Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijacked Browser search ?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hijacked Browser search ?

Unread postby tan_pang » March 19th, 2009, 8:56 pm

Hi, lets do this :)

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
Code: Select all
http://malwareremoval.com/forum/viewtopic.php?f=11&t=39447

File::
c:\program files\wt3d.ini

Folder::
c:\program files\WildTangent
c:\documents and settings\All Users\Application Data\Viewpoint

Suspect::
c:\documents and settings\Brian\Application Data\wklnhst.dat
c:\windows\system32\0810be8f-b2fd-4cfc-bbc2-e45e10a7568b.dll
c:\windows\System32\Drivers\aeft6iz5.SYS


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am
Advertisement
Register to Remove

Re: Hijacked Browser search ?

Unread postby heyoka05 » March 19th, 2009, 10:18 pm

Good Evening Tan ........hope life is well with you ......here's the log file you requested


ComboFix 09-03-18.01 - Brian 2009-03-19 22:05:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.547 [GMT -4:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brian\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\WildTangent
c:\program files\WildTangent\LicenseStores\WT\058D8AB2-0002-4963-8BEF-C53407A55AB8.wtlic
c:\program files\WildTangent\LicenseStores\WT\13E38CFC-81C8-11D9-8BDE-F66BAD1E3F3A.wtlic
c:\program files\WildTangent\LicenseStores\WT\4B39DF83-1063-4fcc-B1B4-0E116120D387.wtlic
c:\program files\WildTangent\LicenseStores\WT\5F7E059C-CAEF-43ad-9378-DD87D8B6B154.wtlic
c:\program files\WildTangent\LicenseStores\WT\D1FBFB02-8F56-11D9-8BDE-F66BAD1E3F3A.wtlic
c:\program files\WildTangent\LicenseStores\WT\WT.sto
c:\program files\WildTangent\toshiba\moregames.ico
c:\program files\WildTangent\toshiba\onplay.exe
c:\program files\WildTangent\toshiba\version.txt
c:\program files\wt3d.ini

.
((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-18 22:35 . 2009-03-18 22:35 <DIR> d-------- c:\windows\LastGood
2009-03-08 19:00 . 2009-03-08 19:04 <DIR> d-------- c:\program files\HyperStudio 4 Player
2009-03-08 13:48 . 2009-03-09 00:55 10,061 --a------ c:\windows\PlantStudio2.ini
2009-03-08 13:40 . 2009-03-08 22:21 <DIR> d-------- C:\PlantStudio2
2009-03-08 00:45 . 2009-03-08 00:45 <DIR> d-------- c:\windows\TreemagikG3 Demo
2009-03-08 00:45 . 2009-03-08 13:39 <DIR> d-------- c:\program files\TreemagikG3 Demo
2009-03-08 00:43 . <DIR> c:\program files\Plant-Life© Demo - TGC Edtiion
2009-03-02 12:35 . 2009-03-02 12:36 <DIR> d-------- C:\rsit
2009-03-02 12:33 . 2009-03-02 12:33 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-02 12:22 . 2009-03-02 12:22 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-02 12:22 . 2009-03-02 12:22 73,728 --a------ c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 01:46 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-19 23:19 35,890 ----a-w c:\documents and settings\Brian\Application Data\wklnhst.dat
2009-03-19 17:06 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-03-19 02:35 --------- d-----w c:\program files\McAfee
2009-03-08 17:38 --------- d-----w c:\program files\Native Instruments
2009-03-08 17:38 --------- d-----w c:\program files\Common Files\Native Instruments
2009-03-08 17:37 --------- d-----w c:\program files\VstPlugins
2009-03-08 17:37 --------- d-----w c:\program files\ Plant-Life© Demo - TGC Edtiion
2009-03-08 00:49 --------- d-----w c:\program files\REAPER
2009-03-02 16:32 --------- d-----w c:\program files\Common Files\Adobe
2009-03-02 16:22 --------- d-----w c:\program files\Java
2009-03-01 22:08 --------- d-----w c:\documents and settings\Brian\Application Data\REAPER
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:25 --------- d-----w c:\program files\ASIO4ALL v2
2009-02-07 01:01 --------- d-----w c:\program files\Pro Tracks Plus
2009-02-06 02:44 --------- d-----w c:\program files\BurnAware Home
2009-02-05 17:37 --------- d-----w c:\program files\Alcohol Soft
2009-02-05 17:33 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-04 15:24 --------- d--h--r c:\documents and settings\Lindi\Application Data\yahoo!
2009-02-01 19:38 --------- d-----w c:\program files\Yahoo!
2009-02-01 04:59 --------- d-----w c:\program files\MySpace
2009-02-01 03:12 --------- d-----w c:\program files\Common Files\Scanner
2009-02-01 02:58 262,144 ----a-w C:\ntuser.dat
2009-02-01 02:58 --------- d--h--r c:\documents and settings\Brian\Application Data\yahoo!
2009-02-01 02:57 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-01-23 17:29 --------- d-----w c:\documents and settings\Lindi\Application Data\Sony
2009-01-23 17:29 --------- d-----w c:\documents and settings\Lindi\Application Data\Publish Providers
2009-01-23 17:29 --------- d-----w c:\documents and settings\Lindi\Application Data\NetMedia Providers
2009-01-13 03:05 3,120 ----a-w c:\windows\system32\0810be8f-b2fd-4cfc-bbc2-e45e10a7568b.dll
2001-07-12 12:09 61,440 ----a-w c:\windows\inf\i386\onetUSD.dll
2001-06-05 12:11 32,768 ----a-w c:\windows\inf\i386\Wiamicro.dll
2001-05-14 14:19 51,984 ----a-w c:\windows\inf\i386\Wiafbdrv.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-11_10.18.58.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-11 12:18:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-19 23:01:40 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-11 12:18:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-19 23:01:40 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-11 12:18:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-19 23:01:40 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-03 20:21:14 21,244,864 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 16:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2009-03-11 14:10:09 65,446 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-18 19:10:12 65,446 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-11 14:10:09 411,142 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-18 19:10:12 411,142 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-18 19:05:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"PPWebCap"="c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2000-09-06 40960]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-22 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-02-20 1589248]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2001-10-16 258118]
"OneTouch Monitor"="c:\progra~1\VISION~1\ONETOU~2.EXE" [2001-07-12 86016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-03-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"= wdmaud.sys

