TechSpot

Search engine hijacked, please help

By tytoalba
Mar 8, 2009
  1. Hi. I'm hoping that someone can help me out. My computer is infected with a nasty little bug. Whenever I try to click on a websearch, regardless of search engine used or Mozilla or IE, when I click on the returned links, the browser skips past the actual link and throws me onto a random advertisement page. I've already run through the 8 steps, but nothing seems to get rid of the problem. Attached are my logs. Can anyone help me? Thanks! I really appreciate it!!
     

    Attached Files:

  2. tytoalba

    tytoalba TS Rookie Topic Starter

    Can somebody please help me? Pretty please!? My computer is driving me crazy!
     
  3. kritius

    kritius TS Guru Posts: 2,084

  4. tytoalba

    tytoalba TS Rookie Topic Starter

    Thanks so much for your help. The first three entries cleaned up without a problem, however the last one is proving a bit more difficult to get rid of:

    O18 - Filter hijack: text/html - (no CLSID) - (no file)

    This entry does not go away when I attempt to "Fix" it, and my web searches are still being hijacked. Any suggestions?
     
  5. kritius

    kritius TS Guru Posts: 2,084

    Run a fresh scan a post the log file back
     
  6. tytoalba

    tytoalba TS Rookie Topic Starter

    Okay, here's my latest log...
     
  7. kritius

    kritius TS Guru Posts: 2,084

    go to start>Run and type regedit,

    Go to here
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
    Right click on text/html and delete it

    Run Hijackthis, close all windows except it and then delete the entry if still there.
     
  8. tytoalba

    tytoalba TS Rookie Topic Starter

    Hi. I tried to run regedit through the Run prompt on the Start menu, but I couldn't get it to open. It looked like it was trying to open, but then my desktop went blank and all of the icons popped back on again after a few seconds. I tried to navigate directly to "regedit.exe" and open it directly, but it still wouldn't run. So, I copied it and pasted it into a new folder and renamed "regedit.exe", then I could run it and delete. The "O18 - Filter hijack: text/html - (no CLSID) - (no file)" entry is now gone from my Hijack log (see attached). However, my Web Browser is still redirecting search links. Thanks again so much for your help. Any suggestions on how to proceed from here?
     
  9. kritius

    kritius TS Guru Posts: 2,084

    Run MBAM again and make sure you delete what it finds, this was not done previously.

    Then post the log back here.

    EDIT

    While your waiting

    Download RatsCheddar

    It contains a program written by Rathat, and it is a Policy Controller.
    Save and extract this program to the desktop.
    Once extracted, Double click on the RatsCheddar.exe file.
    Enable everything, then click Exit
    Reboot your Computer.
     
  10. tytoalba

    tytoalba TS Rookie Topic Starter

    This seems to have done the trick. I ran Malwarebytes again, and it picked up 2 bugs that it didn't detect the first time. I fixed these issues, and now everything is running smoothly (also ran RatsCheddar). Thank you SO much for your help! You guys provide an incredible service here!
     
  11. kritius

    kritius TS Guru Posts: 2,084

    Just to be on the safe side,

    Run Kaspersky online scanner

    With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed

    Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.

    Do not go surfing while your resident protection is disabled!

    Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.




    Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:

      o Scan using the following Anti-Virus database:

      o Extended (If available, otherwise use standard)

      o Scan Options:

      o Scan Archives

      o Scan Mail Bases
    • Click OK
    • Under select a target to scan, select My Computer
    • The scan will take a while so be patient and let it run.
    • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
    • Click the Save Report As... button (see red arrow below)



      [​IMG]


    • In the Save as... prompt, select Desktop
    • In the File name box, name the file
    • In the Save as type prompt, select Text file (see below)



      [​IMG]


    • Include the report in your next post.

    Also lets try this again.

    go to start>Run and type regedit,

    Go to here
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\

    And tell me whats there.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...