Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Chrome hijacked by searchnu

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Chrome hijacked by searchnu

Unread postby Gizzy » May 22nd, 2012, 7:24 pm

Hi max18


Panda Activescan
Please go Here to run Panda's ActiveScan
  1. Once you are on the Panda site, click the Scan your PC button
  2. A new window will open...click the Scan Now button
  3. Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  4. Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  5. When the scan has finished, click on Export To
  6. Save the file as Activescan.txt to your Desktop
  7. Close the Activescan window then go to your Desktop
  8. Double-click on Activescan.txt and it will open in Notepad
  9. In Notepad, click Edit > Select all, then Edit > Copy
  10. Reply to this thread and click Ctrl+V to paste the log in your reply


Please reply with:
  • Panda Activescan log
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA
Advertisement
Register to Remove

Re: Chrome hijacked by searchnu

Unread postby Cypher » May 23rd, 2012, 5:27 am

An unauthorized person posted to this topic. Their post(s) were removed.

Please disregard any advice you may have seen posted by this member.

Only trained, authorized helpers are allowed to provide advice in the Malware Removal forum.
If you are not currently being assisted, please be patient and wait for an authorized helper, otherwise continue to follow your helpers advice.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Chrome hijacked by searchnu

Unread postby max18 » May 24th, 2012, 6:45 pm

Hello,

I just finished running the Active Scan. Here's the log:



;***********************************************************************************************************************************************************************************
ANALYSIS: 2012-05-24 22:45:27
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Internet Security Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\max\appdata\roaming\microsoft\windows\cookies\low\9eyenn62.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\max\appdata\roaming\microsoft\windows\cookies\low\8ir30c1k.txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\max\appdata\roaming\microsoft\windows\cookies\low\max@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\max\appdata\roaming\microsoft\windows\cookies\ivy9rajk.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\max\appdata\roaming\microsoft\windows\cookies\low\29hkl2op.txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
max18
Active Member
 
Posts: 12
Joined: May 13th, 2012, 12:02 pm

Re: Chrome hijacked by searchnu

Unread postby Gizzy » May 25th, 2012, 4:16 pm

Hi max18,
I would like you to run Eset once more, This time when the scan finishes before closing the window please note anything it detects.


TFC (Temp File Cleaner)
Should still be on your desktop, if not please download TFC from here and save it to your desktop.
  1. Right-click TFC.exe and select Run as administrator to run the program.
  2. Click the Start button in the bottom left of TFC
  3. If prompted, click Yes to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.


ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

You will need to to right-click on either the Internet Explorer or Firefox icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as administrator from the context menu.

  1. Please go here then click on: Run ESET Online Scanner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  2. Select the option YES, I accept the Terms of Use then click on: Start
  3. When prompted allow the Add-On/Active X to install.
  4. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  5. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  6. Now click on: Start
  7. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  8. When completed the Online Scan will begin automatically, Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  9. When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic.
  11. Now click on: Finish (Selecting Uninstall application on close if you so wish)

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Please reply with:
  • Eset log and let me know if and what eset detected
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Chrome hijacked by searchnu

Unread postby max18 » May 26th, 2012, 8:29 am

Hello,

Last night I ran the TFC, rebooted and then I executed ESET.

Here's the log:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


I only reported 2 detected items I believe they are the same it detected on the previous execution.

Thanks!
max18
Active Member
 
Posts: 12
Joined: May 13th, 2012, 12:02 pm

Re: Chrome hijacked by searchnu

Unread postby Gizzy » May 27th, 2012, 1:50 pm

Hi max18,

The log isn't showing the required information.
Do you have the files and path to the items being detected?
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Chrome hijacked by searchnu

Unread postby max18 » May 27th, 2012, 7:37 pm

Hello again,

This is what's present on the current log file that just got generated a few minutes ago (I ran ESET again)

C:\_OTL\MovedFiles\05162012_212730\C_Users\Max\AppData\Local\Temp\SetupDataMngr_Searchqu.exe a variant of Win32/Toolbar.SearchSuite application

Forget about the previous report as I just checked that the last time the log file on the ESET directory was updated was on 05/20.

Thanks a lot!
max18
Active Member
 
Posts: 12
Joined: May 13th, 2012, 12:02 pm

Re: Chrome hijacked by searchnu

Unread postby Gizzy » May 28th, 2012, 4:48 am

Hi max18,

Congratulations your machine appears to be clean! :cheers:
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure.

Remove Tools
Let's remove the programs we've been using to clean up your computer, They are not suitable for general malware removal and could cause damage if used inappropriately.

The following steps will remove the tools and logs we used to clean your computer.
Any left over merely delete yourself and empty the Recycle Bin.

CleanUp with OTL
  1. Right-click OTL and select Run as administrator to start the program.
  2. Close all other programs as this step will require a reboot
  3. On the OTL main screen, press the CleanUp! button.
  4. Click Yes to the prompt and then allow the program to reboot your computer.


Clean System Restore
  1. Click Start, Then right-click Computer and select Properties
  2. In the left pane, Select System Protection then choose Create
  3. Give this restore point a descriptive name and click Create
  4. Click OK then close the System Restore dialog

Since we have created a New and Clean Restore Point, I would like you to remove all the Old Restore Points as some of these are infected and if used would re-infect your computer.

To do this
  1. Click Start then click on Computer Right-click Local Disk (C:) then select Properties
  2. Click on Disk Cleanup, In the Disk Cleanup options select Files from all users on this computer
  3. Once the scan is complete another window will appear, Press the More Options tab.
  4. In the System Restore and Shadow Copies section click the Clean up button.
  5. Click the Delete button, at the "Are you sure..." prompt. This will remove all restore points except the one you just created.


Keep your programs up to date
Update your Antivirus programs and other programs regularly to avoid new threats that could infect your system.
Below are 2 sites that can be used to check if any of your installed programs are in need of updates.
Secunia Software Inspector
F-secure Health Check


Keep your system updated
Microsoft releases patches for Windows and other products regularly:

  1. I advise you visit: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
  2. Install the Active X
  3. Once installed it will advise you set Auto-Updates if not set and you then will be able to manually check for updates also via:
    Start > All Programs > Microsoft Updates


Below are some free programs I recommend that could help you improve your computer's security.

Spyware Blaster
Download it from Here
Find a tutorial on how to use Spyware Blaster Here

WinPatrol
Download it from Here
You can find information about how WinPatrol works Here


Here is a great guide I recommend you read - COMPUTER SECURITY - a short guide to staying safer online

If your computer is running slowly after your clean up, please read - What to do if your Computer is running slowly


I'd be grateful if you could reply to this post so that I know you have read it, and if you have no other questions, the thread can be closed.

Happy surfing and stay clean! :thumbright:
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Chrome hijacked by searchnu

Unread postby max18 » May 29th, 2012, 2:58 pm

Thank you very very much!

One more task to add to that list: don't let your wife grab your computer :lol:

Once again, thanks!
max18
Active Member
 
Posts: 12
Joined: May 13th, 2012, 12:02 pm

Re: Chrome hijacked by searchnu

Unread postby Gizzy » May 29th, 2012, 6:33 pm

You're most welcome. :)
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Chrome hijacked by searchnu

Unread postby deltalima » May 30th, 2012, 3:24 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware