Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Apparent Browser Hijack Virus


  • This topic is locked This topic is locked
120 replies to this topic

#1 jesst940

jesst940

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:34 PM

Posted 28 January 2015 - 12:28 PM

Hi,

I can not download FRST (+) many other links related to virus removal and security are blocked.

 

These earlier posts may help:

 

Last thread:

http://www.bleepingcomputer.com/forums/t/564528/browser-hijack-malware-windows-xp/

 

First:

http://www.bleepingcomputer.com/forums/t/563654/browsers-hijacked/

 

Posts at above thread links will explain more fully. Just a wrapup:

   I believe I was frist infected in Oct 2014 when someone else was using my computer. Caught

it quickly and used several DIY methods and applications at that time. Things seemed to get better, almost normal. Then problems resurfaced just prior to my beginning this session with Bleeping.

 

Kind Regards

jesst940


jesst940 :flowers: 


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:34 PM

Posted 29 January 2015 - 02:22 PM

Hello jesst940, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

 

==========

 

Do you still have access to a "clean" computer that we can use for downloads, until we get your browsers straightened out?


Best Regards,
oneof4.


#3 jesst940

jesst940
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:34 PM

Posted 29 January 2015 - 02:48 PM

Thank you oneof4 for responding,

   I just now asked that friend about the downloading. She knows how to save to disk or flash drive, and agreed to help me.

It may be a little slower than I would like to 'hand off' the materials, but as long as this gets fixed and you bear with me,

its fine with me. Promise it wont be anywhere near 5 days :-)

  Follow topic and instant notification are set. I have not done anything of a repair/scan/download nature since my last post.

Only backup to disk.

Thanks so much for helping me.

Kind Regards....jesst


jesst940 :flowers: 


#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:34 PM

Posted 29 January 2015 - 04:14 PM

Okay, you may want to print off these instructions for your friend to follow:

 

Please download Farbar Recovery Scan Tool and save it to a USB flash drive.

 

They will need to go here for the download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Note: You need to run the version compatible with your system (This will be the FRST.exe, not the FRST64.exe).

 

Once you have the usb flash drive in your possession, drag and drop the FRST.exe file from the flash drive onto your Desktop.

Click Run after receipt of Windows Security Warning - Open File. When the tool opens click Yes to disclaimer.

  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

Best Regards,
oneof4.


#5 jesst940

jesst940
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:34 PM

Posted 29 January 2015 - 04:33 PM

Hi oneof4,

Have sent link to friend. As soon as I get the usb, and have a little time, I will run it and post the results.

Most likely be sometime tomorrow to get it done...Thanks 


jesst940 :flowers: 


#6 jesst940

jesst940
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:34 PM

Posted 29 January 2015 - 05:11 PM

Friends Norton AV says that link/download is a virus ?

 

She wants to know how to download it without Norton Blocking it.


Edited by jesst940, 29 January 2015 - 05:14 PM.

jesst940 :flowers: 


#7 jesst940

jesst940
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:34 PM

Posted 29 January 2015 - 05:45 PM

Never mind, she got around it: she says she told Norton to restore it, then move it.

Have the usb in my possession now.  :-)

Will start on it this evening when time permits.

Thanks....jesst


jesst940 :flowers: 


#8 jesst940

jesst940
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:34 PM

Posted 29 January 2015 - 06:21 PM

Dragging to desktop produced this responce:

 

"Error Copying File or Folder

X   Cannot copy frst: The file or directory is corrupted and unreadable."

 

(is that because Norton "restored" it on her computer?)

 

 

However I can right click on frst.exe, then 'Send to...Desktop(create shortcut)'

 And the transfer begins. I stopped it, tho, because in the instructions, you

said that if it didn't work as you described, to stop and let you know. 

" If you encounter problems please stop and tell me about it"

 

Just want to do it right this time...

Regards, jesst


jesst940 :flowers: 


#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:34 PM

Posted 30 January 2015 - 08:04 AM

Hmm, okay try this:

 

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

 

Try to drag and drop the file onto the Desktop while in Safe Mode.


Best Regards,
oneof4.


