TechSpot

Firefox hijacked

By Argyrios
Jul 6, 2009
Topic Status:
Not open for further replies.
  1. I think I also have the google redirecting worm. I have scanned with malware byzes, with spybot and with McAfee and it always keeps coming back.
    I attach my log with Hijackthis
    How will i get rid of this? My system is also so slow...


    Thx a lot
  2. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    First tell us how much memory you have on that Toshiba, and how much free space on the hard drive.
    You do apparently have something lurking there.
    I would remove Spybot with Teatimer, and adaware,
    Then run Avira Antivir or Avast, followed by SuperAntiSpyware once more, MalwareBytes, and Windows Defender... It could take three or four hours before you are done... Run everything you can in SAFE MODE.
    Then repost here for the experts.
    You might want to look elsewhere on this forum for the 8 Steps... they will have to be individualized to your system.
  3. Argyrios

    Argyrios Newcomer, in training Topic Starter

    Thx for the reply,

    I have 2000 Gb RAM and 5 Gb free on my harddrive. If needed I can free more space.
    I will remove tha progs suggested and I will come back again
  4. Argyrios

    Argyrios Newcomer, in training Topic Starter

    Sorry about my post, I have 2 Gb and not 2000.
    Moreover I have tried running my system in Safe Mode but for some reason it will not repsond. I dont know why
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    A bit of added help- it is like a deja vous day for me so far! Every log I've checked shown an excess of processes running. That means they are on the startup menu, start on boot, then run in the background. THAT'S why you're slow.

    Malware shows in HijackThis follows. But it will require that you run the other two programs, Malwarebytes and Superantispyware, follow with new HJT and attach all three logs.

    First, you need to disable the Real Time Protection:

    Disable AdWatch:
    • Right click on the Ad-Watch icon in the system tray.
    • At the bottom of the screen there will be two checkable items:
      [o] Active: This will turn Ad-Watch On\Off without closing it.
      [o]Automatic: Suspicious activity will be blocked automatically.
    • Uncheck both of those boxes.
    (When done, you can re-enable it using the same steps but this time check both boxes.)

    SPYBOT TEATIMER
    • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
    • On the left hand side, click on Tools, then click on the Resident Icon in the list.
    • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
    • Click on the "System Startup" icon in the List
    • Uncheck the "TeaTimer" box and "OK" any prompts.
    • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    • Exit Spybot S&D when done.
    • When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.

    Then run Mbam, SAS : links here: http://www.techspot.com/vb/topic58138.html
    and follow them with this:
    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Do not click on the ComoboFix window, as it may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Do new HJ scan when through.
    Attach logs from:
    Malwarenytes
    Superantispyware
    Combofix report
    New HJ log.

    Comment: I'd rather have you run everything in Normal Mode if possible. some entries don't show up in Safe Mode.
  6. Argyrios

    Argyrios Newcomer, in training Topic Starter

    So here are the logs from the scanning.
    Hope this will shed some light into this
    The second mabm log was after I removed the items found to be infected
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You have Superantispyware on the system but didn't give us a log. Do that please.

    Also, we need an AV scan and log.
    And new scan with HijackThis and new log.

    McAfee hides their log so it might be easier for you to do an online scan so we can see it:

    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Summary: Logs and reports:
    1. SAS
    2. AV
    3. New HJT.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.