Yet Another Broswer Hijack thread

Status
Not open for further replies.

endassey

Posts: 8   +0
Basically being redirected through this copybook website website from Google. This is happening on all three of my networked PCs.

Hijackthis log included.

Any help would be appreciated.
 
Hello endassey

Run MBAM again to make sure it comes up clean. Post Log!

based on what the MBAM log shows now when MBAM is clean do the below:

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

Mike
 
Ok, so I've run MBAM again and once clean I ran Combofix.

Logs are attached.
 

Attachments

  • mbam-log-2008-11-19 (23-47-35).txt
    1.6 KB · Views: 9
Prime example of assuming you are clean. As you can see from the logs MBAM found additional Malware and not just puppies but aggressive Pit Bulls!

And even after that Combofix found more and extra mean baddies also at that!

So we run both again this run should do it. If they do come up clean then post a HJT log last.

Mike
 
Logs attatched, once again, however the redirection still continues.
 

Attachments

  • log.txt
    33.2 KB · Views: 5
Good morning

The last MBAM had removed items that we need to confirm it did not expose more that the 1st run did not see.

MBAM need to be run once more to confirm clear.

If you did run and forgot to post the log, then run mbam click Logs and send me the last log newest date.

HJT Scan only select and remove
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Mike
 
Logs attached. Thanks for your help so far, but I'm still having the problem even after doing all of this.
 

Attachments

  • mbam-log-2008-11-21 (07-04-21).txt
    2 KB · Views: 5
No doubt!

MBAM still not clean! Do not run it or HJT again until requested.

Do the below.

Download SD Fix to Desktop among other things Catchme to look for RootKits.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-clickto RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Copy attach Report.txt file to your next post.

The run Combofix again! Get me that log!

Mike
 
Ok, so I tried running SDFix, and all that came up was a blue MSDOS Screen, which flashed up then off. I didn't have the option to press Y nor to press enter nor anything else for that matter.
 
Try looking at your add-ons with Toolbar Cop (Majorgeeks.com). You can disbale each if you are not sure about it, and you can delete them, too. A very handy tool for the box.
 
Well there is some reason for that problem.

So lets do some steps to get it to run which should uncover that reason.
-------------------------------------------------------------------------------------------------------------------------------------
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".

Then

Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

Since you had Malware in System Volume Information (System Restore) and Shadow copies this needed to be done any way.

This is if you have the Volume Shadow Copy running which is the default.
----------------------------------------------------------------------------------------------------------------------------------

D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html
----------------------------------------------------------------------------------------------------------------------------------
Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

Have XP CD available in case DAF needs a file.

Check all boxes on the screen (clear any restrictions if it shows any) correct time if needed. Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here 1 at a time do the below

Repair Permissions
Repair WMI/WBEM ( not reinstall)

Watch for any File not found or other errors and make note as this may lead to the fix!

Reboot retest!

----------------------------------------------------------------------------------------------------------------------------------
Reboot after this and re download SDFIX (in case it was somehow damaged in the download process) and then try it again!
---------------------------------------------------------------------------------------------------------------------------------

Mike
 
Ok I forgot you had Vista.

Next

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

Mike
 
Status
Not open for further replies.
Back