Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HomePage/Search Engine Hijack


  • This topic is locked This topic is locked
2 replies to this topic

#1 eh_fella

eh_fella

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 20 February 2009 - 04:09 AM

Symptoms
Firefox homepage (Google) will not load; it loops between loading google.co.uk and google.com. Error message reads: 'Redirection limit for this URL exceeded. Have you disabled or blocked cookies for this site?'

Google search hijacked - clicking the displayed link will bounce me to one of several misc. websites. mamma/dawnsearch - other search engines basically.

Links clicked in a browser window now open in a new tab from Google. Usually the Google search would open in the existing tab.

HDBHO.dll picked up by Ad-aware, removed, but reinstalled itself straight away.

Attempted Solutions
XoftspySE
Lavasoft Ad-aware
AVG (Free)
Dr Web-Cure-It (Recommended from here)

All run in Safe Mode - except Ad-aware, which was barely working?

Observations
I looked up some running processes using the start-up list. I know they're two different things, but the below are all some form of trojan/worm etc:
wscntfy
alg
wdfmgr

The following are files which might be new:
wmiprvse

I have seen the following before:
smss
csrss
lsass

This problem has also affected IE7 search results from Google. My laptop still runs IE and FF fine.



Snip!


NB: I have AutoCAD 2007 installed and found DDS wouldn't run (loaded into notepad and all I could make out was 'must run in Win32 mode.' I couldn't find the .scr file name to reset how it runs (Folder Options > File Type). Some googling led me to a nifty site with a download which installs a reg key to do this; the url is dougknox.com/xp/file_assoc.htm


Thanks in advance :thumbup2:

Edited by eh_fella, 20 February 2009 - 10:16 AM.


BC AdBot (Login to Remove)

 


#2 eh_fella

eh_fella
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 20 February 2009 - 10:21 AM

Hi all,

I have snipped my original post because I have freed myself of the nasty Trojan!

What Was It?
Trojan BHO.H - hdbho.dll

How'd You Fix It
After reading other topics some more, I decided to try a few programmes. Malwarebyte's Anti-Malware picked up reg files and dll files, but actually removed them. The hdbho.dll file was removed on reboot.

IE and FF are running fine again; I'm just running scans in MWB, Ad-Aware and AVG a final time to make sure all nasties are gone.

Cheers :thumbup2:

I guess a nice mod can close this now too?

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:56 AM

Posted 20 February 2009 - 11:12 AM

Thanks for informing us.

This Topic is closed.

If you find other problems please start a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users