Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


us.yhs4.search.yahoo.com and ipv4.google.com browser redirect

  • Please log in to reply
No replies to this topic

#1 zeromang


  • Members
  • 1 posts
  • Local time:06:44 AM

Posted 10 July 2014 - 03:00 AM

A few days ago, I made the mistake of downloading a free blu ray software, "Pot Player," which, unknown to me, also bundled a program with it called "Layer" onto my Windows 7 64 bit desktop.  Immediately I noticed that both my browsers, Internet Explorer, and Google Chrome had been hijacked.  My work forces me to use Internet Explorer, but I prefer to use Google Chrome for every day use.  Initially, the hijacker would reveal searches through "us.yhs4.search.yahoo.com" on both browsers.   I uninstalled "Pot Player" and "Layer" immediately through "control panel" and "programs and features."  I then visited bleeping computer and sites like it for methods of eliminating the remaining malady.  From the advice of one site, I employed adwcleaner, junk removal tool, malwarebytes, and hitman pro.  Each found various elements for quarantine and deletion, and I did just this.  I also deleted both browsers' histories and cookies, and reset the browsers to their original settings.  I then deleted google chrome and reinstalled it.


Today, when I went to use chrome, I was given a captcha image and taken to ipv4.google.com.  The same problem struck when I loaded internet explorer a second later.  It was then that I began to suspect that I had a more pernicious software on my hands.  I ran TDSskiller, but it did not detect anything.  Sophos detected two files, one named "ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ" and another with a similar name, but did not recommend deleting them.  I left them there as is.


Finally, on the advice of another bleeping computer thread, I have isolated several randomly named .tmp files in C:\Users\<user name>\AppData\Local\Temp that, when deleted, cause the browsers to work perfectly.  The problem is, naturally, that they continue to reappear once the browser is reengaged.  


I want to thank you for any assistance provided.  I have used this site in the past for problems found on friends' and colleagues' computers and found it most helpful.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users