#10 jesst940

jesst940
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:34 PM

Posted 30 January 2015 - 02:12 PM

From Safe Mode: when draging FRST to desktop, 

"Cannot copy frst: The file or directory is corrupted and unreadable." 

While in safe mode tried I to open from Drive F (its called in my comp)--

"frst/exe is not a valid Win32 application"

 

I can only deduce, not being a tech-type person that my friend either

(1) downloaded the wrong version -or- (2) Her AV utility - Norton, changed

the file in some way -or- (3) both.

 

Perhaps I should ask her to try the download again, or, when I can get to the

nearest library (Im in a rural area) and they will let me save something

such as this, I can do it that way.

 

About to contact friend

Thanks and Regards

jesst 


Edited by jesst940, 30 January 2015 - 02:13 PM.

jesst940 :flowers: 


#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:34 PM

Posted 30 January 2015 - 02:53 PM

Sounds good. Have them try the download again or try it from the library pc.


Best Regards,
oneof4.


#12 jesst940

jesst940
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:34 PM

Posted 30 January 2015 - 05:43 PM

ok, will try one or both...friend or library

thanks


jesst940 :flowers: 


#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:34 PM

Posted 31 January 2015 - 08:05 AM

:thumbup2:


Best Regards,
oneof4.


#14 jesst940

jesst940
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:34 PM

Posted 31 January 2015 - 01:14 PM

Hello, 

   Just a quick question (or three:-) 

    I am thinking of uninstalling Kaspersky trial (almost over anyway and I don't intend to purchase) because it is really

taking a lot of resources and hasn't found anything related to my current infection. It did give me a notice that some -7-8

items in the 7zip that I have been using to save/backup items are

"Ligitimate program that can be used by criminals to damage your computer or personal data."  Kaspersky

**Q 1 -- Should I do this uninstall of Kaspersky at this stage, and just a random thought that Kaspersky might

        be keeping me from downloading FRST because Norton blocked FRST on my friends comp.

*Q1a - Would this be a good time to activate/purchase the full version of Malwarebytes. MWB hasn't found anything

          during this infection either. However I have no other AV at this time.

Q2 -  Should I turn off Windows Updates?

         EVENT VIEWER  shows that Windows Update Agent is still trying to download updates and at least half of these

        attempts are resultng in errors. 

Q 3    Would this be a bad time to make minor changes in network set-up. Having issues with an new android phone

        in the household showing up as a 2nd ISP on the router map page - which i believe is making my internet service

        more intermittent than usual. I intend to open a question/topic in the appropriate forum on the router problem.

 

             It seems like the more I know, the more I know I don't know.  :smash:

 

PS.  I did get HIrens.BootCD.15.2Zip to download, by some hole in the hijacker's armor, on the 27th -- before

      my post in the forum in which you started helping me. It is still in Zip form on the desktop. Would Hirens be

       of any use to us at this point?  (oops Q #5)

 

Thanks ... jesst


Edited by jesst940, 31 January 2015 - 01:15 PM.

jesst940 :flowers: 


#15 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:34 PM

Posted 02 February 2015 - 08:37 AM

Hey jesst, sorry for the delay.

 

Q 1 -- Should I do this uninstall of Kaspersky at this stage

I would look at trying to turn off any resident protection when trying to download, and see if that will allow it.  The other option would be to remove it, but you would probably need to remain disconnected from the internet since you will not have any virus protection.  Another option would be to obtain a copy of Avast! or some other free antivirus to install in its place once you get KAV uninstalled.  That way you could remain connected to the internet and see if you are able to download the tools such as FRST.

 

Q1a - Would this be a good time to activate/purchase the full version of Malwarebytes.

That's not a bad idea, but I would wait till we get the machine cleaned first.

 

Q2 -  Should I turn off Windows Updates?

Yes.

 

Q 3    Would this be a bad time to make minor changes in network set-up.

This is not my area of expertise, but if we can leave things as they are for the duration of our cleaning, it would be preferable to do so.

 

Would Hirens be of any use to us at this point?

Not sure yet, but hang on to it just in case we have to go that route.


Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users