Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser hijacker - safebrowsing.biz

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser hijacker - safebrowsing.biz

Unread postby capnkrunch » June 21st, 2016, 2:59 pm

Hello Kerriemj :)

i am hoping perhaps this is fixed.........

This is good, but we still have a bit left to do. First we'll run a couple general purpose scanners to see if anything is left behind then we have to clean up the tools we used. The last steps are important so please stick with me through the end.

Step one...

Malwarebytes Anti-Malware (MBAM) Scan
  • Please download Malwarebytes Anti-Malware.
  • Double-click the mbam-setup-*version*.exe file and follow any prompts to install MBAM. Before you click Finish ensure that Lauch Malwarebytes Anti-Malware is checked.
  • When MBAM launches all it to update its databases if prompted. You will need to be connected to the internet for this.
  • Click Scan Now. MBAM will proceed to scan your computer.
  • If prompted to allow a reboot please do so.
    Failing to reboot when asked can prevent MBAM from removing all the malware it finds.
  • Once the scan is finished click Save Results >> in the bottom right corner and select Copy to Clipboard. Paste the results in your next reply.
  • If MBAM required a reboot please do the following to get the report:
    • On reboot reopen MBAM.
    • Click History and then click the most recent Scan Log.
    • Click Export and then click Copy to Clipboard. Paste the results in your next reply.

Step two...

ESET Online Scanner
NOTE: ESET Online Scanner can be run from Internet Explorer, Firefox, or Chrome.
  • First please disable any antivirus you have active, as shown in this topic.
  • Go to the ESET Online Scanner site.
  • Click on the green Run Scanner button.
  • You will need to download a small utility.
  • Right click esetsmartinstaller_enu.exe and select Run as administrator.
  • Check the box to agree to the terms of use and click Start.
  • Check Enable detection of of potentially unwanted applications.
  • Click Advanced settings.
  • UNCHECK Remove found threats.
  • Ensure the following are checked:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start.
  • ESET Online Scanner will download its virus signature database then automatically start the scan.
    The scan will take a while. Please be patient and do not use your computer during the scan. Some people find it best to let the scan run overnight.
  • When the scan completes click Copy to clipboard. Paste the results into your reply.
  • You can now exit the program using the X in the top-right.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.
IMPORTANT: Do not forget to re-enable your antivirus software.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • The MBAM log
  • The ESET log
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago
Advertisement
Register to Remove

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 21st, 2016, 5:45 pm

scan results:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21/06/2016
Scan Time: 22:37
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.21.07
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Kerrie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319719
Time Elapsed: 6 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, , [d6c5807f68311e1842596e3bf50ea45c],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 22nd, 2016, 6:10 am

Have attached log as it didn't like it copied & pasted

Had no problems with the scans

Computer still appears to be running well
You do not have the required permissions to view the files attached to this post.
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am

Re: Browser hijacker - safebrowsing.biz

Unread postby capnkrunch » June 22nd, 2016, 1:00 pm

Hello Kerriemj :)

Great job so far. ESET found a couple things we need to take care of.
Peaky_Blinders_Season_2_Complete_HDTV_x264-SCENEPeaky_Blinders_Season_2_Complete_HDTV_x2.iso
C:\Users\Kerrie\Downloads\Peaky_Blinders_Season_2_Complete_HDTV_x264-SCENEPeaky_Blinders_Season_2_Complete_HDTV_x2 (1).iso

These files were flagged as Win32/ExpressDownloader.A by ESET. This particular malware can download additional malware such as SrpnFiles which was present on your computer. For your safety, we are going to remove them so you do not get reinfected. We can't leave the possible infection vector on your machine but I wanted to warn you first that this FRST fix will remove these files.

FRST Fix
  • You were running an old version of FRST so let's make sure you have the current one first:
    • In you Downloads folder delete any copies of FRST64.exe. Also delete the folder FRST-OlderVersion.
    • Please download a new copy of FRST HERE.
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    C:\Users\Kerrie\Downloads\ccsetup501.exe
    C:\Users\Kerrie\Downloads\Peaky_Blinders_Season_2_Complete_HDTV_x264-SCENEPeaky_Blinders_Season_2_Complete_HDTV_x2 (1).iso
    C:\Users\Kerrie\Downloads\Peaky_Blinders_Season_2_Complete_HDTV_x264-SCENEPeaky_Blinders_Season_2_Complete_HDTV_x2.iso
    C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
    Folder: C:\ProgramData\{DEC6EE7E-A3CC-421D-A411-C328E73F4136}
    Folder: C:\Users\All Users\{DEC6EE7E-A3CC-421D-A411-C328E73F4136}
    
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  • Right click on FRST64.exe and select Run as administrator.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Fixlog.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 22nd, 2016, 6:48 pm

no problems
no computer changes
You do not have the required permissions to view the files attached to this post.
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am

Re: Browser hijacker - safebrowsing.biz

Unread postby capnkrunch » June 23rd, 2016, 2:25 pm

Hello Kerriemj :)

Are Family Tree Maker 2012 and easyConverter programs that you installed voluntarily and are aware of?

