Both IE & Firefox Hijacked

By srinag315
Dec 18, 2008
Topic Status:
Not open for further replies.
  1. Hi,

    My both IE 7 and Firefox 3 hijacked,

    1. if i goto google.com and search and click the link it opens a different site.
    2. I try to do windows update it throws page not found error
    3. I tried the steps to remove the malware, but no luck, when i try to install Malwarebytes nothing happens, installed lavasoft adware installed but not able to update if i click throwing error, my mcafee failed even not able go to mcafee.com on any browser.
    4. tried to install google chrome no luck..
    5. with great difficulty installed hijackthis got the logged and attached.

    I am running Windows XP service pack 3, IE 7 and firefox 3.

    Any help please?

    Thanks

    -SN

    Attached Files:

    • log.txt
      File size:
      11.2 KB
      Views:
      5
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please follow the Steps here: http://www.techspot.com/vb/topic58138.html

    Attach all three logs when through for review.

    I did look at the HijackThis log. You have the about:blank malware for one. You also have several out of date programs: Examples Java, AdAware.

    Please turn off the following Real Time Monitoring before running the scans:
    Ad-Aware Ad-Watch
    If you are slow, aside from malware, it' because you have way too many processes loading on boot.

    Please check the following and tell me which, if any are either your ISP, school or company network:
    We will deal with the remainder when the other log and a new Hijackthis log is ready.
  3. srinag315

    srinag315 Newcomer, in training Topic Starter

    Thanks Bobbye

    Hi,

    Thanks for the reply.

    I am not able to find the Ad-Watch stuff you talking about I removed the services for Ad-Watch,

    I removed all my ISP and previous work VPN settings etc.. Here is my latest HijackThis log attached, but still problem continues.

    Thanks again for the response.

    -SN
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Where are the logs for Malwarebytes and SuperAntispyware? There are three programs to run and I need all the logs.

    I did not mean for you to removed the entries I asked about- just verify them. You do have malware- I can see:
    Trojan.Fakeavalert:
    O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
    Rogue Installer:
    O20 - Winlogon Notify: wvUnNebY - wvUnNebY.dll (file missing)
    but I need the other logs as the other programs should find and remove all the entries for this malware.. You will need to run HijackThis again AFTER running the other two programs. Please follow the steps in the link I gave you.

    You can go ahead and do this, something that is also found in the Steps on the cleaning thread:

    Update Java:
    Reset Cookies:
  5. srinag315

    srinag315 Newcomer, in training Topic Starter

    Hi,

    Thanks for the quick response.

    My problem not give you log of Malwarebytes and SuperAntispyware is not able to install, after download malwarebytes (mbam-setup.exe) i try to run it's not doing anything, i when i check my taskmanager / processes it lists "mbam-setup.exe" with 2116k, nothing happens.

    When i try to download superantispyware it's throwing page not found error, not able to download.

    I've successfully installed "Ad-aware 2007", when i click update it says "SSL Download failed".

    Only thing was able to install was HijackThis...

    i've installed "Java" as per your link and removed all Java programs now i have two

    1. Java (TM) 6 update 11
    2. Java (TM) SE Runtime Environment 6 Update 1 (not 11).

    Is there anything I can do to remove?

    Thanks again for the help.

    -SN
  6. joehorror

    joehorror Newcomer, in training Posts: 45

    I had the same problem. I downloaded mbam to my desktop, renamed it "setitup.exe" and installed. Once installed I headed over to my Program Files folder, located the Malwarebytes folder, and renamed the "exe" executable file. I then performed a quick scan. Once that was finished I deleted what it found, rebooted and tried to RE-DOWNLOAD SuperAntiSpyware, it worked. I made sure to rename SAS and the executable and then run that. After running both I was able to delete enough off my comp to update both and run them again.
  7. srinag315

    srinag315 Newcomer, in training Topic Starter

    Hi Joehorror, thanks for your suggestion it worked perfectly.. after installing malwarebytes found 29 malware in my machine and removed everything..

