Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked, Keeps coming Back


  • This topic is locked This topic is locked
81 replies to this topic

#61 dalamar23

dalamar23
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 27 August 2012 - 07:49 PM

i found that the hijack has spread to my other programs now. I tried opening hamachi and the interface is garbled.

BC AdBot (Login to Remove)

 


#62 dalamar23

dalamar23
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 29 August 2012 - 09:28 AM

Is there any reason I shouldn't try to run that online scanner and have it fix stuff as it goes?

#63 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,020 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 29 August 2012 - 09:32 AM

try it and send me the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#64 dalamar23

dalamar23
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 30 August 2012 - 06:24 PM

I had to run combofix a few times to even get ESET to start but I finally got it running. The scan got to 99% and found 7 threats before the system froze:

a variant of Win32/HackTool.Patcher.N application
a variant of Win32/AdInstaller application
Win32/OpenCandy application
a variant of win32/Soft32Downloader.B application
a varient of Win32/Hacktool.Patcher.N application
a variant of Win32/AdInstaller application
Win32/OpenCandy application

I'm assuming it waits till after the scan before removing these threats, so I don't think anything has been fixed. I've tried running ESET a couple more times but this was the only time it left something for me to see, both of the other times I got blue screens.

Hopefully this helps!

#65 dalamar23

dalamar23
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 01 September 2012 - 10:42 AM

is any of this useful to you?

#66 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,020 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 01 September 2012 - 11:51 AM

Please download Kaspersky Virus Removal Tool and SAVE it to your desktop

  • Right click and run as admin (xp please double click to run)
  • select lang
  • accept the license aggreement
  • click on settings (gear looking thing on the right)
  • put check mark in
    • system memory
      hidden objects
      disk boot sectors
      computer
  • go back to automatic scan
  • click on start scan
  • For this scan select skip for anything found
  • when the scan is complete click on the report button (looks like a peace of paper on the right of the gear looking thing)
  • on the left you will see
    status
    Detected threats<-- click on this one
    automatic Scan report
    Manual disinfection report
  • click on the save button
    save to a location that you can find it ( default is in the document folder)
  • copy and paste this report in your next post

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#67 dalamar23

dalamar23
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 01 September 2012 - 02:15 PM

I ran that one already... it didn't find anything last time. I'll run it again but it seems like we're going in circles...

#68 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,020 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 01 September 2012 - 03:14 PM

sorry i looked for it but didn't see it

I want to try this then - http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#69 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,020 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 03 September 2012 - 11:22 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#70 dalamar23

dalamar23
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 04 September 2012 - 03:02 PM

Sorry, I haven't had access to another computer with a cd burner until today. I'll burn the rescue cd and run it when I get home. Should have an answer for you late tonight or tomorrow morning.

#71 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,020 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 04 September 2012 - 09:21 PM

no problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#72 dalamar23

dalamar23
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 05 September 2012 - 07:11 PM

Ok, so I burned 4 rescue cds and they all froze at the "mounting disk /dev/hdc" part. Hoping that it was something wrong with my burner I used a different one this morning to burn 4 more and tested them all before bringing them home. Unfortunately, all 4 froze at the exact same point.

#73 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,020 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 06 September 2012 - 01:16 AM

what program are you using to burn them?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#74 dalamar23

dalamar23
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 06 September 2012 - 01:57 PM

for the first 4 cds I used the the burner that comes with Antivir. For the second 4 i used a mixture of Antivir, Nero, dvd decryptor and roxio. All of the last 4 disks booted fine on my work machine, but each one froze at the same point during the boot here at home.

#75 dalamar23

dalamar23
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 08 September 2012 - 09:23 AM

Any more ideas?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users