Regards,
capnkrunch
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 23rd, 2016, 3:58 pm

Family Tree Maker is a programme I installed
I am not aware of easy converter
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am

Re: Browser hijacker - safebrowsing.biz

Unread postby capnkrunch » June 24th, 2016, 2:04 pm

Hello Kerriemj :)

Turns out easyConverter is a component of the Family Tree Maker program so nothing to worry about there. Let's go ahead and wrap things up then.

First we need to clean up the tools we used.

Step one...

AdwCleaner - Uninstall
  • You should still have adwcleaner.exe in your Downloads folder. If not please download it HERE.
  • Right click on adwcleaner.exe and select Run as administrator.
  • Click on the Uninstall button and then click Yes.
  • AdwCleaner will uninstall and automatically close itself.

Step two...

DelFix
  • Please download DelFix by Xplode and save it to your Desktop.
  • Right click on delfix_*version*.exe and select Run as administrator.
  • Check the following boxes and then click Run:
    • Activate UAC
    • Remove disinfection tools
    • Purge system restore
  • If any logs or programs remain, you may delete them now.
    Note: The one exception is Malwarebytes Anti-Malware which I strongly recommend you keep.

Step three...

When we started I asked you uninstall an outdated version of Java. I recommend trying not reinstalling it as Java can be a major security risk and most users do not actually need it. If you find that you do follow these steps to reinstall change some settings to make it more secure.

Reinstall Java
  • Download the latest version of Java from HERE.
  • Double-click jxpiinstall.exe to run it.
  • Click Install > and wait as setup downloads the installer.
  • If prompted to change your browser settings make sure to check Do not update browser settings.
  • If prompted with an Optional offer make sure to uncheck it.
  • Click Next.
  • Once the install is finished click Close exit the installer.

Java - Recommended Security Settings
  • Click Start.
  • Type Configure Java into the search box and select it from the results.
  • Recommended settings:
    • Update - ensure Check for Updates Automatically is checked.
    • Security - Uncheck Enable Java content in browser (see Note below).
  • Click OK to apply the settings and close the window.
Note: most websites no longer require Java to work. However, if you find that you do require Java for some sites, I recommend disabling it in your main browser and using a secondary browser solely for visiting the sites that require Java. See HERE for how to disable Java in specific browsers.

Step four...

Lastly, malware is often spread through booby-trapped PDF files. Here are some recommended settings for Adobe Reader to help prevent this.

Adobe Acrobat Reader DC - Recommended Security Settings
  • Click Start.
  • Type Acrobat Reader DC into the search box and select it from the results.
  • Click Edit and then Preferences.
  • Recommended settings:
    • Javascript - Uncheck Enable Acrobat JavaScript.
    • Security (Enhanced) - Uncheck Automatically trust sites from my Win OS security zones.
    • Trust Manager - Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click OK to save the settings.

In addition to these security settings, it is a good idea to prevent plugins from running automatically by enabling click-to-play in all your browsers. Please see How to Enable Click-to-Play Plugins in Every Web Browser for instructions how to do this.

Additional reading
To help minimize the chances of becoming re-infected, please read:
Computer Security - a short guide to staying safer online.

If your computer is running slowly after your clean up, please read:
What to do if your Computer is running slowly

You may want to bookmark these for future reference as well.

If there is anything else I can help you with or you have additional questions please do not hesitate to ask. Otherwise please respond to let me know that you completed the cleanup steps and that your computer is still running fine.

Stay safe ;)
capnkrunch
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 24th, 2016, 7:13 pm

Clean up steps completed, all running well
Thank you so much for all your help , this is SO much appreciated :) :) :)
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am

Re: Browser hijacker - safebrowsing.biz

Unread postby capnkrunch » June 24th, 2016, 7:20 pm

You're most welcome. :)
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Browser hijacker - safebrowsing.biz

Unread postby NonSuch » June 24th, 2016, 10:58 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware