Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Web search links are hijacked, cant seem to clean

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Web search links are hijacked, cant seem to clean

Unread postby Odd dude » August 15th, 2009, 2:00 pm

No need. The applet is known for being troublesome.

We'll use a different scanner.
  • Go here using Internet Explorer: http://www.eset.com/onlinescan/run_scanner.php
  • Put a checkmark next to Yes, I accept the Terms of Use and click the Start button
  • If prompted about installing ActiveX, allow it and click Install
  • If there is a checkmark next to Remove found threats, remove the checkmark and then click Start
  • The scanner will initialize and then start scanning. It will normally take 0.5 - 2 hours to complete.
  • When the scan has finished, close Internet Explorer
  • A log will be located here
    C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Include this log in your next reply
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Advertisement
Register to Remove

Re: Web search links are hijacked, cant seem to clean

Unread postby friggenPC » August 15th, 2009, 4:59 pm

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QMX4FM00\installb[1].exe a variant of Win32/Kryptik.ZE trojan
C:\Software\Fonts\fontsfree.exe multiple threats
friggenPC
Active Member
 
Posts: 13
Joined: August 1st, 2009, 5:44 pm

Re: Web search links are hijacked, cant seem to clean

Unread postby friggenPC » August 15th, 2009, 5:01 pm

this is the ESET.log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=53021cf5690efd44a2c3448fade94e9b
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-15 06:41:39
# local_time=2009-08-15 02:41:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=48695
# found=1
# cleaned=0
# scan_time=1799
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QMX4FM00\installb[1].exe a variant of Win32/Kryptik.ZE trojan 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=53021cf5690efd44a2c3448fade94e9b
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-15 08:02:29
# local_time=2009-08-15 04:02:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=97548
# found=2
# cleaned=0
# scan_time=4787
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QMX4FM00\installb[1].exe a variant of Win32/Kryptik.ZE trojan 00000000000000000000000000000000 I
C:\Software\Fonts\fontsfree.exe multiple threats 00000000000000000000000000000000 I
friggenPC
Active Member
 
Posts: 13
Joined: August 1st, 2009, 5:44 pm

Re: Web search links are hijacked, cant seem to clean

Unread postby Odd dude » August 16th, 2009, 6:17 am

Download ATF-Cleaner by Atribune to your desktop.
Start the program and place a check next to the following items:
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Java Cache
  • Recycle Bin
Now click Empty Selected and click OK.

If you use FireFox, click the FireFox tab and place a check Select All. Click Empty Selected and answer No at the prompt.
If you use Opera, click the Opera tab and place a check Select All. Click Empty Selected and answer No at the prompt.

Submit a file for analysis
We need to have something checked for malware. Please go to Jotti's.
  • Click Browse next to File to upload & scan and copy and paste the first line of the following list into the browse box:
    Code: Select all
    C:\Software\Fonts\fontsfree.exe
  • Click Submit. The file will now be scanned for malware and the results will be displayed from the screen. Select the part where the virus scan results are shown and copy and paste this to notepad.
  • Copy and paste the whole notepad file you just made into your reply.


Update outdated software
Your version of Adobe Reader is old and may contain security leaks. Please first uninstall the older version, then download and install the newest version from here.
Your version of Sun Java is outdated and may contain security leaks. First uninstall all versions of Java you have installed. Then download and install the latest version of Java from java.com.

Also, do you connect to the internet through a wireless router?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Web search links are hijacked, cant seem to clean

Unread postby NonSuch » August 19th, 2009, 7:08 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27299
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware