Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Omniboxes redirect malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Omniboxes redirect malware

Unread postby asdfgh12 » November 21st, 2015, 6:41 pm

I've been hit with the infamous omniboxes homepage hijacker.
I've followed this page: http://malwaretips.com/blogs/remove-omniboxes-virus/ to remove it.
I've uninstalled it from my computer
I've run hitman pro to remove it
And I've reset the settings on my google chrome.

On google chrome, while the homepage is now fine, whenever I search in google, it takes me to the omniboxes version of the search results - powered using Google's engine but not the same thing. Here are comparisons.
Real google results:
http://imgur.com/o5Wb9dv
Fake omnibox results:
http://imgur.com/o5Wb9dv

Real google results address:
https://www.google.com/search?q=magnets ... 8&oe=utf...
The address for fake omnibox results address (if you're interested):
https://cse.google.co.uk/cse?cx=0076137 ... 520239:4...

How can I remove this shitty hijacker?
asdfgh12
Active Member
 
Posts: 2
Joined: November 21st, 2015, 6:37 pm
Advertisement
Register to Remove

Re: Omniboxes redirect malware

Unread postby asdfgh12 » November 21st, 2015, 8:57 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-G8H9M-B8XRT-2B2P6
Windows Product Key Hash: YZSkisXglvVuyLtXrrCWfvI5/is=
Windows Product ID: 00359-OEM-8703872-23742
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {0C7FB08D-6683-40A7-94A1-7381507F671D}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.151019-1254
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0C7FB08D-6683-40A7-94A1-7381507F671D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-2B2P6</PKey><PID>00359-OEM-8703872-23742</PID><PIDType>3</PIDType><SID>S-1-5-21-3122328313-1803402164-3422453607</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>To be filled by O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>F17</Version><SMBIOSVersion major="2" minor="7"/><Date>20120810000000.000000+000</Date></BIOS><HWID>14D33E07018400FE</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 586bc076-c93d-429a-afe5-a69fbc644e88
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00174-038-723742-02-2057-7601.0000-0262014
Installation ID: 017746203192259974083053008873665210439662083753863115
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 2B2P6
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 22/11/2015 00:55:25

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:17:2015 23:14
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAIAAgABAAEAAAADAAAAAQABAAEAHKJs2WRVdxYSwnLuQBjewETRfrefDek7lmM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG
SSDT SataRe SataTabl
SSDT SataRe SataTabl
asdfgh12
Active Member
 
Posts: 2
Joined: November 21st, 2015, 6:37 pm

Re: Omniboxes redirect malware

Unread postby Gary R » November 22nd, 2015, 2:29 am

Bumping or Replying to Your Own Topic

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why you should not reply to or try to bump your topic.

You have also not supplied the DDS or FRST logs that we require to make an analysis of your computer's problems.

May I draw your attention to THIS topic, which you should have read, that states what we need you to post, so we can help you.

If you still need help, please start a new thread and include your DDS or FRST logs, allong with a description of your problem.

If for any reason you can't run DDS or FRST, please let us know in your post.

This topic will now be closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 112 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware