Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack Malware Problem


  • Please log in to reply
3 replies to this topic

#1 slycer

slycer

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, IL
  • Local time:07:20 AM

Posted 09 August 2008 - 01:47 AM

I was watching some videos on Google Video today, and one of them prompted me to install a codec. Not thinking, I went ahead and did it. Ever since then, I've been having problems. The first problem I saw was that some program called XP Antivirus 2008 had installed itself. My background had also been changed. The first thing I did was install Spybot S&D, but this did not work. It would get about halfway through the scan, and then pop up with something like, "It is recommended that you reboot and rerun the scan..." This happened a few times, coming up with various stuff until before telling me I needed to reboot. At one point, it came up with Smitfraud-C. I finally just stopped the scan and installed XoftSpySE, which I've had pretty good luck with in the past. After updating to the most recent definitons file, it came up with a bunch of stuff: Zlob, Peed JOP trojan, some type of BHO trojan, and a bunch of cookies. I was able to clean these, rebooted, and ran it again. This time, it came up with some browser hijackers, something called 'OneStepSearch', and then when Windows started this time, it was like I had just installed Windows. The background image was the standard XP rolling hills picture, all of the icons on the desktop, with a few exceptions, were the default icons. All of the folders in My Computer said that the files in them were hidden for my protection. When I started Internet Explorer, it went to the MSN runonce wanting me to set up the defaults for IE7. I went to Google to search for something, and that was when I realized that my browser had been hijacked. I went back to the desktop, and saw that it had changed again, also, now saying "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer."
Sorry that I've been so long winded, but I figured the more details, the better. Here is my HiJackThis log:

Edited by garmanma, 09 August 2008 - 08:02 AM.
removed log-issue resolved


BC AdBot (Login to Remove)

 


m

#2 Guest_BlackBurst_*

Guest_BlackBurst_*

  • Guests
  • OFFLINE
  •  

Posted 09 August 2008 - 02:00 AM

that "Antivirus" thing that installed itself is malware in disguise. I was just reading about it earlier today. But you probably figured that out already. If I were you I'd do a system restore to a date before this download happened. You can't trust the warning messages from the fake Antivirus software. Even if it gets rid of some other viruses, it's a ploy to get you to buy their antivirus products at best. keep trying the older system restore points. i'm sure other people will have some ideas as well. And make sure you DONT GO BACK TO THAT WEBSITE.

A word of advice about codecs. Don't install most of them. In modern times you can avoid codecs by running alternative programs that have them built in. For example, to watch WMV's you could use VLC player instead. Or for DivX movies you could use Ace DivX Player (which has a lot of built in codecs) and just update it by downloading the latest DivX pack from the main website. Most internet movies are in flash, MPEG1 or MPEG2, WMV. AVI's are kind of primitive. Even digital cameras are moving away from AVI toward MPEG4. DivX can be useful at times. If you find that you're on a webpage that requires a missing codec, try downloading the file and playing it with a standalone player. If that doesnt work, you might be able to find the exact same movie content on a completely different website. Perhaps in a totally different format.

I hope my info has been accurate and useful.

#3 Adamsappleone

Adamsappleone

  • Members
  • 152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Arizona

Posted 09 August 2008 - 02:18 AM

I was watching some videos on Google Video today, and one of them prompted me to install a codec. Not thinking, I went ahead and did it. Ever since then, I've been having problems. The first problem I saw was that some program called XP Antivirus 2008 had installed itself. My background had also been changed. The first thing I did was install Spybot S&D, but this did not work. It would get about halfway through the scan, and then pop up with something like, "It is recommended that you reboot and rerun the scan..." This happened a few times, coming up with various stuff until before telling me I needed to reboot. At one point, it came up with Smitfraud-C. I finally just stopped the scan and installed XoftSpySE, which I've had pretty good luck with in the past. After updating to the most recent definitons file, it came up with a bunch of stuff: Zlob, Peed JOP trojan, some type of BHO trojan, and a bunch of cookies. I was able to clean these, rebooted, and ran it again. This time, it came up with some browser hijackers, something called 'OneStepSearch', and then when Windows started this time, it was like I had just installed Windows. The background image was the standard XP rolling hills picture, all of the icons on the desktop, with a few exceptions, were the default icons. All of the folders in My Computer said that the files in them were hidden for my protection. When I started Internet Explorer, it went to the MSN runonce wanting me to set up the defaults for IE7. I went to Google to search for something, and that was when I realized that my browser had been hijacked. I went back to the desktop, and saw that it had changed again, also, now saying "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer."
Sorry that I've been so long winded, but I figured the more details, the better. Here is my HiJackThis log:


You might want to post this HERE

Multi-Boot, Vista Ultimate x64, Windows 7 x64 & Windows 8 Pro x64

Posted Image


#4 slycer

slycer
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, IL
  • Local time:05:20 AM

Posted 09 August 2008 - 02:30 AM

My apologies. I knew this, but I'm so frustrated with this bleeping computer (pun intended), that I simply forgot. Thanks. If a mod reads this, could you mark it resolved? Thanks again.

Edited by slycer, 09 August 2008 - 02:36 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users