    How to protect in future it wont happen again? I have mcafee security center and windows defender but NO luck :(

    Once again BIG thanks bobby and joe.

    -SN
  8. joehorror

    joehorror Newcomer, in training Posts: 45

    I let my Norton lapse and figured, "No biggie." and I downloaded and installed McAfee instead. It let me down...big time. After this I'm going to snatch up Norton again and continue using SUPERAntiSpyware and Malwarebytes. I'm also installing and running Avira's free antivirus program.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please attach the logs. I can't assure that malware is gone until I see them. If you are not going to do that, I will close this thread.
  10. srinag315

    srinag315 Newcomer, in training Topic Starter

    log files

    Hi Bobby

    Thanks for the response.

    Here are the log files both HijackThis and Malwarebytes log.

    Please let me know if everything gone once for all..

    Also please let me know how to improve the speed of my computer? it's a intel dual core DELL-Latitude-D620, but it runs very slow..

    Thanks
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You system specs show 1GB RAM installed. Is that what you have?

    Right click on the Taskbar> Task Manager> look in lower left corner: how many processes are running?

    Close any open Windows and email:
    Then let's try something: Boot into Safe Mode:
    Start> Run> Msconfig> enter> Selective Startup> Startup tab: UNCHECK everything EXCEPT for:
    McUpdate.exe
    McAgent.exe
    Mcmnhdlr.exe

    UNCHECK ALL other McAfee processes and everything else.
    Reboot the computer into Normal Mode.
    Right click on the Taskbar> Task Manager> Now how many processes are running? (same as before, With active Windows and email closed)

    More on the long after you do this.
     
  12. srinag315

    srinag315 Newcomer, in training Topic Starter

    thanks

    Hi

    Right click on the Taskbar> Task Manager> look in lower left corner: how many processes are running? - 42 running

    After booting in safe mode and using msconfig i removed everything else now it says 31. screen shot attached.

    Please let me know

    Thanks

    -Srini
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Nice job! Thanks. Here is the following breakdown, FYI:

    Going by number alone, 42 processes is within a good range, so is 31. (I have 37 with Firefox open with 7 tabs, OE minimized) But here is a breakdown you might find interesting:

    Of the top 13 highest resources users, (26,000 to 5,000k) 7 are McAfee related.
    Of the remaining 18 processes, 3 more are McAfee related
    Total McAfee processes running: 10
    This is a good example of why I prefer stand alone programs to suites. All suites come with 'extra' processes and all go on the Startup menu. But this is an individual choice of the user.

    The other 3 high resource users:
    1. Java Quick Start Service. Can be disabled. Came with the 6u10 update:
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    Start> Run> services.msc> right click on this Service> Properties> change startup Type to Disabled.
    2. scardsvr.exe>> Related to SmartCard readers and sometimes uses lots of system resources. Does not need to start on boot 2,600
    3. MsMpEng.exe>> Microsoft Windows Defender Antispyware.>> very high resource user>> 26,000

    Now to the HijackThis log:
    These need to be removed:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://

    The exception is if you have set a homepage to display as blank. If you have, leave that entry but remove the second one.

    Remove this from the Trusted Zone:
    O15 - Trusted Zone: http://www.earthcaller.com
    Open IE: Tools> Internet Options> Security tab> Trusted zone> highlight and remove.

    Please give me an assessment of your system:
    Are initial problems gone?
    Do you notice increased speed in load, surf and shutdown time?
    Do you have any other system matters you want to address?

    Please rescan with HijackThis and attach a new log. Then we should be through.
  14. srinag315

    srinag315 Newcomer, in training Topic Starter

    thanks

    Hi Bobby,

    I've made necessary changes, my computer is much improved and it's running visible difference in the speed.

    Thanks.

