Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Mozilla Browser Hijacked - Google Search Results redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby deltalima » January 9th, 2011, 3:59 pm

TDSS killer downloaded and I ran it but it never produced the log, or otherwise showed that it was running.

Please reboot and then download a new copy of TDSSKiller and run it again then check in C:\ for the log.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby ericldauster » January 9th, 2011, 5:22 pm

Downloaded TDSSkiller.zip again. Extracted TDSSKiller.exe and double clicked it.

Got the dialog box asking permission to run the exe - ran it. Nothing opened up to indicate activity although the disk light was blinking.

Waited 10 minutes and checked C: for the log - no log found. Did a search and it didn't show up.

I haven't run the Malwarebytes scan as requested earlier because I was waiting to run TDSSKiller first.
ericldauster
Regular Member
 
Posts: 16
Joined: January 3rd, 2011, 9:15 pm

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby ericldauster » January 9th, 2011, 5:24 pm

And I did reboot before downloading and trying again.
ericldauster
Regular Member
 
Posts: 16
Joined: January 3rd, 2011, 9:15 pm

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby deltalima » January 9th, 2011, 5:28 pm

Hi ericldauster,

I haven't run the Malwarebytes scan as requested earlier because I was waiting to run TDSSKiller first.


OK let's pass on those two scans for now while I research the problem with TDSSKiller.

MBRBackup
Download MBRBackup to your Desktop.
http://www.misec.net/products/mbrBackup.exe
Doubleclick MBRBackup.exe to launch the program. If prompted by your computer allow it to run.
Click SaveMBR (top left corner) and save the backup file to your Desktop.
Exit the program.
It will have a name similar to MBR_2010-10-06.bin where the numbers correspond to the date the backup was made.


Analyze file(s).
Please visit Virustotal.

Click on browse > navigate to the MBR_2010-xx-xx.bin backup file > Click Open:

  • Press Send File - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    @echo off
    Nslookup www.malwarebytes.org >> results.txt 
    Nslookup www.safer-networking.org >> results.txt 
    Nslookup www.google.com >> results.txt
    Nslookup www.google.co.uk  >> results.txt
    Ping www.malwarebytes.org >> results.txt 
    ping www.safer-networking.org >> results.txt 
    ping www.google.com >> results.txt 
    ping www.google.co.uk >> results.txt 
    start notepad results.txt 
    Del %0
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Double click the file xxx.bat to execute.

results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby ericldauster » January 9th, 2011, 5:36 pm

I'm getting a "page not found" error message when I click on http://www.misec.net/products/mbrBackup.exe
ericldauster
Regular Member
 
Posts: 16
Joined: January 3rd, 2011, 9:15 pm

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby deltalima » January 9th, 2011, 5:38 pm

User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby ericldauster » January 9th, 2011, 5:48 pm

Successfully ran MBR Backup but cannot visit VirusTotal at link provided

http://www.virustotal.com/en/indexf.html

page not found
ericldauster
Regular Member
 
Posts: 16
Joined: January 3rd, 2011, 9:15 pm

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby deltalima » January 9th, 2011, 5:50 pm

User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby ericldauster » January 9th, 2011, 5:55 pm

http://www.virustotal.com/file-scan/rep ... 1294610030

Creating and running batch file now.
ericldauster
Regular Member
 
Posts: 16
Joined: January 3rd, 2011, 9:15 pm

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby ericldauster » January 9th, 2011, 5:59 pm

results of batch file run
--------------

Server: dsldevice
Address: 192.168.1.254

Name: malwarebytes.org
Address: 216.245.195.234
Aliases: www.malwarebytes.org

Server: dsldevice
Address: 192.168.1.254

Name: www.safer-networking.org
Address: 188.165.126.152

Server: dsldevice
Address: 192.168.1.254

Name: www.l.google.com
Addresses: 74.125.224.18, 74.125.224.19, 74.125.224.16, 74.125.224.17
74.125.224.20
Aliases: www.google.com

Server: dsldevice
Address: 192.168.1.254

Name: www.l.google.com
Addresses: 74.125.224.16, 74.125.224.17, 74.125.224.20, 74.125.224.18
74.125.224.19
Aliases: www.google.co.uk, www.google.com



Pinging malwarebytes.org [216.245.195.234] with 32 bytes of data:



Reply from 216.245.195.234: bytes=32 time=58ms TTL=50

Reply from 216.245.195.234: bytes=32 time=57ms TTL=50

Reply from 216.245.195.234: bytes=32 time=56ms TTL=50

Reply from 216.245.195.234: bytes=32 time=57ms TTL=50



Ping statistics for 216.245.195.234:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 58ms, Average = 57ms



Pinging www.safer-networking.org [188.165.126.152] with 32 bytes of data:



Reply from 188.165.126.152: bytes=32 time=181ms TTL=50

Reply from 188.165.126.152: bytes=32 time=179ms TTL=50

Reply from 188.165.126.152: bytes=32 time=174ms TTL=50

Reply from 188.165.126.152: bytes=32 time=178ms TTL=50



Ping statistics for 188.165.126.152:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 174ms, Maximum = 181ms, Average = 178ms



Pinging www.l.google.com [74.125.224.19] with 32 bytes of data:



Reply from 74.125.224.19: bytes=32 time=16ms TTL=55

Reply from 74.125.224.19: bytes=32 time=16ms TTL=55

Reply from 74.125.224.19: bytes=32 time=16ms TTL=55

Reply from 74.125.224.19: bytes=32 time=15ms TTL=55



Ping statistics for 74.125.224.19:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 16ms, Average = 15ms
ericldauster
Regular Member
 
Posts: 16
Joined: January 3rd, 2011, 9:15 pm

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby deltalima » January 9th, 2011, 6:19 pm

Hi ericldauster,

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Please run Malwarebytes, update and then run a quick scan and post the log in your next reply.

ESET online scannner

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby ericldauster » January 11th, 2011, 9:09 pm

Ran TFC and the MalWare scan - I'll try to remember to run the ESET scan tonight. -Here's the MalWare log.
----------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5489

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/9/2011 2:44:28 PM
mbam-log-2011-01-09 (14-44-28).txt

Scan type: Quick scan
Objects scanned: 153685
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
=====================
ericldauster
Regular Member
 
Posts: 16
Joined: January 3rd, 2011, 9:15 pm

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby deltalima » January 12th, 2011, 3:47 am

OK, please post when ready.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby ericldauster » January 12th, 2011, 1:07 pm

I appreciate all of the help you've given me.

The hard drive appears to have died last night. Controller checks out ok but I can't get the hard drive to spin. I will work on this but it may be the weekend before I know if this drive will come back to life or not.

If I end up with a new drive I'll want to transfer over photos and videos to the new drive. What should I be sure to not transfer over in order to try to avoid the transfer of the virus?
ericldauster
Regular Member
 
Posts: 16
Joined: January 3rd, 2011, 9:15 pm

Re: Mozilla Browser Hijacked - Google Search Results redirec

Unread postby deltalima » January 12th, 2011, 3:19 pm

Hi ericldauster,

Sorry to hear about the disk drive failing.

If I end up with a new drive I'll want to transfer over photos and videos to the new drive. What should I be sure to not transfer over in order to try to avoid the transfer of the virus?


The main thin is to get antivirus software installed and all Microsoft updates as soon as possible once the machine has been installed.

Photos and videos should be OK to transfer, but make sure you scan all of them with the antivirus before you open any of them.

I will keep this thread open for 3 days so that if you manage to get the drive running we can continue to track down this infection.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware