TechSpot

Possible browser hijacking

By fulham7
Apr 13, 2009
  1. I followed the removal guide. I have only one problem i am aware of. When i search for something on google all the results come up, 8/10 times i can click on a result and it goes to the page, the rest of the time it re-directs me to wierd websites.

    Would really appreciate some help!!

    Thanks again

    Rich
     

    Attached Files:

  2. touch

    touch TS Rookie Posts: 978

    Hello fulham7

    Download LSP-Fix and save it into its own directory. You can download LSP-Fix from the following location:
    http://www.bleepingcomputer.com/files/lspfix.php
    Once the file is downloaded navigate to where you saved the file and double-click on it to start the application
    Click on -> I know what I'm doing - then – Finish – button

    Reboot.

    Please download Combofix:
    http://subs.geekstogo.com/ComboFix.exe

    And save to the desktop.

    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    http://www.fromsej.saknet.dk/billeder/cfscript.gif

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report, as attached file

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  3. fulham7

    fulham7 TS Rookie Topic Starter

    Log

    Did everything right i think :)

    Hopefully you can shed light on things with this then.

    Rich
     

    Attached Files:

    • log.txt
      File size:
      19.2 KB
      Views:
      6
  4. touch

    touch TS Rookie Posts: 978

    It looks right ;)

    Unfortunality have you a large number of infections, therefore will you please check the below files for Me ->

    Show hidden files and folders
    Click Start button, then go to Programs, Accessories and click on Windows Explorer.
    Select the Tools menu and click Folder Options.
    Select the View Tab.
    Under the "Hidden files and folders" heading please check Show hidden files and folders.
    Uncheck the Hide protected operating system files (Recommended) option.
    Click Yes to confirm.
    Click OK.


    Upload and have these files scanned:
    c:\windows\SYSTEM32\ws2_32.dll
    c:\windows\SYSTEM32\DRIVERS\tcpip.sys

    Here

    http://virusscan.jotti.org/ or here http://www.virustotal.com/en/indexf.html


    Post back the results
     
  5. fulham7

    fulham7 TS Rookie Topic Starter

    Results

    tcpip.sys = virustotal.com/analisis/cd67cbdfea62a9b1efd6424c8504394a

    and cant find w22_32.dll at the moment

    report back when found!! :)

    Rich
     
  6. fulham7

    fulham7 TS Rookie Topic Starter

    ive found w2s_32.dll doh!!

    Taking forever to scan so il upload when i can.

    Thanks for all the help!
     
  7. touch

    touch TS Rookie Posts: 978

    Ok. Most important is Tcpip sys are clean.

    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    http://www.fromsej.saknet.dk/billeder/cfscript.gif

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report, as attached file.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  8. fulham7

    fulham7 TS Rookie Topic Starter

    ws2_32.dll

    Just scanned -

    virustotal.com/analisis/9bb8b5e6b3de7ca104212a15b38bdf31

    Thanks again will upload the other bit in sec

    Rich
     
  9. fulham7

    fulham7 TS Rookie Topic Starter

    log report

    hopefully this will help you :)

    Regards

    Rich
     
  10. touch

    touch TS Rookie Posts: 978

    It looks clean to Me :)

    Please attach new hijackthis log
     
  11. fulham7

    fulham7 TS Rookie Topic Starter

    log

    On my way to returning the hijack this log to you it did this again -

    the browser redirects me to this page alot

    web-mediaplayer.net/installation/update/

    Thanks again

    Rich
     
  12. touch

    touch TS Rookie Posts: 978

    That´s odd :confused:

    Download http://eric.71.mespages.googlepages.com/LopSD.exe
    by Eric_71 and save it to your desktop.
    Lop S&D will only run on Windows XP and Windows Vista

    Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
    Double-click LopSD.exe
    Choose the language by typing of the corresponding letter and press Enter
    Click OK at the informative window
    Type 2 to choose Option 2 (Fix + Hosts), then press Enter.

    Wait until the end of the scan have finished

    A report will be generated, attach the contents of it in your next reply.
     
  13. fulham7

    fulham7 TS Rookie Topic Starter

    Google

    still being redirected from google grr

    Regards
     
  14. touch

    touch TS Rookie Posts: 978

    Which link/s are you redirected to ?

    LopScript
    Highlight the contents of the quote Box below, then right-click and choose Copy

    Double click LopSD.exe to start the program.
    Choose the language by typing of the corresponding letter and press Enter
    Click OK at the informative window
    Type 4 to choose Option 4 (LopScript), then press Enter
    A blank page will be opened, right-click it and choose Paste
    Close the page, you'll be asked to save it, click Save
    Don't close the window during suppression!
    Wait until the end of the scan.

    A report will be generated, attach the contents of it in your next reply.

    (Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...