Browser hijack [google redirect to random sites]

Status
Not open for further replies.
U

Useless_backup

Posts: 10   +0
the links at the result of search engines are redirecting me to random sites (usually btcar) I have scanned my computer with AVG Spybot and f-secure and found nothing that is important [found tracking cookies with AVG].

Here is my HJT logfile

anyhelp is appeciated
 
Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of Useless_backup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Well reformating, I consider as my "last option" if this whole thing doesnt work out. So cleaning would be the choice for me

My latest HJT log


thanks for responding =)
srry for late response =/
 
Your HJT log is clean.

I want to check for rootkits.

Download and run the Blacklight programme. follow all the instructions carefully.

I`d also like to see an AVG Antispyware log. Please post it as an attachment.

Let me know the results.

Regards Howard :)

This thread is for the use of Useless_backup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Sorry bout posting the log file not as attachment again =/ im runing avg right now ill post asap

I ran AVG plus F-secure Blacklight
I found something on Blacklight (kdhlz.exe) but I didnt rename it as I had a strange feeling I would regret it but the attached reports will show u.
 

Attachments

  • hijackthis.log
    8.2 KB · Views: 6
I can find no info for the kdhlz.exe file. Therefore, the chances are that it`s bad.

Your HJT log is still clean.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

kdhlz.exe

Close task manager.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\kdhlz.exe

Reboot into normal mode and rehide your protected OS files.

Let me know how your system is running.

Regards Howard :)

This thread is for the use of Useless_backup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I have done everything u said but there is one problem, I couldnt find kdhlz.exe in safe mode. Ive looked through windows explorer [used search also] and also by running cmd. After doing all that i recall the option of renaming this program thrgouh blacklight, would this be a wise choice?
 
After doing all that i recall the option of renaming this program thrgouh blacklight, would this be a wise choice?
Click to expand...

Yes, that would be a very wise choice.

Let me know the results.

Regards Howard :)

This thread is for the use of Useless_backup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Well... I found two hidden procceses when I searched with Blacklight again... but kdhlz.exe was renamed as u can see in my attachements. But the good thing is that my search engine results are back to normal. I also have to ask about 3 files that were placed on my desktop when renaming kdhlz.exe [fsrA4.tmp, fsrA5.tmp, fsrA6.tmp] What are these files and whut do I do with them?

And thank you for ur help so far
really appreciate it
 

Attachments

  • hijackthis.log
    8.1 KB · Views: 5
Have HJT fix these 2 inactive entries.

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Reboot your system.

Delete the .tmp files on your desktop.

Regards Howard :)

This thread is for the use of Useless_backup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
634
Feng Lengshun
F
D
Google is changing how it shows search results to European users
Replies
1
Views
162
Mr Majestyk
M
Daniel Sims
Google Chrome now targets ads based on your browser history, here's how to turn that off
Replies
10
Views
647
trieste1s
T

Latest posts

Back