Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Apparently removed TNT2user/search us.com - but how can I be sure?


  • This topic is locked This topic is locked
4 replies to this topic

#1 Andora

Andora

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 15 June 2013 - 11:36 AM

I caught TNT2user.exc search us.com from a CNET download. It affected (apparently) only FF, where it replaced the google search bar, removed all FF preset search options, and redirected both home page as well as pages in new tabs to search us.com.

I tried to set it back by a system restore to several days before the occurrence. That did not work, repeatedly the restore failed to take. I rebooted in safe mode and did a restore again. This time it worked, but the browser hijacker was still active and well.

I then found instructions to uninstall a program called TNT2user.exe, but there was no such program. I suspect my system reboot may have obliterated that bit already.

I did find a folder called TNT2 somewhere similar to this URL C:\Dokumente und Einstellungen\DD\Anwendungsdaten\TNT2\, which I completely deleted. However, the browser still pointed at search us.com.

I then located user.js within the mozilla folder, and edited out all references to search us.com, restarted, everything appeared to be clean. I then updated FF and it appears to work as it is supposed to do. The google search bar is back, all the options are back as they should be.

The IE appears to be untouched by all this, it wasn't running when I caught that hijacker.

However, I have no means to check whether all instances of this thing are gone. I want to be sure, that nothing faxes data to someone, that my passwords get sent on or whatever.

So please, is there a relatively quick means to verify that my computer is now clean and not telephoning home to "mama"?

Thanks ahead for your help :)

Edited by Andora, 15 June 2013 - 11:37 AM.


BC AdBot (Login to Remove)

 


#2 Andora

Andora
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 16 June 2013 - 02:16 PM

So where do I post this to get an answer, please?



#3 Andora

Andora
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 17 June 2013 - 04:18 AM

Still looking for help.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:26 PM

Posted 18 June 2013 - 09:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:26 PM

Posted 24 June 2013 - 08:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users