Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting Rid of Beesq.net Hijack


  • Please log in to reply
8 replies to this topic

#1 redglare

redglare

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 PM

Posted 10 November 2013 - 11:36 PM

I would like help to get rid of the Beesq.net browser hijacker. Occasionally, when I am doing a search on Internet Explorer or Firefox, I am directed to a page for Beesq.net rather than the page I intended to go. This is the only symptom I am aware or besides Internet Explorer running very slowly. Beesq.net has not replaced my home page.

 

In an effort to get rid of the browser highjack, I ran full scans of my computer using both Malwarebytes Anti-Malware and Super AntiSpyware. After running both scans, Beesq.net popped up again while using Google search on Firefox. Please offer some guidance on how I can get rid of the Beesq.net browser highjack.

 

Thank you!



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:38 AM

Posted 11 November 2013 - 12:53 AM

Hello -

If you have an Antivirus program installed, please runn a Full Scan now.

If you do not have an Antivirus program installed, please tell me and I will help you install one -

 

Most of the time, you do not need special tools, as these Add-ons are Extras that you have downloaded with other programs. They can mostly be removed by resetting your browser and by Deleting the problem program from Add / Remove in XP, or from Programs and Features in Vista / Win7 and 8.

 

* Remove a Redirect from Internet Explorer (IE)
• Open Internet Explorer, click on the "gear icon" (Tools for Windows XP users) at the top (far right), then click again on "Internet Options".
• In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button.
• In the Reset Internet Explorer settings section, check the "Delete personal settings" box, then click on Reset.
• When Internet Explorer finishes resetting, click Close in the confirmation dialogue box and then click OK.
• Close and open Internet Explorer.

 

* Remove a Redirect from Mozilla Firefox
• At the top of the Firefox window, click the "Firefox button", go over to the "Help" sub-menu (on Windows XP, click the Help menu at the top of the Firefox window), and select "Troubleshooting Information".
• Click the "Reset Firefox" button in the upper-right corner of the "Troubleshooting Information" page.
• To continue, click "Reset Firefox" in the confirmation window that opens.
• Firefox will close and be reset. When it’s done, a window will list the information that was imported. Click "Finish"

 

* Remove a Redirect from Google Chrome
• Remove the Redirect extensions from Google Chrome.
• Click the Chrome menu button on the browser toolbar, select "Tools" and then click on "Extensions".
• In the "Extensions" tab, remove (by clicking on the Recycle Bin) the "Proxy Tool, PortaldoSites Toolbar, Yontoo, BrowserProtect" and any other unknown extensions from Google Chrome.
• Set Google Chrome default search engine from the Redirect site to Google.
• Click the Chrome menu button, then select "Settings" and click on "Manage search engines" in the Search section.
• In the Search Engines dialog that appears, select "Google" and click the "Make Default" button that appears in the row.
• Search for the Redirect program in the Search Engines list, and click the X button that appears at the end of the row.
• Change Google Chrome homepage from the Redirect program, back to its default. Click the Chrome menu button, then select Settings and click on "One the New Tab page" in the "On Startup" section.

First start by looking in Programs and Features for the program to see if it is listed and you can Uninstall it from there.
 

 

If you are not able to find beesq.net then please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear. It may last from a few seconds to about a minute -
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -

Important: Do not reboot your computer until you complete the next step.
Now -
Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Next - Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Next - Download Malwarebytes' Anti-Malware Free (aka MBAM)
* Double-click mbam-setup.exe and follow the prompts to install the program.

** Do not install the Free Trial Version at this time .....
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer if required after you post the log.

 

 

If you still have a problem please read the directions from Here on the use of TDSSKiller

 

 

Thank You -



#3 redglare

redglare
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 PM

Posted 11 November 2013 - 02:24 AM

Thank you for your help. I don't have an antivirus program and would appreciate your advice on which one to use. Below are the requested reports for RKill, ADWCleaner and Malwarebytes.

