Browser hijacked in search

By tmmmandm
Apr 16, 2010
  1. my browser is hijacked whenever i do a search
    sometimes the first click works ok, but every subsequent search is jacked to some spammy page

    I have cleaned the system for 4 days with every tool at my disposal. All scans come back clean, yet this hijacking still occurs

    I tried to upload my 3 files here, but this system wont allow it. says i already uploaded here:

    Please help
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    I will check the logs and handle them on this thread. I've asked the moderator to move the logs to this thread.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    This is most likely the problem:
    O18 - Filter hijack: text/html - {20aaac1e-cd9f-4fe4-9b75-d4b99a7d0e24} - C:\WINDOWS\system32\mst123.dll
    MST123.DLL = (Adware.Vundo/Variant-MSFake)

    It is usually found in Superantispyware, but got through yours. There were also 2 Favorites that were infected. If you still have either of these, please delete them:
    Browser Hijacker.Favorites

    Please run the following programs:
    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
      Important! Save the renamed download to your desktop.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls.
    • Double click on the setup file on the desktop to run
    • If prompted to download and install the Recovery Console, please do so.
      (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
    • If prompted to update, please allow.
    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.
    Run Eset NOD32 Online AntiVirus Scanner HERE
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    You also need to reset the Cookies to prevent the Tracking Cookies. It appears that you don't remove them:
    Reset Cookies
    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    Please leave the Combofix report and Eset AV scan in your next reply.

    Please don't run any other cleaning program or scanners while I am helping you unless I instruct you to. Don't run a Registry cleaner or make any changes to the Registry.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Due to inactivity, this thread is being closed. If the original member needs further help with this, please send a PM to the helper and the thread can be reopened.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...