TechSpot

Google searches redirected - Browser Hijack

By sdhavali
Oct 24, 2009
Topic Status:
Not open for further replies.
  1. Hi all,

    My PC was infected with sdra64.exe virus. After many gruelling hours of hard work I was able to remove it.

    However My browser is still hijacked. Whenever I do a google search and click on any of the result I get redirected to random sites.

    I followed the 8 steps of malware removal exactly as mentioned. However the hijack still exists. (Both Explorer as well as Firefox)

    I am attaching all logs.

    Any Help will be greately appreciated.

    Thanks

    Sunil.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sunil, I took a quick look at the logs- I'll do the full review tomorrow.

    But I notice you have a pirated program:
    C:\DOWNLOAD\TORRENTS\EVERYTHING.YOU.NEED.TO.LEARN.RUSSIAN_[LAMARA8]\SOFTWARE\DECLAN RUSSIAN DICTIONARY\CRACK\KEYGEN.EXE

    You will need to remove this if you want our help.

    After you have done that, please do the following:
    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    When you have finished, attach the Combofix report in the next reply.

    Rescan with HijackThis and paste the log in next reply.

    Please stay away from the torrent sites while we are cleaning.
     
  3. sdhavali

    sdhavali TS Rookie Topic Starter

    Results of combofix.

    Hi Bobbye,

    I ran combofix as per your directions. However after the first blue window it said that it detected some rootkit activity and needs to reboot. When I clicked OK it rebooted but then nothing happened after that. I tried to run it one more time and the same thing happened. There is no activity after reboot nor any message from Combofix about finishing or terminating.

    There is only one file on c drive "Combofix" with no extension & size18 mb. However I am not able to attach it. It says I do not have permission to open the file. The file has no properties associated with it. I clicked on Properties and All I get is that it is of type 'File' and there are no ither property tabs. I am not sure if I am doing something incorrectly.

    Sunil
     
  4. sweettiff4prez

    sweettiff4prez TS Rookie

    try using combofix again. i had the same problem with google redirecting my sites. i tried anti-spyware, malwarebytes, hjack this, etc and it was still there

    i think combofix got it off my comp. i had the same thing pop up about a rootkey (might be a rootkey that was infected) and i rebooted and it said it finished and everything

    i think used ccleaner and i went in the search to test it out and nothing is redirecting

    now idid go turn off my computer and reboot to make for sure and so far so good.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    sweetiffy, I just posted to you on another thread NOT to be recommended anyone use Combofix. This is a program that should ONLY be run on the instructions of and with guidance from the helper. As I told you on that thread, you're not clean.

    sdhavali, have you removed the pirated program?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.