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/11/2013 12:34:05 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (PID: 344) [FI]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * helpsvc => %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

 * C:\windows\System32\drivers\mqac.sys : 91,776 : 06/22/2009 05:48 AM : eee50bf24caeedb515a8f3b22756d3bb [NoSig]
 +-> C:\windows\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 05:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
 +-> C:\windows\$NtServicePackUninstall$\mqac.sys : 72,960 : 08/03/2004 11:58 PM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
 +-> C:\windows\$NtUninstallKB971032$\mqac.sys : 72,960 : 08/03/2004 11:58 PM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
 +-> C:\windows\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 12:39 AM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
 +-> C:\windows\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 05:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 11/11/2013 12:35:14 AM
Execution time: 0 hours(s), 1 minute(s), and 9 seconds(s)

 

 

# AdwCleaner v3.012 - Report created 11/11/2013 at 00:39:08
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dad - THETICK2
# Running from : C:\Documents and Settings\Dad\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater15.2.0
Service Deleted : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\goforfiles
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Dad\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Dad\Local Settings\Application Data\filetypeassistant
Folder Deleted : C:\Documents and Settings\Dad\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\Dad\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Dad\Application Data\goforfiles
Folder Deleted : C:\Documents and Settings\Dad\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Dad\Application Data\SpeedyPC Software
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3302996
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\6upbsfej.default\prefs.js ]

[ File : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pauxrj9u.default-1384151337468\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2767 octets] - [28/08/2013 20:54:07]
AdwCleaner[R1].txt - [6827 octets] - [11/11/2013 00:36:56]
AdwCleaner[S0].txt - [2841 octets] - [28/08/2013 20:57:31]
AdwCleaner[S1].txt - [6934 octets] - [11/11/2013 00:39:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6994 octets] ##########

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.10.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dad :: THETICK2 [administrator]

11/11/2013 12:46:54 AM
mbam-log-2013-11-11 (00-46-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280303
Time elapsed: 26 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:38 AM

Posted 11 November 2013 - 05:02 AM

Is your computer any better now, or are you still working on it -

From the reports above, you do need to be careful when you are on the internet.

 

You do need an Antivirus so this is the minimum .........

Here is a list of the more commonly used Free Antivirus programs at the moment, and a few pointers on the small add-ons not to install with them

Free Antivirus programs: (choose and install only one).
* avast! Free Antivirus <- includes Google Chrome pre-checked by default during installation but gives you the option to uncheck
* Microsoft Security Essentials
* BitDefender Antivirus Free Edition
* Avira Free Antivirus <- includes Ask.com Toolbar pre-checked by default during installation
* AVG Anti-Virus Free Edition <- includes AVG Security Toolbar - AVG Secure Search pre-checked by default during installation but gives you the option to uncheck



#5 redglare

redglare
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 PM

Posted 11 November 2013 - 10:14 PM

Thanks Aussie Addict, Everything seems to be running ok now. When reading your list above I realized I do have AVG Anti-Virus running on my computer. What could I have done differently with AVG to keep me from getting infected with Beesq.net?

 

Thank you.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:38 AM

Posted 12 November 2013 - 12:44 AM

If you have found AVG, please Update the program to be sure that it is current, and then run a full scan with the program.

You must make sure the progran is Active and scans on a regular basis -

 

The program that you complained about was one that you installed along with some other download.

There are lots of little bits that show up in AdwCleaner as "Add-ons" to downloads .

 

This is where you need to take care and never use Torrent programs, as these are always carrying infections.

Also Update and Scan with Malwarebytes every week -

 

Thank You -



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:38 AM

Posted 14 November 2013 - 05:02 AM

Hi -

Post back in a week if there are still problems, or just tell us if all is OK then -

 

Regards -



#8 redglare

redglare
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 PM

Posted 17 November 2013 - 12:27 AM

Aussie, I have seen no signs of Beesq.net since you directed me on how to get rid of it. Thanks for all of your help!



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:38 AM

Posted 17 November 2013 - 12:54 AM

No problem, glad to hear it -

I will take the topic off my watch, so please start a new topic if you have other problems -

 

Regards from the crew at Bleeping Computer -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users