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-05 206096]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\Smith Micro\StuffIt\ArcNameService.exe [2008-01-31 157016]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 0092541237430156mcinstcleanup;McAfee Application Installer Cleanup (0092541237430156);c:\windows\TEMP\009254~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\009254~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 CEUSBAUD;DigiTech USB MIDI Driver (MIDI);c:\windows\system32\drivers\ceusbaud.sys [2007-01-22 17920]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
.
Contents of the 'Scheduled Tasks' folder

2009-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc328.mail.yahoo.com/mc/welco ... ujKoKsMlC4
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 22:08:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(2276)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-03-19 22:09:32
ComboFix-quarantined-files.txt 2009-03-20 02:09:29
ComboFix2.txt 2009-03-11 14:19:52
ComboFix3.txt 2007-07-12 18:10:33

Pre-Run: 71,150,600,192 bytes free
Post-Run: 71,157,231,616 bytes free

183 --- E O F --- 2009-03-16 13:26:28
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: Hijacked Browser search ?

Unread postby tan_pang » March 24th, 2009, 1:12 am

Hi, can you find this file in your computer??

C:\Windows\System32\Drivers\aeft6iz5.SYS

If you can't see it, then please make sure that you have enable to show hidden and system file.
  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Click Yes when prompted.
  9. Click OK.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Hijacked Browser search ?

Unread postby heyoka05 » March 25th, 2009, 8:43 am

No Tan, that file doesn't exist on my system
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: Hijacked Browser search ?

Unread postby tan_pang » March 27th, 2009, 10:35 am

Hi, try go to C:\Qoobox\Quarantine folder to find this file
[4]-Submit_Date_Time.zip
Where the Date and Time is the date and time you run a ComboFix.
Example: [4]-Submit_2007-07-17_165501.18.zip


Next, go to: VirusTotal
  • In the middle of the page you'll find a "Browse" button.
    Image
  • Click the Browse... button and locate that file I mention above. Click Open after that.
  • Then click the "Send File" button just below.
  • This will scan the file (the progress bar will show "Current status: scanning"). Please be patient.
  • Once scanned (the progress bar will display "Current status: finished"), copy and paste the results in your next reply.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Hijacked Browser search ?

