Browser hijacked

By quaffin1 ยท 6 replies
Feb 1, 2009
  1. My internet explorer browser returns search hits, which appear proper, but the links associated with the search results take you to ad sites not the link for what the search was for. This appears on page one of the search results, if I go to page 2 or later it appears that the search results are ok. I have done all 8 steps and here are the log results. Any help will be appreciated.
    Also, I tried loading Firefox, as I was told that this browser was not easily hijacked. However, after loading Firefox, this browser is acting the same way. I have not uninstalled Mozilla Firefox, or IE, waiting to see what you guys suggest.

  2. mflynn

    mflynn TS Rookie Posts: 2,655

    OK do the below..

    Update then run SAS
    Click Preferences-Repairs

    Then counting down from top do the following entries
    Numbers 6, ,8 11, 12, 13, 15, 18, 19, 20, 23 and 24!



    Download SD Fix to Desktop.

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.
    Download ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here:
    Or here:

    Double click combofix.exe follow the prompts.

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

  3. quaffin1

    quaffin1 TS Rookie Topic Starter

    performed all steps

    Ran SAS and performed repairs suggested.

    Ran SDFix and then Combofix

    Finally ran HJT

    HEre are the latest logs.

    I haven't tried new internet search yet, to see how things are working.
  4. quaffin1

    quaffin1 TS Rookie Topic Starter

    Hooray Hooray Thankyou!!!

    After my last post, I ran IE and did some basic internet searches.
    They all came back normal, no hijacking........
    I even started up Mozilla Firefox and did some searches, all was well
    with Firefox also...

    Thank you Thank you.

    This has been causing me greif for several weeks..

    I am curious, can you tell from the logs what type of hijack that I fell victim of??

    And how I might have stumbled on it, so as to keep from going thru this again.

    Mike, Thanks again.

    I see you are in Lexington. I am in Apex NC
    This is a work laptop and I wanted to get it fixed without going thru our IT dept.

    Currently they are gracious and allow us fairly free reign with personal software and personal business on our company laptops. Several of my competitors companies have strictly locked their laptops and forbid any software that is not company approved or installed to be used. I am afraid that if too many employees run to our IT dept. with viruses or hijack problems, they will just lock us down to alleviate this problem. As we travel all week, every week, it is nice to be able to play around abit while on the road.

    Thanks again.
  5. mflynn

    mflynn TS Rookie Posts: 2,655

    OK looks good!

    What is the status of the initial issue of redirection and over computer performance? or anyting else?

  6. mflynn

    mflynn TS Rookie Posts: 2,655

    Ok we were posting at the same time.

    Check here for the Thread closing and suggestions for more protections.


    I did not take the time to see where this came from and hard to do.

    Can get this stuff from almost anywhere Web, Downloaded music, games, videos and social networking sites such as myspace etc,but I believe many come from Emails. Go thu the closing and use the cleaners and especially HostMan and you will be way ahead of most in protection and preventive maintenance. This is your thread check back until you are used to running the maintenance.

    Thread closing-------------------------------------------------------------------

    Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

    Remove ComboFix
    combofix /u
    Hit enter or click OK.

    Please download OTCleanIt

    Save to desktop.

    This will remove all the tools we used to clean your computer.

    Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

    Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

    If prompted to Reboot click, Yes.
    OTCleanit will delete itself when finished, If not delete it by yourself.

    Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    Run ATF-Cleaner Temp and Registry, repeatedly until no more found.

    Fantastic cleaner.
    The issues can and are likely found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.

    Every two weeks or so, run MBAM and SAS until clean.

    They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

    If they find something they can not clean, then get back to us.

    Additionally run CCleaner. ATF-Cleaner and KCleaner.
    I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

    It was designed to be used with and to co-exist with other Virus scanners.

    Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

    It's like looking at it with 2 sets of eyes and from a different angle.

    It works like some Firewalls do to learn what is good/bad.

    After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

    As it queries you about the prompt to help you determine to approve or not you can google it with one click.

    Look at

    Run SpyBot ocassionally and use the Immunize function.

    I highly reccomend Hostman: Hostman

    Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

    A Disk Scan (chkdsk) and Defrag are in order.

  7. quaffin1

    quaffin1 TS Rookie Topic Starter

    Cleaning up after all is fixed

    Thanks Mike
    I will perform the cleanup from the work we did.
    Also will download the suggested tools for future scanning and protection.

    This is exactly what I needed.

    you've been a big help.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...