Computer Help forum

General discussion

HELP!! Browser has been hajacked

by shand71 / April 7, 2010 10:48 PM PDT

I was infected with a fake antivirus virus or some virant of. I searched several forums and found some good advise and was able to remove it.

My promblem now is I can't browse to any antivirus or microsoft site. I doesn't connect or redirects to some obscure site. I'm using IE8 8.0.6001.18702. I've ran almost every spyware, adware tool available and they did remove the virus and now I've run again and all is clean.

With the exception of the browser hijacking. I cannot find what is causing this. I also had chrome installed to test it wouldn't connect to anything. Was able to install firefox same issues. Rebuild host files Nothing has worked. Any answers would be greatly appericated.

Discussion is locked
You are posting a reply to: HELP!! Browser has been hajacked
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: HELP!! Browser has been hajacked
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
You didn't do enough.
by white-bread / April 8, 2010 1:04 AM PDT

Records still exist and the registry may have left over keys.

Collapse -
Any suggestions
by shand71 / April 8, 2010 1:18 AM PDT
In reply to: You didn't do enough.

Any suggestions on how to find the leftover keys?

Collapse -
Try This...
by Grif Thomas Forum moderator / April 8, 2010 3:58 AM PDT
In reply to: Any suggestions

Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
_____________________

IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
_____________________


Hope this helps.....

Grif

Collapse -
Same Results
by shand71 / April 8, 2010 7:42 AM PDT
In reply to: Try This...

I actually had Malwarebytes and Superantispy installed and have run multiply times. They were the programs that helped remove the inital virus. I was able to run the rkill program and it found one process.I updated with the links you provided and re-ran both programs Malwarebytes found one issue in the a system restore file. But even after that I still can't connect to any antivirus sites. I use a laptop for work and my PC is the infected one so I've been loading fixes on a thumb drive and installing and running on the infected PC. My almost to the point of reformating but I've become determined to fix this.

Collapse -
In Addition To Bob's Good Advice Below.. Another Tool
by Grif Thomas Forum moderator / April 8, 2010 9:46 AM PDT
In reply to: Same Results

Try one more tool.. Many use it to get rid of the redirect issue. It's free to use for 30 days:

Hitman Pro
http://www.surfright.nl/en/hitmanpro

Also check your HOSTS file. Occasionally, viruses will add antivirus sites to your HOSTS file which blocks them from being visited.. So, if HitmanPro doesn't fix it as a test, find the HOSTS file at C:\Windows\System32\Drivers\ETC and rename it to HOSTS.txt. Close your browser, then open it again and see if things are fixed.

Hope this helps.

Grif

Collapse -
Thank you,
by shand71 / April 8, 2010 1:07 PM PDT

I ranthe hitman program and it identified a few things. The first item it found said I was connected to a proxy server, which I shouldn't be. Checked proxy settings and was not connected. While researching why it would think I was connecting to a proxy server I went over my internat options for the hundred time and finally remembered and saw under the advanced tap the the option to Restore advanced settings and Reset Internet Explorer did both. Let it delete everything stored in IE and all of a sudden it's working again. I feel like an idiot for fighting this for 4 days.

Thanks again for the help.

Collapse -
Next up? A hijackthis reading.
by R. Proffitt Forum moderator / April 8, 2010 8:08 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.