Do you guys have a tip jar or any way for users to contribute?


  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Glad we could help.
 
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

  • 0






Similar Topics


Also tagged with one or more of these keywords: hijack, browser

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP