Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

[split] Google searches redirected, cannot change hosts file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

[split] Google searches redirected, cannot change hosts file

Unread postby anniedanny » December 17th, 2009, 5:38 am

I am also having problems with gwprimawega . It seems to be something new. I did a complete system scan with NIS twice - and once in safe mode and Norton's doesn't find anything.

But I can't use Google at all; with IE or Firefox either one. All the links are hijacked by ads.

ThreatExpert has three reports of it. It seems to overwrite iexplore.exe, if I understood it right. I did uninstall and reinstall IE8 but I had a lot of problems doing that and it wouldn't let me delete some of the files; said they were in use by another program. So maybe the corrupted files weren't overwritten when I reinstalled.

From what I read on ThreatExpert, I think this thing maybe does a whole lot of over-writing of files. According to ThreatExpert, it also overwrites some Macromedia shockwave files.

And it never seems to do the same thing twice; the file names are different in each report. The name gwprimawega shows up in IE's Addon's, and in one of the Registry entries. Otherwise the DLL's are named differently. I found them by the timestamp.

I'm hoping somebody has an easy fix for this but I haven't come across any good news yet. I did manage to delete (or quarantine) a good share of it, using the info from ThreatExpert to find most of the files. But the damage done to IE and system files is another matter. I uninstalled Firefox completely and have not re-installed it yet.

One article said that malware is targeting Firefox: installs their malware as an Add-on. I was using Firefox when it happened, and I did get a message that a new Addon had been installed. A windows-update window was also open. I tried to stop it but it all happened rather quickly.

I recently switched to Firefox because it's supposedly better and safer, but now they're saying (in that article I read) that Firefox is vulnerable.
anniedanny
Active Member
 
Posts: 1
Joined: December 17th, 2009, 5:11 am
Advertisement
Register to Remove

Re: [split] Google searches redirected, cannot change hosts file

Unread postby NonSuch » December 17th, 2009, 8:29 pm

viewtopic.php?p=491380#p491380

IMPORTANT: All help given in this forum is by authorised persons only. All helpers have undergone a thorough and comprehensive training, or are Undergraduates of the University whose work is directly supervised by a qualified helper.

Any and all "help" posted by unauthorised persons will be removed, and the person posting that "help" may be banned from this site.


Neither help nor comments are welcomed in topics not your own. If you require assistance, you must start your own topic and post your own HijackThis log.

This topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware