Google Links Hijacked

Status
Not open for further replies.
C

CaptainKirk

Hello,

First off, this site is awesome.

Next off, I think my dad has picked up a rather nasty beastie on his laptop. The symptom that tipped me off was that every Google/Yahoo link redirects to a different site (usually affiliated with AV2009). I see that this problem has cropped up several times on the first page of threads, but I do not want to hijack another thread.

I have followed the 8 steps and attached are the logs. Any help is greatly appreciated.
 
Okay, let's start here:
Andy and Joni need to get their Cookies under control. I do think they each have every Tracking Cookie on the internet!
Each account on this system needs this done:
Reset Cookies:
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies section> UINCHECK 'allow third party Cookies'> CHECK 'allow Cookies'.
Click to expand...

Put the following two Firefox add-ons on EACH account:
AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865
Easy List: http://easylist.adblockplus.org/
Get all three lists

Update Java:
Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 11 ): http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.
Click to expand...
Update Adobe:
Your Adobe Reader is out of date. Vulnerabilities can be exploited. Click here to download the latest version v9: https://www.techspot.com/downloads/2083-adobe-reader-dc.html
OR
Install the FoxIt Reader: this does the same thing as Adobe, but doesn’t have the bloat: http://www.foxitsoftware.com/pdf/rd_intro.php
Click to expand...
Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
(This is CLSID for mnyviewer.dll which is Mircrosoft Money)
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
(WhatPulse sends statistics on how much you type on your computer and ranks you based on that. It does not log your keystrokes, but only the counts of them.)
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe>> Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs.
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
Click to expand...
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:

The following are all "nuisance startups". They aren't needed on boot. Some will require additional file handling but we'll do that on next log.
Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK all of the following:
Real\Update_OB\realsched.exe" -osboot
HP Software Update\HPWuSchd2.exe
Java\jre1.6.0\bin\jusched.exe"
QuickTime\qttask.exe" -atboottime
Sonic\Update Manager\sgtray.exe" /r
Dell\QuickSet\quickset.exe (Dell taskbar icon allowing you to quickly change settings)
DSentry.exe (Anti-spyware from Dell for DVD)
Click to expand...
When through> click on Apply> OK

Control Panel> Add/Remove Programs> remove the following:
Any Java entry except v6u11
Any Adobe Reader except v9
Any Viewpoint entry
BroadJump\Client Foundation
Click to expand...

Reboot into Normal mode.
Run a new scan with HijackThis and attach the new log.
Please advise of what problem still exist since the cleaning programs were run.

Please explain to them that when they go to the game site PopCap and use the coupon sites, they are picking up numerous Tracking Cookies each time. So it's important to put those add-ons on Firefox.

.
 
Thanks for the help. It seems to be functioning normally (and much faster!) now.

I actually competitively use WhatPulse, but the other tips were right on. Attached is the new HJT file.

AVG detected the kit in sys restore, so I wiped the points and set a new one. I will probably do that again before all is said and done.

Thanks again.
 

Attachments

  • hijackthis2.log
    6 KB · Views: 7
awesome thread

This thread is so full of the information I am looking for at this time.
The steps to take, the cautions needed
And I agree, this site is truly awesome, and I have been reading thru many of them in the past 2 days.
Anyway, I am going to take into account the 8 steps, take my time and post things correctly and I'm sure I will also get this mess cleaned up toot sweet.

One question
How the heck did I get this darn av2009 in the first place. My McAffee is up to date and runs constantly with auto updates. Is this one of those things that sneak in the back door on emails? Sure would like to know how it came to live on my computer

Thanks for all the info in your thread
JoanEB
 
Alright, I don't know if this is related to the original problem, but it now does not boot and instead displays hard disk failure errors. Could this be some form of virus trickery, or is it just a brick?
 
You're welcome Joan.

Capt. Kirk, nothing we did should have caused a hard disc failure. But I need more information. Please read the information on the site below:
There is an apparent failure of the hard disk; the hard disk is not bootable nor accessible at all
http://www.pcguide.com/ts/x/comp/hdd/failFailure-c.html

Please note links to look for more specific error messages.

How far did you get in the instructions in my Post #2?
 
Status
Not open for further replies.

Similar threads

Shawn Knight
Google fully discontinues cache links in Search
Replies
9
Views
521
Tinderbox
Tinderbox
P
Cloudflare rejects demands to cancel its services in Russia
Replies
21
Views
2K
Geralt
Geralt
midian182
OnlyFans pauses Russian-based accounts
Replies
11
Views
1K
Srksi
Srksi

Latest posts

Back