Browser hijack [google redirect to random sites]

By Useless_backup
Jan 21, 2007
Topic Status:
Not open for further replies.
  1. the links at the result of search engines are redirecting me to random sites (usually btcar) I have scanned my computer with AVG Spybot and f-secure and found nothing that is important [found tracking cookies with AVG].

    Here is my HJT logfile

    anyhelp is appeciated
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of Useless_backup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. Useless_backup

    Useless_backup Newcomer, in training Topic Starter

    Well reformating, I consider as my "last option" if this whole thing doesnt work out. So cleaning would be the choice for me

    My latest HJT log


    thanks for responding =)
    srry for late response =/
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Your HJT log is clean.

    I want to check for rootkits.

    Download and run the Blacklight programme. follow all the instructions carefully.

    I`d also like to see an AVG Antispyware log. Please post it as an attachment.

    Let me know the results.

    Regards Howard :)

    This thread is for the use of Useless_backup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. Useless_backup

    Useless_backup Newcomer, in training Topic Starter

    sorry bout posting the log file not as attachment again =/ im runing avg right now ill post asap

    I ran AVG plus F-secure Blacklight
    I found something on Blacklight (kdhlz.exe) but i didnt rename it as i had a strange feeling i would regret it but the attached reports will show u.

    Attached Files:

  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    I can find no info for the kdhlz.exe file. Therefore, the chances are that it`s bad.

    Your HJT log is still clean.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    kdhlz.exe

    Close task manager.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\system32\kdhlz.exe

    Reboot into normal mode and rehide your protected OS files.

    Let me know how your system is running.

    Regards Howard :)

    This thread is for the use of Useless_backup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. Useless_backup

    Useless_backup Newcomer, in training Topic Starter

    I have done everything u said but there is one problem, I couldnt find kdhlz.exe in safe mode. Ive looked through windows explorer [used search also] and also by running cmd. After doing all that i recall the option of renaming this program thrgouh blacklight, would this be a wise choice?
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Yes, that would be a very wise choice.

    Let me know the results.

    Regards Howard :)

    This thread is for the use of Useless_backup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. Useless_backup

    Useless_backup Newcomer, in training Topic Starter

    Well... I found two hidden procceses when i searched with Blacklight again... but kdhlz.exe was renamed as u can see in my attachements. But the good thing is that my search engine results are back to normal. I also have to ask about 3 files that were placed on my desktop when renaming kdhlz.exe [fsrA4.tmp, fsrA5.tmp, fsrA6.tmp] What are these files and whut do i do with them?

    And thank you for ur help so far
    really appreciate it

    Attached Files:

  10. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Have HJT fix these 2 inactive entries.

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    Reboot your system.

    Delete the .tmp files on your desktop.

    Regards Howard :)

    This thread is for the use of Useless_backup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  11. Useless_backup

    Useless_backup Newcomer, in training Topic Starter

    Well i deleted the two entries in HJT and i deleted the .tmp files


    ty for help =)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.