Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New, undetected browser hijacker?


  • Please log in to reply
1 reply to this topic

#1 aworrier

aworrier

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 04 November 2017 - 12:54 AM

So I was going through my family member's computer after they complained of it being slow. They recently attempted to install something they bought off ebay called PCCloner ex which did not work at all and the "company's" contact number was fake. The program has supposedly uninstalled but its folder and uninstall application stays. Norton marks this file as commonly used but I'm suspicious.

 

Moreover, I found a weird browser hijacker called fastpackagetracker. Adwarecleaner did not catch it, instead it tagged Norton's toolbar as a problem. However, the fastpackagetracker add on was easily found and removed and the page also offered an uninstall guide. Searching through the computer's browser history this seemed to derive from either a popup ad in jcpenney's tracking domain or perhaps from this PCCloner Ex program. Scanning with Malwarebytes and Norton never picked up this weird toolbar/browser hijacker. The URL it links to is "search.fastpackagetracker.co.....". I'm trying to attach an image of the history but I cannot at the moment.

 

So, what in the world is this and why has no program picked it up yet? Has anyone experience this browser hijacker before? Finally, if MBAM, Norton, and Adwcleaner isn't picking up anything is this computer infected with anything else?

 

Edit: Here's the link it sets the new tab too. The bottom most link is the first time I see the entry in Firefox's browser history. Right next to this entry I saw a link to the browser hijacker searchencrypt which didn't seem to infect the computer. Moreover, MBAM seems to have caught something associated with it logged as spigot.generic. Searching this up shows a browser hijacker with a different url but same new tab hijack screen.

 

Sp3s41l.jpg


Edited by aworrier, 04 November 2017 - 01:03 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:26 AM

Posted 06 November 2017 - 12:21 PM

This is adware that came bundled in something you downloaded.

Please do these and see...



MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users