Browser Hijacker

Status
Not open for further replies.
M

mretzloff

Posts: 116   +0
Hello. I'm new here, so if this post if out of place, or anything please let me know :)

Recently, when I access the web through Mozilla Firefox (2.0.0.2 or whatever the latest is), I occasionally get redirected to Disney's homepage.

I was told by a friend that it might be a browser hijacker. I ran Ad-aware and Spybot S&D (the latest versions of both). Then I ran Hijack This but had no clue what to delete (I did delete/fix some files that my friend told me to). Nothing worked :(

Could anyone help me? Thanks!
 
Hi mretzloff and welcome to techspot. =)

Hope you enjoy your stay here with us.

Important: Please read this thread HERE before you decide whether to clean or reformat your system.

Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps to cleaning your computer.
Do follow all the instructions exactly.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste if not it will be ignored and/or removed by the moderators.
The logs will enable us to understand that much more about the problems on your system.


Regards,
Your friendly Momok =)

This thread is for the use of mretzloff only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hello and welcome to Techspot.

I have merged your new thread into this one. Please continue to post in this thread.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Run the Ccleaner programme as per step9 of the instructions HERE.

6. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log and AVG Antispyware log.

Regards Howard :wave: :wave:

This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 

Attachments

  • avengerscript.txt
    492 bytes · Views: 5
How often should I scan? Should I do all this (and the instructions in the pinned thread) once a week?
 
Just follow the instructions in my post above and nothing more.

Regards Howard :)

This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Threads merged. Please don`t open any more threads for this. Thanks.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

Regards Howard :)

This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
your AVG needs to have options set as it's reporting NO ACTION TAKEN :(
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

.NET Framework Service (.NET Connection Service)<Disable the service name and/or the name in brackets.

Close the services window.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\svchost.exe
C:\windows\ALCXMNTR.EXE

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let us know how your system is running.

Regards Howard :)

This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok, thanks.

I do have a few questions:

1). Should I download one of those firewalls you recommend? If so, should I leave on or turn off Windows XP's firewall?

2). I've been using the admin (the only account on my comp.). Why do you say not to? How can I create another?

3). How often should I scan?

4). When scanning should I use the instructions in your previous post or in the thread "Malicious software...."?

5). Could you give me a step-by-step instruction guide on what to scan with which programs?

Thanks for the time and help.
 
1). Should I download one of those firewalls you recommend? If so, should I leave on or turn off Windows XP's firewall?
Click to expand...

Yes, you should download and install one of the recommended firewall programmes. It should automatically turn off the Windows firewall.

2). I've been using the admin (the only account on my comp.). Why do you say not to?
Click to expand...

All I said, was boot into safe mode under your normal username(NOT THE ADMINISTRATOR ACCOUNT). That`s because some of the stuff on your desktop may not show up under the admin account.

3). How often should I scan?
Click to expand...

Once your system is clean, once every week or so should be fine.

4). When scanning should I use the instructions in your previous post or in the thread "Malicious software...."?
Click to expand...

Follow the instructions in my post and post any requested logfiles.

5). Could you give me a step-by-step instruction guide on what to scan with which programs?
Click to expand...

I can, but at the moment, I`d prefer to get your system cleaned up first.

Now, follow the instructions in my post above, then post a fresh HJT log as requested.

Regards Howard :)

This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Quote:
2). I've been using the admin (the only account on my comp.). Why do you say not to?
Click to expand...
All I said, was boot into safe mode under your normal username(NOT THE ADMINISTRATOR ACCOUNT). That`s because some of the stuff on your desktop may not show up under the admin account.
Click to expand...
May I add that, it would be wise to actually create and use a limited account with certain system settings restricted? I believe it would actually help make your system safer by using that limited account for doing most of your work/play or whatever you do on your computer. But you can do that after you're done with the cleaning process that Howard shall guide you through.

To learn how to create a new user account, please see HERE.


Regards,
Your friendly Momok =)

This thread is for the use of mretzloff only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
It appears you haven`t install any firewall software. I suggest you do so ASAP.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint
Symantec
LiveUpdate

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Viewpoint Manager Service
Automatic LiveUpdate Scheduler
LiveUpdate

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewpointService.exe
ALUSchedulerSvc.exe
LUCOMS~1.EXE

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Viewpoint<Delete the entire folder.
C:\Program Files\Symantec<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post what should be a final HJT log.

Regards Howard :)

This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Why delete those programs (I'm just curious)?

Also, which out of the 3 firewalls you mentioned, would you recommend I get?
 
The Viewpoint programme is not good and should be gotten rid of asap. It is known to put adware on your computer.

The Symantec stuff is from when you were running Symantec/Norton and is a left over. Again, it needs to go, as it`s just using system resources.

Any of the firewalls are good, especially Comodo and Zonealarm. Try whichever firewall takes your fancy. If you don`t like it, uninstall and try another one.

Don`t forget to post a fresh HJT log.

Regards Howard :)

This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok. Could you please give me a step-by-step guide on how I should scan every week (such as which programs to run, etc.)? Also, should I post my Combofix, Avenger, HJT, and AVG Antispyware logs in here every week?
 
You need to have your Antivirus and firewall programme running at all times in the background, as they are now.

There`s no need to post any further logfiles, unless you start having further problems.

Here`s a list of programmes I recommend to help keep your computer safe.

Spybot Search & Destroy.

Ad-Aware se personal.

Spyware Blaster.

AVG Antispyware.

Ccleaner.

The rest of the programmes you used, such as Combofix/Vundofix/The Avenger etc etc can be gotten rid of and are for specific uses only.

I recommend you scan your system once a every week or two. Other than that, providing you`re not having any problems, you should be ok.

You might want to take a look at this thread HERE. It`ll show you how you can keep your computer more secure.

This is what I do with my system when I do a system scan.

I make sure that all my antivirus/firewall and antispyware programmes are fully updated. Then, I do a full system scan with my antivirus programme, followed by SS&D, then Ad-Aware and finally AVG Antispyware.

I don`t visit dodgy websites, nor do I download lots of stuff and I definitely don`t click on anything, unless I know exactly what it is. If you follow these few simple rules, the chances of your system being infected are greatly reduced.

Regards Howard :)

This thread is for the use of only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
So in my case I'd these (in order):

1). Avast!
2). S&D
3). Ad-aware SE
4). AVG Antispyware

Should I run SpywareBlaster? After 30 days, can I still use AVG Antispyware?

Thanks :)
 
Yes, that`s correct.

Spyware Blaster only needs updating and doesn`t actually run in the background. Once it`s been updated, just enable all protection and close the programme. See the Spyware Blaster tutorial HERE.

Regards Howard :)

This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

H
Freezes after BSOD
Replies
10
Views
1K
bazz2004
B
B
Solved Bestprosoft
Replies
23
Views
3K
Broni
Broni
S
At loss: Kernel virus or something else
2
Replies
30
Views
7K
Soup Stand
S

Latest posts

Back