    -SN
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, glad to hear that. If I didn't do this before:

    Remove the cleaning tools:
    * Download OTCleanIt (http://download.bleepingcomputer.com.../OTCleanIt.exe)
    http://download.bleepingcomputer.com.../OTCleanIt.exe

    * Click the CleanUp! button.
    * It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).

    Clear your existing System Restore points and establish a new clean restore point:
    Quote:
    Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
    * Next, go to Start > Run and type in cleanmgr
    "Ensure the selection is on C:\ and click on OK"-
    * Select the *More options* tab
    * Choose the option to clean up System Restore and OK it.
    * This will remove all restore points except the new one you just created.

    Let us know if you need more help.

    Happy Holiday!
  16. srinag315

    srinag315 Newcomer, in training Topic Starter

    hi Bobby,

    THanks, I've done all the stuff you requested and it's completed successfully.

    One final question, as per my processes Mcafee takes more resources, is it advisable to remove mcafee and install something. Because of two reasons, mainly last attack it was not able to find anything and taking more resources.

    Please let me know your thoughts.

    THanks

    -SN
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    I am not big on 'suites'. I find the standalone programs don't have all the 'extras' and use less resources.

    I now use Nod32 for antivirus, SpywareBlaster and Spybot Search & Destroy for spyware/adware programs. I have a router with hardware firewalls and only use the Windows Firewall in addition.

    This may help if you decide to remove McAfee:
    Free Security:
    Recommended Free Anti Virus:
    Avast Free:http://www.avast.com/eng/download-avast-home.html
    Avira Free:http://www.free-av.com/en/products/1/avira_antivir_personal__free_antivirus.html

    Recommended Free Firewall:
    Comodo:http://www.personalfirewall.comodo.com/
    Zonealarm:http://www.zonealarm.com/store/content/catalog/products/zonealarm_free_firewall.jsp

    Spyware/Adware Programs:
    Spybot Search & Destroy: http://www.techspot.com/downloads/149-spybot-search-and-destroy-detection-update.html

    SpywareBlaster: http://www.techspot.com/downloads/568-spywareblaster.html

    Spyware Doctor: http://www.techspot.com/downloads/176-spyware-doctor.html

    Let me know if you decide to remove McAfee and I'll walk you through and installing the new so you remain protected.
  18. srinag315

    srinag315 Newcomer, in training Topic Starter

    hi Bobby

    Thanks for your reply and Happy New Year.

    What do you recommend? remove mcafee? If this will improve speed and avoid Malware i can go for it, but let me know how quick i can be done..

    Please let me know.

    Thanks

    -SN
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    As I mentioned, I don't care for security suites. They bring many processes and consume a lot of resources. But you have paid for McAfee and shouldn't waste that money- unless you are critical for speed- then it might be best to burn the money and get less resource-intensive programs..

    I suggest you let the current subscription come to the expiration time. The download the stand alone programs:
    Avast or Avira for antivirus- free
    Comod or ZoneAlarm for firewall (ZA has suite also-so just get the firewall)- free
    Good layered spyware/adware programs would be SpywareBlaster- free.
    Since You have AdWatch, that means you also got the paid AdAware, so keep it, but disable AdWatch. I found the alerts to be a nuisance because basically "everything" changes the Registry!
    Spybot Search & Destroy has some good features, but I don't run Teatimer.

    One AV
    One firewall
    Two or more spyware/adware programs.

    Let me know if I can be of more help
  20. srinag315

    srinag315 Newcomer, in training Topic Starter

    Hi Bobby,

    THanks for your reply.

    My current Mcafee expires in 3 months, I don't mind forgo 3months (no use!!) remove Mcafee and install you mentioned stuff.

    If I find any difficulty I'll get back to you.

    THanks again for the help

    -Srini
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You're welcome. You should notice a significant improvement in speed with the McAfee suite gone.

    Have all original problems been solved and is the system running well? If so, let us know if you need more help
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.