Has my browser been hijacked? Virus?

By Computard
Jan 24, 2009
  1. For some reason now when i open FireFox and try to search, every subject ends up with the same url's like,,, etc. when i hit back i get the error message //This site is under construction!// 2 ??? Searching is now ineffective. I usually use yahoo. i tried google. Same thing happens. I tried using I.E. and same thing??????

    I have run AVG and it finds nothing. Same thing with malwarebytes.

    I can not figure this out. Any help would be GREATLY appreciated. Many thanks!

    HJT log attached:
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Probably some Malware ;)

    Here's some good advice in what to do about it

    Uninstall your AVG Antivirus
    Then run the removal tool
    Here is the 32Bit version (most users):
    Here is the 64Bit version:

    Uninstall your McAfee Antivirus
    Then run the McAfee Removal Tool


    Reset Internet Explorer Settings (RIES)

    Run Startup Control Panel and remove any not required startups: (should be most!)

    Install Avira free AntiVirus

    Proceed to and complete: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

    Reply back with the logs ;)
  3. Computard

    Computard TS Rookie Topic Starter

    Virus still not found

    Thank you so much for your help Kimsland. I very much appreciate it.

    I have tried to follow your instruction. I could not get the file research center to download for the Superanti spyware. Its says the install script is missing. Is this what you use to make the log???

    Also, the problem is still persisting. Here are my logs so far. Your instruction did clear many unfound problems though. Still there must be a virus. I will try and attach some screenshot of what is happening when i type in random searches as well. the same spam url's show up.

    thank you very much for your help Kimsland.

    Attached Files:

  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well I'd remove all of the below

    Re-open HJT run a scan, and tick all the following boxes
    Close any Internet Applications
    Then select fix
  5. Computard

    Computard TS Rookie Topic Starter


    This thing will not go away! still showing the same urls no matter what i search. it puts all these different web address' like spam???

    should i try that last HJT list again in safemode? a lot of em were on another user sign in also.

    maybe i'm missing somethin else. hmmmmmm

    here's the latest HTG log from my user. any other ideas?

    i dont know if this helps but the url's that keep showing up in the searches are:,,,,, etc.. and many others.

    i cant search anything to try and find out what virus this is or how to fix. anyhelp you could give is much needed and greatly appreciated.

    thank you

    does it mean anything that when i enter a search it says in the lower bottom right corner waiting for and then goes to the manipulated search results??

  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    These are the only things that are not really required:
    I'd also uninstall any Google or Yahoo search in Add\Remove programs

    You could also do this:

    Download Combofix
    Lots of info on its use h e r e
    Direct download h e r e

    Save it to a location that you can easily find later (in Safe Mode) ie directly to C drive

    Restart your computer to Safe Mode (by repeatedly pressing F8 on your keyboard before Windows starts)
    Log into your Administrator account
    Locate the previously downloaded Combofix
    Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)

    Once Combofix has finished, save the log file to be attached to a new reply
    Restart back to Normal mode, and attach the Combofix log
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...