Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked


  • Please log in to reply
5 replies to this topic

#1 jdietz

jdietz

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bluefield, WV
  • Local time:11:23 AM

Posted 04 October 2007 - 06:19 AM

A friend has brought me her Gateway with the browser hijacked. In safe mode it works fine but in regular the desktop is gone and if you can get it to the internet it goes anywhere but where you want it to.

I jave loaded and ran Spybot, Stinger, & Hijackthis. Spybot cleaned up it's portion, stinger found nothing, and the hijack log looked ok.

What other tool do you think would help?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:23 AM

Posted 04 October 2007 - 08:35 AM

...and the hijack log looked ok.

Are you trained in the use and investigation of the entries listed in the log this program generates? Most of the log entries are required to run a computer and removing essential ones can potentially cause serious damage to your system. HijackThis relies on experts to interpret the log entries and determine what needs to be fixed. You should NOT fix anything yourself without consulting a expert as to what to fix. Doing so could adversely impact your system.

What OS (Win XP/2000, etc) are you using? What type of anti-virus are you using as I don't see one mentioned in your list of tools used? Have you tried doing your scans in "SAFE MODE"? Are you doing scans while logged into the Administrator's account or an account with administrator privileges?

If you don't have any anti-virus, see BC's list of Freeware Replacements For Common Commercial Apps. There are several free online anti-virus scans listed which you can perform as well. I would also recommend that you download and scan with SUPERAntiSpyware Free in "SAFE MODE".
Please update the defintions before performing a scan. If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 jdietz

jdietz
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bluefield, WV
  • Local time:11:23 AM

Posted 04 October 2007 - 02:52 PM

OS Windows XP sp2
Anti virus Norton. When Debbie installed Norton it did not install correctly and what ever is going on will not let it load correctly.
All scans were done in safe mode with administrator login.
I am not trained in reading Hijack logs. However, as I have been working as a PC tech since 96 I can sometomes spot obvious problems.

Do you think DrWeb-Cureit would help?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:23 AM

Posted 04 October 2007 - 05:08 PM

Do the SUPERAntispyware scan.

Download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "safe mode".

Then perform at least one of these online Virus scans:
(The following require Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.)
BitDefender Online Scanner <- Add a check by "Autoclean".
ESET Nod32 Online Scanner (Vista compatible)
F-Secure Online Scanner <- Be sure to follow the directions on the F-Secure page for proper Installation. (also checks for rootkits).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 jdietz

jdietz
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bluefield, WV
  • Local time:11:23 AM

Posted 06 October 2007 - 03:35 PM

Ok!

I have scanned this computer with all of your suggestions and cleaned the found errors. The browser hijack was a rouge anti-virus app.I ran a cleaner just for it and that took care of the hi-jack but I had to go into regedit and edit the display. It had added a line to the registry so the background was it's add and it would not let me change it.

I am wondering if I should turn off auto restore and delete all save points in case something in there is infected?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:23 AM

Posted 06 October 2007 - 10:09 PM

If you have cleaned out all the malware, you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recent Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users