Inactive Browser hijacker problem

Status
Not open for further replies.
L

Linda81

My friend's computer has the same nasty piece of malware as Emily Nelson's parents' computers in the thread: possible-browser-hijacker-problem.204794

The computer's DNS server settings are being overridden and set to 75.126.206.18 and 184.173.169.186.

I have removed a lot of other malware with SuperAntiSpyware, but it didn't get rid of that one. I also tried Spybot Search and Destroy, but it got stuck in the middle of the scan. I installed Malwarebytes, but it dies shortly after starting. I also tried to install Adaware but the installer was prevented from downloading.

They have MacAvee suite installed, but it is being prevented from getting updates. They were hardly able to use the internet until I removed the other malware. Now it is working much better, but I would like to get rid of this malware too.

I also have followed the instructions in the above thread up until fixlist.txt. Bruni or anybody else with the ability, if I post the log files would it be possible for you to create a fixlist.txt file for my friend's computer? My friend and I would greatly appreciate it. Thank you.
 
I just wanted to point out that I can't provide a Malwarebytes log, since it won't run. Also I obviously meant MacAfee in the original post.
 
I have the following files, will they provide enough information to create fixlist.txt:

Addition.txt
AdwCleaner[R0].txt
AdwCleaner[S0].txt
ComboFix.txt
FRST.txt
JRT.txt
 
Welcome aboard


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Since MBAM won't run see if you can provide DDS logs.
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thank you for replying. I will go back to my friend's house late tomorrow afternoon and run DDS. In addition to the DDS logs, should I post all the logs I listed above. Thank you very much.
 
Yes, go ahead.

Also...

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 
I ran DDR, RogueKiller, and MBAR on my friend's computer. RogueKiller and/or MBAR removed the browser hijacker. I then removed the old restore points on the computer and created a new one. Thank you very much for your assistance. My friend was very happy to have their computer working properly again.
 
I'm glad to hear good news but this not the way to follow my rules.
One of them says:

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
Click to expand...
 
Status
Not open for further replies.

Similar threads

A
Pirated Windows installer found to contain crypto-hijacker, exploit EFI partition
Replies
11
Views
703
AndreV
A
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
476
eriksnyman1
E
losdavos
Malware removal help, please and thank you!
Replies
1
Views
828
losdavos
losdavos

Latest posts

Back