Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need free solution to browser hijack virus please


  • Please log in to reply
8 replies to this topic

#1 zlloyd1

zlloyd1

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia Beach
  • Local time:01:17 AM

Posted 07 June 2013 - 03:06 PM

I have somehow managed to pick up a virus that is redirecting my browser to a site called hotstartsearch.com when I do a Google search. :axe: Apparently, this is a well known virus that affects browsers that is picked up from installing freeware applications, which opens a different search engine when you try to use Google, Yahoo, Bing, and several other search engines in a browser. It happens when I click on the page where the search results are, and opens a new tab with the new search engine on it. :smash:

This is frustrating, because although it is only mildly annoying now, I have heard that this will get worse, and worse until it finally begins to crash my system completetly. :ranting:

I have found many solutions to remove this infection online, but most want money to do so, or they provide extremely complicated instructions to manually remove this issue.... :blink:

I am hoping that someone can give me a free, or at least less costly solution to removing this problem, as it seems to have deleted all of my restore points, and I have no other knowledge of how to get rid of things like this.

 

I am using Windows 7 Home Premium, on a Dell xps8300 desktop PC, and generally use Firefox as my browser.

PLEASE someone help me get rid of this!! :clapping:



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:17 AM

Posted 07 June 2013 - 03:30 PM

Many toolbars, Add-ons, screensavers, and weather monitoring programs come bundled with other software (often without the knowledge of the user) and can be the source of various issues and problems to include Adware/browser hijacking. Even if advised of a toolbar or Add-on, many folks do not know that it is optional and NOT necessary to install in order to operate the program. Toolbars and Add-ons can usually be removed via Add/Remove Programs or the Programs and Features in Vista/Windows 7/8, so always check there first.

If the program is not listed in Add/Remove or Programs and Features, the next place to check is your browser Add-ons.

-- If using Internet Explorer, please refer to:-- If using Firefox or Google Chrome, please refer to:-- Repeat the above steps for any other toolbars/add-ons/extensions you do not want or don't recognize. When done post back and advise if you are still having issues.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 zlloyd1

zlloyd1
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia Beach
  • Local time:01:17 AM

Posted 07 June 2013 - 04:11 PM

Many toolbars, Add-ons, screensavers, and weather monitoring programs come bundled with other software (often without the knowledge of the user) and can be the source of various issues and problems to include Adware/browser hijacking. Even if advised of a toolbar or Add-on, many folks do not know that it is optional and NOT necessary to install in order to operate the program. Toolbars and Add-ons can usually be removed via Add/Remove Programs or the Programs and Features in Vista/Windows 7/8, so always check there first.

If the program is not listed in Add/Remove or Programs and Features, the next place to check is your browser Add-ons.

 

-- If using Firefox or Google Chrome, please refer to:


-- Repeat the above steps for any other toolbars/add-ons/extensions you do not want or don't recognize. When done post back and advise if you are still having issues.

 

I have done all of these steps, and it is not listed in Add/Remove Programs, or in the Add-ons for Firefox....  :killcomp:

I recognize that I probably got it as part of one of those ridiculous bundled installations, but I do not know which one exactly, and it appears to have deleted asll of my existing restore points so I cannot just roll my computer back to get rid of it. 

I have done everything that I have found as suggestions, or advice, and it is still there. There is NOTHING on my computer that is called hotstartsearch at all, so I have no idea how to hunt this thing down. :scratchhead:

As I stated, I have tried EVERYTHING to get rid of this, including completely removing, and reinstalling Firefox, but it is stubborn, and will not leave. :smash:

PLEASE HELP!!!!

 



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:17 AM

Posted 07 June 2013 - 04:48 PM

Please perform a scan with AdwCleaner by Xplode and remove any unknown Toolbars, adware and potential unwanted programs (PUP). You can refer to these instructions: How To Use AdwCleaner

Please download Junkware Removal Tool thisisujrt.gif and save it to your Desktop.
  • Close all open programs and shut down any protection/security software now to avoid potential conflicts.
  • Double-click on JRT.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 zlloyd1

zlloyd1
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia Beach
  • Local time:01:17 AM

Posted 08 June 2013 - 09:21 AM

Alright, I downloaded, and ran both of these, but the AdwCleaner did not perform as described??

I clicked search, and it opened a text file, but that was all it did....

The Junkware Removal Tool seems to have done the same thing, created a text file/log, but neither of these made any changes that I can see??

Also, the JRT text file does not say anything really, but this is what was there:

 

Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by zllo on Sat 06/08/2013 at 10:24:41.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders




~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/08/2013 at 10:26:58.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Did you want me to post the AdwCleaner file too here?? :wizardball:


Edited by zlloyd1, 08 June 2013 - 09:30 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:17 AM

Posted 08 June 2013 - 09:29 AM


Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A.4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After the scan, make sure that everything is checked and then click the Remove Selected button to remove all the listed malware.
  • When done, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner. Users who have previously completed the trial will not be prompted to start the trial upon upgrade or reinstallation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:17 AM

Posted 08 June 2013 - 09:29 AM

Then download and scan with the Kaspersky Virus Removal Tool from one of the following links and save it to your desktop.Be sure to print out and read the instructions provided in:
  • Double-click the setup file (i.e. setup_11.0.0.1245x11_2012_18-23_13_03.exe) to install the utility.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • The required files will be exracted and installed...be patient as this will take a few minutes.
  • At the 'Welcome!' windows, check the box next to I accept the license agreement and click Start.
  • A new window will open with two tabs (Automatic Scan and Manual Disinfection) and two icons on the right.
  • For a more comprehensive (but longer) scan, click the icon which looks like a round gear, Click Scan Scope and place a check mark in the box next to Local Disk (C:).
    System memory, Hidden Startups and Disk boot sector boxes should already be checked by default.
  • Click on the 'Automatic Scan' tab, and click the green Start scanning button to begin.
  • The time to finish and percentage completed will show as the scan is in progress...Important! Do not use the computer during the scan.
  • If no threats are detected, exit the program.
  • If threats are detected, you will be prompted for action: Disinfect, Delete if disinfection failes.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • When finished, click the rectanular notepad icon > select Detected threats > click on to highlight and click the Save icon to save the results as a text file...name it avptool.txt).
  • Copy and paste the report results of avptool.txt with any threats detected in your next reply.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 zlloyd1

zlloyd1
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia Beach
  • Local time:01:17 AM

Posted 08 June 2013 - 09:56 AM

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A.4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After the scan, make sure that everything is checked and then click the Remove Selected button to remove all the listed malware.
  • When done, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner. Users who have previously completed the trial will not be prompted to start the trial upon upgrade or reinstallation.

 

Alright, I ran botht the Malwarebytes scan, and the Kaspersky scan, and neither of these seemed to find anything, but this is what the Malwarebytes returned a s a log file:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.08.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
zllo :: ZLLO-PC [administrator]

Protection: Enabled

6/8/2013 10:37:54 AM
mbam-log-2013-06-08 (10-37-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207713
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

As I said, both scans came back negfative on finding any issues, but I know that I am still being plagued by this anooying redirect problem!! :huh: :huh:



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:17 AM

Posted 08 June 2013 - 10:07 AM

This issue will require further investigation and a more comprehensive look at your system. Many of the tools we use in this forum are not capable of detecting (repairing/removing) all malware variants so more advanced tools are needed to investigate. Before that can be done you will need to create and post a DDS log for further investigation.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, it would be helpful if you replied back in this thread with a link to the new topic so we can closed this one. Good luck and be patient.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users