Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think this is a browser hijack


  • This topic is locked This topic is locked
5 replies to this topic

#1 faster

faster

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 06 May 2015 - 06:13 PM

Something loads sites on Internet Explorer without my knowing.

I NEVER use IE except when some program I use uses it.

My whole system has been running very slow, and I think it is because something is launching IE behind my back.

Today, there were TWO IE pages open. I went to Task manager to close them, but when I did, another site took over. I couldn't get rid of these two open browser pages.

I didn't know they existed until Spybot S&D told me to close the open browser I knew nothing about.

This is obviously malware, but scans have had no effect.

I could block IE, but then when programs I use open that browser, they won't work.

Not only can't I end the browsers, but I can't launch them to turn them off that way.

Does anyone have any familiarity with this browser hijack? What can I do to stop it?

 

I just noticed in Task Manager that a site called phonearena.com has loaded IE, and I can't end the program.

 

If anyone knows what this malware tries to DO to my system, I'd REALLY appreciate it. Since I can't open the browser pages, it can't very well be advertising.

 

Thanks!

Holly B.


Edited by hamluis, 06 May 2015 - 06:36 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 06 May 2015 - 06:22 PM

Uninstall Spybot Search and destroy before completing these steps!! You may reinstall it later if you wish. :)

 

 

 

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 faster

faster
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 10 May 2015 - 06:39 PM

I want to thank you for your detailed response.

 

Unless I can use CCleaner, however, I can't begin to follow the steps you gave me.

 

I've had CCleaner for several years, but don't use it, since it doesn't tell me what is wrong with any given file or registry entry.

 

I just ran it yesterday. I couldn't limit the search without de-selecting a great many things, so I ran it on the whole system, and it found 35000 problems.

 

I've used other cleaners before. Any that clean the registry give me all the info I need to make a decision. CCleaner does not. I will NOT trust CCleaner to  remove all 35000 issues. Nor do I have the time in this life to do it manually.

 

So CCleaner is out for now, unless it improves.

 

Also, since you appear to presume Spobot has some responsibility for my problem, I can't make the same assumption.  Its only involvement here was to tell me I had browsers open, so it could immunize. THAT was how I learned I had a problem.

 

Can any of what I said give you some opportunities for trying another approach? This malware launches IE behind my back. It doesn't put the browser up for me to see, but launches one or two of them that only show up in Task Manager. I can remove them by going to the processes tab and stopping iexplore, which is usually shown 2-3 times. When they're gone, the browser is no longer open.

 

However it will come back, even in the same online session. I'd like to remove whatever programming got into my PC. It seems to happen only when I am online.

 

Thanks muchly, And thanks for recommending AdwCleaner. I used AdAware for years, but it became toxic somehow, so I got rid of it.

I'm going to try it out right now.

Holly B.



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 10 May 2015 - 07:07 PM

I was not asking you to remove the registry items with CCleaner, just run the cleaner and disable your start up items, also remove spybot and you can re install it after we are done. :)



#5 faster

faster
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 11 June 2015 - 06:19 PM

I'm adding this to the above problem. While I'm very grateful for the detailed response, I can't use it without CCleaner, and I'll never trust it again after losing many important downloads.

 

I still have the problem I wrote about. But now there's more that is very likely connected to it.

 

Yesterday WiseCare actually made a popup that there were a VAST number of files that I should clean up. Probably done by this browser thief. It's probably transmitting malware through my PC.

 

Something is making two tones that appear while I'm using my PC. I have nothing to do with it, and there is no regularity to it at all. It sounds a few times every hour, more or less. This is brazenly flaunting that I'm infected.

Happens online or offline. Doesn't matter what I'm doing as long as the PC is running.
 

The notes are 5-1, or sol-do, which is a combination that is often used to signal a job has been finished.

Once, it played 1-5, for what that's worth.

 

Just now, it sounded, and my mouse froze. Two seconds later, the sound occurred in reverse, and my mouse returned. Whoever's doing this actually WANTS me to know they're there. I'm having other minor problems with my mouse; might this be caused by the same thing? Sometimes one click opens something, and other times I must click something 2 or more times. Randomly. My screen also flashes often but intermittently, online and off.

 

What can I do besides formatting C?
 



#6 hamluis

hamluis

    Moderator


  • Moderator
  • 54,860 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:08 PM

Posted 11 June 2015 - 07:58 PM

Topic closed, reposted in Win 7 forum.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users