General discussion

HELP!! Browser has been hajacked

I was infected with a fake antivirus virus or some virant of. I searched several forums and found some good advise and was able to remove it.

My promblem now is I can't browse to any antivirus or microsoft site. I doesn't connect or redirects to some obscure site. I'm using IE8 8.0.6001.18702. I've ran almost every spyware, adware tool available and they did remove the virus and now I've run again and all is clean.

With the exception of the browser hijacking. I cannot find what is causing this. I also had chrome installed to test it wouldn't connect to anything. Was able to install firefox same issues. Rebuild host files Nothing has worked. Any answers would be greatly appericated.

Discussion is locked
Follow
Reply to: HELP!! Browser has been hajacked
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: HELP!! Browser has been hajacked
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
You didn't do enough.

Records still exist and the registry may have left over keys.

- Collapse -
Any suggestions

Any suggestions on how to find the leftover keys?

- Collapse -
Try This...

Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
_____________________

IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
_____________________


Hope this helps.....

Grif

- Collapse -
Same Results

I actually had Malwarebytes and Superantispy installed and have run multiply times. They were the programs that helped remove the inital virus. I was able to run the rkill program and it found one process.I updated with the links you provided and re-ran both programs Malwarebytes found one issue in the a system restore file. But even after that I still can't connect to any antivirus sites. I use a laptop for work and my PC is the infected one so I've been loading fixes on a thumb drive and installing and running on the infected PC. My almost to the point of reformating but I've become determined to fix this.

- Collapse -
In Addition To Bob's Good Advice Below.. Another Tool

Try one more tool.. Many use it to get rid of the redirect issue. It's free to use for 30 days:

Hitman Pro
http://www.surfright.nl/en/hitmanpro

Also check your HOSTS file. Occasionally, viruses will add antivirus sites to your HOSTS file which blocks them from being visited.. So, if HitmanPro doesn't fix it as a test, find the HOSTS file at C:\Windows\System32\Drivers\ETC and rename it to HOSTS.txt. Close your browser, then open it again and see if things are fixed.

Hope this helps.

Grif

- Collapse -
Thank you,

I ranthe hitman program and it identified a few things. The first item it found said I was connected to a proxy server, which I shouldn't be. Checked proxy settings and was not connected. While researching why it would think I was connecting to a proxy server I went over my internat options for the hundred time and finally remembered and saw under the advanced tap the the option to Restore advanced settings and Reset Internet Explorer did both. Let it delete everything stored in IE and all of a sudden it's working again. I feel like an idiot for fighting this for 4 days.

Thanks again for the help.

- Collapse -
Next up? A hijackthis reading.

CNET Forums