Unread postby heyoka05 » March 27th, 2009, 8:51 pm

The information you requested



Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.28 -
AhnLab-V3 5.0.0.2 2009.03.27 -
AntiVir 7.9.0.129 2009.03.27 -
Antiy-AVL 2.0.3.1 2009.03.27 -
Authentium 5.1.2.4 2009.03.27 -
Avast 4.8.1335.0 2009.03.27 -
AVG 8.5.0.285 2009.03.27 -
BitDefender 7.2 2009.03.28 -
CAT-QuickHeal 10.00 2009.03.26 -
ClamAV 0.94.1 2009.03.27 -
Comodo 1086 2009.03.27 -
DrWeb 4.44.0.09170 2009.03.27 -
eSafe 7.0.17.0 2009.03.27 -
eTrust-Vet 31.6.6421 2009.03.27 -
F-Prot 4.4.4.56 2009.03.27 -
F-Secure 8.0.14470.0 2009.03.27 -
Fortinet 3.117.0.0 2009.03.27 -
GData 19 2009.03.28 -
Ikarus T3.1.1.48.0 2009.03.28 -
K7AntiVirus 7.10.683 2009.03.27 -
Kaspersky 7.0.0.125 2009.03.28 -
McAfee 5566 2009.03.27 -
McAfee+Artemis 5566 2009.03.27 -
McAfee-GW-Edition 6.7.6 2009.03.27 -
Microsoft 1.4502 2009.03.27 -
NOD32 3969 2009.03.27 -
Norman 6.00.06 2009.03.27 -
nProtect 2009.1.8.0 2009.03.27 -
Panda 10.0.0.10 2009.03.27 -
PCTools 4.4.2.0 2009.03.27 -
Prevx1 V2 2009.03.28 -
Rising 21.22.42.00 2009.03.27 -
Sophos 4.40.0 2009.03.27 -
Sunbelt 3.2.1858.2 2009.03.27 -
Symantec 1.4.4.12 2009.03.28 -
TheHacker 6.3.3.7.293 2009.03.27 -
TrendMicro 8.700.0.1004 2009.03.28 -
VBA32 3.12.10.1 2009.03.27 -
ViRobot 2009.3.27.1666 2009.03.27 -
Additional information
File size: 26567 bytes
MD5...: 57e4ee7ca7a79c9c6e3be076394e6a5c
SHA1..: 9a5590964193323f06468d831ba6e2ae35c771ec
SHA256: 9ada572ce469b1ccd55de4a56055899c11819d77b0bf7db84501484c1da3fc7b
SHA512: 5ba6e45848b97cf65db5d65d75432238ed7023ccea87ccd3efdc55dfe61c1d89
f97d04130d448eb9d6fb2b092bf930f5e148fc14770c9e5d7532b2cab279a094
ssdeep: 768:EGHzpj2GvBYU10WC6/++PGr6gMVE+2+Lq4cITX:E8djDvD0UPGr6g/+265

PEiD..: -
TrID..: File type identification
ZIP compressed archive (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set
-
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: Hijacked Browser search ?

Unread postby tan_pang » March 29th, 2009, 4:05 am

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Hijacked Browser search ?

Unread postby heyoka05 » March 30th, 2009, 8:08 pm

Hi Tan,
Hope all is well with you.
Here's the log file for the last scan .
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 30, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 30, 2009 14:35:03
Records in database: 1986635
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 140143
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:28:16

No malware has been detected. The scan area is clean.

The selected area was scanned.
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: Hijacked Browser search ?

Unread postby tan_pang » March 31st, 2009, 11:00 am

Click on Start > Run. Copy and paste in ComboFix /u and click OK. An image is below for reference.

Image

After that, you can enable the anti-virus and anti-malware programs in your computer.

============================================================================================================================

Now, your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    • Right-click on the My Computer on Desktop, and choose Properties
    • Click on the System Restore tab, and check the box Turn off System Restore on all drives
    • Click Apply and reboot your computer.
    • After reboot, right-click My Computer on Desktop, choose Properties and go back to System Restore tab, turn the System Restore 'On' afterward by unticking the same checkbox & click OK
  2. DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Select "Do not show hidden files and folders"
    • Tick - Hide file extensions for known types
    • Tick - Hide protected operating system files (Recommended)
    • Remove the checkmark from the checkbox labeled Display the contents of system folders.
    Click Yes to confirm & then click OK
  3. ANTIVIRUS SOFTWARE
    It is imperative that you set the Antivirus software to Automatic update. If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  4. FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here ? http://www.bleepingcomputer.com/forums/tutorial60.html
  5. Microsoft Windows Update ? http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
    Alternatively, you can enable the automatic update by follow the instruction in here ? http://www.microsoft.com/protect/comput ... es/mu.mspx
  6. SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial49.html
Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=4959

After doing all these, your system will be optimised against future threats.

Have a safe & happy computing day. Image

Kindly respond to this thread once more so we can mark this thread as resolved.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: Hijacked Browser search ?

Unread postby NonSuch » April 5th, 2009, 3:42 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware