TechSpot

Google search results hijack - 8+ steps complete; including ComboFix

By smkewagon
Nov 12, 2009
  1. Greetings all:

    Thanks in advance for your help on this annoying issue.

    System Specs:
    Windows XP - Sp3
    Default browser - Firefox
    Also installed - IE (never use it)
    AV/Firewall - TrendMicro PC-cillin Internet Security 14 - updated daily

    Here is the history of the problem:

    1) Two days ago, my wife was using the computer and mistakenly accepted a trojan from the malicious tool Antivirus System Pro.

    2) Upon finding my computer in shambles, I was able to stop the AVSP process and download Malwarebytes.

    3) Upon running Malwarebytes, the major issues associated with AVSP were resolved, however all search results remained hijacked. As such, over the course of the next day I minimized time spent on the internet and didn't use any search functions.

    4) Finally, this morning, I stumbled across this forum and undertook the 8 steps - adding the ComboFix steps outlined in several other threads here.

    Results of the 8+ steps:

    1) Run full scan with installed AV software: Done. Ran a full scan of TrendMicro - PC-cillin this morning and the following file was quarantined and deleted: TROJ_FAKEAV.BJW.

    I then re-ran PC-Cillin and received no notifications of infected files.

    2) CCCleaner: Ran 3 times.

    3) Disable Real-time Monitoring: Done.

    4) Malwarebytes: Ran 2 times - no incidents detected - log attached.

    5) SuperAntiSpyware: Done - incidents detected - log attached.

    6) Update Java: Done

    7) Hijack This: Done - log attached.

    8) Attach Logs: Done

    Additionally, I researched my problem on this forum and found that ComboFix was frequently required to make a diagnosis...as was running ComboFix with a specific script, both of which I've done. Both ComboFix logs are attached to this post.

    Finally, as of the posting of this message, I have re-enabled my real-time scanning via TrendMicro.

    Any and all help would be GREATLY appreciated.....

    Thanks a ton in advance, everyone!!!
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    So are you running normally now?
     
  3. smkewagon

    smkewagon TS Rookie Topic Starter

    Yes...my system appears to be stable and unaffected by the AntiVirus System Pro infection. TrendMicro is running normally and real-time monitoring is on.

    Links in Google and Yahoo search results are still being hijacked, however. Though, after the 8+ steps, the hijacking is intermittent, as opposed to every time.....
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...