Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Greatfeedmill browser redirect trojan


  • Please log in to reply
1 reply to this topic

#1 harrell801

harrell801

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 22 October 2009 - 07:02 PM

I got the trojan that redirects your web browser to greatfeedmill. It made it impossible to browse for anything. It also disabled my task manager and regedit. I tried PCtools, Avira and finally got rid of it with Malwarebytes. My AVG was slowly picking up the infected files but Malwarebytes got the rest of them first scan. I had to download Malwarebytes to another PC, then bring it to the infected PC on CD. I see several others are having this problem. Hope this helps. running XP Home, SP3.

BC AdBot (Login to Remove)

 


#2 bigbillyvegas

bigbillyvegas

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 31 October 2009 - 07:48 AM

Wow. What a mess this greatfeedmill hijacker is. My fix required three easy things to do...a Microsoft online scan, Startup control panel and Malwarebytes. The hijack is remedied after the first step. Steps 2 and 3 are for cleanup.

1. Run the online scan. You need to paste both lines of the link directly into your browser if you are currently having the hijack problem:

For Windows XP
http://onecare.live.com/
site/en-us/default.htm

For Windows Vista or Windows 7
http://onecare.live.com/
site/en-us/sandbox/default_scan.htm

I ran the scan utilility for about 20 minutes or so and I think it only got to 2% complete. This is O.K. I clicked Cancel and it then showed me what the problems were. Select the boxes to repair ALL of the files it identifies (one of which is calc.dll). Once it is done cleaning/repairing, reboot your PC.

After reboot, calc.dll and ntuser.dll are still trying to run but are failing since the files are gone.

2. Download and run startupCPL_EXE.zip

For all Windows
www.mlin.net//files/startupCPL_EXE.zip

I downloaded and ran the standalone version. I've used this program before and it is fantastic. Go through the tabs, then right-click and delete the references to calc

3. Run Malwarebytes and remove any other issues.

http://download.cnet.com/
Malwarebytes-Anti-Malware/
3000-8022_4-10804572.html
?part=dl-10804572&subj=dl&tag=button

Note that if you run Malwarebytes first (before doing the online scan), it will find the problem files, but is unable to remove them even after a reboot, so you are left in a hijacked state.

My PC is fixed, so let me know if this works for you too!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users