Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cassiopea & SpyHunter 4 have hijacked my laptop


  • Please log in to reply
97 replies to this topic

#1 oxblood

oxblood

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 04 July 2015 - 03:28 PM

Good people - Cassiopea Chromium has hijacked Google Chrome on my Dell Inspirion 15, 64 bit ver 8.1 laptop and will not allow me to access the Chrome server. I ran Malware Bytes free version and it removed the icon from the system tray but it still has control of Google. 

 

Spyhunter4 version 4.20.9.4533 also also has taken hold and like Cassiopea cannot be removed with the controll panel uninstall feature.

 

The problem is on my newer 8.1 laptop. I am currently typing on my older XP desktop which I believe to be clean.

 

Any and all assistance to solve these problems is greatly appreciated.

 

Thanking you in advance.

 

Sincerely

Oxblood 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 07 July 2015 - 08:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

May I suggest you restore you system to an earlier date.
http://windows.microsoft.com/en-CA/windows-8/restore-refresh-reset-pc
On the page follow the instructions under this chapter To restore your PC to an earlier point in time

Select a date prior to the date you started having this problem.

===

If that fails to restore you system then please continue:

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Wait for further instructions.

#3 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 07 July 2015 - 10:23 PM

Greetings nasdaq - Should I open and attempt to do this in safe mode on my infected laptop? If yes then how would I do this in Win 8.1 as I am very new to this version. Currently I am unable to access the net on that machine via google due to the infection. I am communicating currently on my uninfected XP desktop.

 

Much Thanks! 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 08 July 2015 - 07:50 AM

To restore the computer use these instructions.

http://windows.microsoft.com/en-CA/windows-8/restore-refresh-reset-pc

To run the Farbar tool you will need to download the program on a Flash Drive etc and copy the file to the desktop of the Windows 8 and run the tool in normal mode.

copy the logs to your flash driver and post them here for my review.

#5 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 08 July 2015 - 03:34 PM

Nasdaq - I have been attempting to perform a system restore via the instructions provided in your last post. I started this morning

approx 10:00 am est and it is now 4:30 pm est, approx 6.5 hours.  Is it normal to take this long to do a restore? For the last 4 hours or so it has merely registered the white dell logo within a circle on a black screen and my Toshiba external hard drive light is continually blinking as though it is being accessed. Should I continue to wait or shut down and attempt to run the Farbar program?

 

Thanks



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 09 July 2015 - 08:16 AM

Stop the process.

Run Farbar tool and will take it from there.

#7 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 10 July 2015 - 10:46 AM

Nasdaq - The clean XP desktop is a 32 bit system which I am communicating to you with. The infected win 8.1 laptop is a 64 bit I believe. I have been unable to open the Farbar 64 bit program on my XP machine to put on a flashdrive and transfer to the infected laptop. How would I go about getting the 64 bit version onto a flash drive to transfer to the 8.1 laptop?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 10 July 2015 - 12:35 PM

In post no 2.you have the link to the 64bit program.

Download the .exe file to your Flash disk.

Just copy the .exe to your 64bit computer and run it from the Control panel.

2 files will be generated, copy them to your Flash driver and post them here for my review.

#9 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 11 July 2015 - 01:06 PM

Nasdaq - I have attempted to download and run the Farbar scan tool without success. Either it never completed the download to the flash drive or when I attempt to run it on the infected laptop via chrome or IE I get the following message;

 

unable to connect to proxy server

remote device or resource won't accept connection

 

Help!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 11 July 2015 - 01:20 PM

Try this one.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#11 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 11 July 2015 - 02:41 PM

Should I copy all the above to a flash drive and attempt to run on the infected laptop. Currently I can only communicate with you on the uninfected desktop which I am doing now. As in my previous post Cassiopea Chromium will not allow access to the net on the infected laptop which is the problem 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 12 July 2015 - 06:46 AM

Yes as always, that is the only way you can test the compromised computer.

You what Windows 8 and there are some tools that are not compatible with the operating system. Doing the best I can.

#13 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 12 July 2015 - 12:09 PM

Nasdaq - I am currently less than halfway through a Win Defender full system scan on the infected laptop. I will attempt what you suggest when the scan is complete probably in a day or so. I'm letting you know this so you don't think I've abandoned our efforts. I will be back in touch after the scan and my attempt to run Zoek.exe. 

I'll be in touch.

 

Thanks



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 12 July 2015 - 12:57 PM

I will be here.

#15 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 12 July 2015 - 02:09 PM

Nasdaq - The scan is complete. I'm not sure how to copy paste the 4 lines of script you said to paste in to Zoek as I am on my clean desktop and the infected machine is the win 8.1 laptop. How can I do this with a flashdrive? Sorry I'm just not very technology savy. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users