Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

not getting anywhere - google hijack


  • This topic is locked This topic is locked
15 replies to this topic

#1 fleurc

fleurc

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 12 January 2009 - 02:44 PM

hi guys, here's hoping someone can help

my browser has been hijacked, and google is giving a page of false results, with attempts to make them more genuine by combining spammy sites with text from the next page of real results

i have now run webroot, malwarebytes, superantispyware and stopzilla and also registry mechanic and regcure to no avail

been at it for hours now, and its driving me mad, dont understand why none of these programmes are locating the problem

i am attaching my hijackthis files in the hope that one of you clever peeps can see whats going on

thanks in advance, heres hoping

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:35 PM

Posted 13 January 2009 - 06:26 AM

Hi,

I don't see anything suspicious in your log.
Does this appear to be the infection you are dealing with? : http://miekiemoes.blogspot.com/2008/10/fak...archengine.html
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 fleurc

fleurc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 13 January 2009 - 08:35 AM

hi there, thank you so much for taking the time to post, you guys are fab, and really make up for the losers out there that think this stuff is clever

yes, it looks just like this, and i did indeed somehow end up buying stopzilla last night, praps not a coincidence!

however i have looked in the system32 main folder, and cant find any of the files you mention

I have run a search, and found two files that i presume are the legitimate ones?

they are in windows\system32\drivers and also windows\servicepackfiles\i386

very good news the hijackthis log looks clean, as been worrying dreadfully that this script is copying passwords and the like

if you are able to provide any further assistance on where to go from here, I would be tremendously grateful, have totally lost a day and a half of my life trying to get to the bottom of it

thanks again and take care

#4 fleurc

fleurc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 13 January 2009 - 08:38 AM

soz, have just found two files in C:\WINDOWS\system32 both called wdmaud and propeties tell me that they are device drivers created in 2005 and both having been accessed today

should i delete them?

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:35 PM

Posted 13 January 2009 - 08:45 AM

should i delete them?

No, don't delete anything if you're not sure.

Do next instead..

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 fleurc

fleurc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 13 January 2009 - 08:54 AM

you are a superstar, will run this now, and post as soon as able, thanks ;0)

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:35 PM

Posted 13 January 2009 - 08:58 AM

OK. Normally Combofix should already delete it though (if no new variant already) :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 fleurc

fleurc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 13 January 2009 - 10:31 AM

breathing properly again now, fantastic, that has fixed it, you are an absolute star, cant tell you how grateful i am, was beginning to think it was a void i would be permenantly stuck in!!!

I know it says in instructions to upload the logfile, so am doing so, but all seems well with my computer again now

THANK YOU, you have restored my faith in the internet universe at large, when i have some money in my paypal account, will for sure send a donation to thank you for your valuable time

take good care, and long may you keep us all safe!!

Attached Files



#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:35 PM

Posted 13 January 2009 - 10:34 AM

Hi,

Yes, Combofix already fixed it. There's however one thing to restore though (set default data for the aux value), so do next please..

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"="wdmaud.drv"

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Then * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Edited by miekiemoes, 13 January 2009 - 10:34 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 fleurc

fleurc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 13 January 2009 - 10:50 AM

ok cool, have followed that process through, again, bless you ;0)))

can i beg a bit more of your time, I have read your prevention page, and have to say totally up to speed on all this

with one exception, i have spysweeper, malwarebytes running, and yesterday also downloaded microsoft defender and stopzilla as mentioned which i have now removed

they all seem to pick up different stuff, hence it seems logical to have multiple layers of protection to me, but also see your point

is spysweeper adequate do you think? seems the best to me in my experience, and better than both norton and macafee that i had in the past

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:35 PM

Posted 13 January 2009 - 11:03 AM

Hi,

Spysweeper is OK though, but it is mainly an Antispywarescanner, so it won't detect viruses etc and won't be able to disinfect them either. That's why it is still important to have an Antivirus present and running.

Spysweeper is not for free either, so if you're not planning to purchase it, then I suggest you uninstall it. The same applies for other shareware programs you have installed where the trial already expired.

In anyway, having more than 1 different Antispyware program installed isn't bad, but I don't recommend to have them all running in the background, because they cause an extra system slowdown. An Antivirus should always be enabled though.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 fleurc

fleurc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 13 January 2009 - 11:56 AM

webroot spyweeper is now antivirus and antispyware, and I have the paid option

what do ya reckon good enough??

thanks again, you have literally made my day!

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:35 PM

Posted 13 January 2009 - 11:57 AM

Hi,

Since you have Spysweeper with the Antivirus included and purchased it, then you should be OK - it's certainly good enough :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 fleurc

fleurc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 13 January 2009 - 12:22 PM

fantastic, thank you for everything

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:35 PM

Posted 13 January 2009 - 12:44 PM

You're most welcome :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users