TechSpot

Yet Another Broswer Hijack thread

By endassey
Nov 19, 2008
  1. Basically being redirected through this copybook website website from Google. This is happening on all three of my networked PCs.

    Hijackthis log included.

    Any help would be appreciated.
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. endassey

    endassey TS Rookie Topic Starter

    I've follow all the instructions, here are my logs.
     
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    Hello endassey

    Run MBAM again to make sure it comes up clean. Post Log!

    based on what the MBAM log shows now when MBAM is clean do the below:

    ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall

    Mike
     
  5. endassey

    endassey TS Rookie Topic Starter

    Ok, so I've run MBAM again and once clean I ran Combofix.

    Logs are attached.
     

    Attached Files:

  6. mflynn

    mflynn TS Rookie Posts: 2,655

    Prime example of assuming you are clean. As you can see from the logs MBAM found additional Malware and not just puppies but aggressive Pit Bulls!

    And even after that Combofix found more and extra mean baddies also at that!

    So we run both again this run should do it. If they do come up clean then post a HJT log last.

    Mike
     
  7. endassey

    endassey TS Rookie Topic Starter

    Logs attatched, once again, however the redirection still continues.
     

    Attached Files:

    • log.txt
      File size:
      33.2 KB
      Views:
      5
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    Good morning

    The last MBAM had removed items that we need to confirm it did not expose more that the 1st run did not see.

    MBAM need to be run once more to confirm clear.

    If you did run and forgot to post the log, then run mbam click Logs and send me the last log newest date.

    HJT Scan only select and remove
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Mike
     
  9. endassey

    endassey TS Rookie Topic Starter

    Logs attached. Thanks for your help so far, but I'm still having the problem even after doing all of this.
     

    Attached Files:

  10. mflynn

    mflynn TS Rookie Posts: 2,655

    No doubt!

    MBAM still not clean! Do not run it or HJT again until requested.

    Do the below.

    Download SD Fix to Desktop among other things Catchme to look for RootKits.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-clickto RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Copy attach Report.txt file to your next post.

    The run Combofix again! Get me that log!

    Mike
     
  11. endassey

    endassey TS Rookie Topic Starter

    Ok, so I tried running SDFix, and all that came up was a blue MSDOS Screen, which flashed up then off. I didn't have the option to press Y nor to press enter nor anything else for that matter.
     
  12. Cybelex

    Cybelex TS Rookie Posts: 46

    Try looking at your add-ons with Toolbar Cop (Majorgeeks.com). You can disbale each if you are not sure about it, and you can delete them, too. A very handy tool for the box.
     
  13. mflynn

    mflynn TS Rookie Posts: 2,655

    Was that just installing or trying to run it after install?

    Mike
     
  14. endassey

    endassey TS Rookie Topic Starter

    Trying to run after install.
     
  15. mflynn

    mflynn TS Rookie Posts: 2,655

    Well there is some reason for that problem.

    So lets do some steps to get it to run which should uncover that reason.
    -------------------------------------------------------------------------------------------------------------------------------------
    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".

    Then

    Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    Since you had Malware in System Volume Information (System Restore) and Shadow copies this needed to be done any way.

    This is if you have the Volume Shadow Copy running which is the default.
    ----------------------------------------------------------------------------------------------------------------------------------

    D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

    http://www.majorgeeks.com/ATF_Cleaner_d4949.html
    ----------------------------------------------------------------------------------------------------------------------------------
    Download Dial-A-Fix (DAF)
    http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
    http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

    Have XP CD available in case DAF needs a file.

    Check all boxes on the screen (clear any restrictions if it shows any) correct time if needed. Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here 1 at a time do the below

    Repair Permissions
    Repair WMI/WBEM ( not reinstall)

    Watch for any File not found or other errors and make note as this may lead to the fix!

    Reboot retest!

    ----------------------------------------------------------------------------------------------------------------------------------
    Reboot after this and re download SDFIX (in case it was somehow damaged in the download process) and then try it again!
    ---------------------------------------------------------------------------------------------------------------------------------

    Mike
     
  16. endassey

    endassey TS Rookie Topic Starter

    Ran all up to Dial-a-Fix, which said it couldn't run because I'm running vista. :(

    What's next?
     
  17. mflynn

    mflynn TS Rookie Posts: 2,655

    Ok I forgot you had Vista.

    Next

    ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall

    Mike
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...