Computer Support Forum

Solved: Typo browser hijacks

Question: Solved: Typo browser hijacks

Hi,

I am having a problem when i misspell URLs.

When i type things like google.con instead of .com, i am redirected to a host of different search sites, including searchathand.com, and daplaces.com. I am pretty sure i must be infected with something, but i have ran several online and offline spyware and malware scanners and nothing seems to find a problem.

I am running Firefox version 1.5.0.6, but the problem also occurs in IE as well.

Advise please!

Cheers

Joel

Edit: I seem to have found what i think is the culprit for this...but this leads to another problem.

There is a HJT entry stating
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2EA3617-0DD4-4C7B-89EC-1F1FB24D96E1}: NameServer = 85.255.114.7 85.255.112.174

I have removed this on a couple of occasions and it only returns a few minutes later.

Help please!!!

Relevance 100%
Preferred Solution: Solved: Typo browser hijacks

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Solved: Typo browser hijacks

16 more replies
Relevance 69.7%

Hey,

THis pas week my computer has had popups, and most aggravatingly, tells me that my internet connection is bad or that I cannot connect to the server (google) even though my connection is fine when downloading updates or browsing the net form other pc's...thus, I come to you for help, since my current spyware/anti virus software is not getting to the bottom of this. Here is a HijackThis LogFile I just ran for the infected machine:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:50:36 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1160952831\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\Pr... Read more

Answer:Solved: Pop-ups/Browser Hijacks

8 more replies
Relevance 69.7%

I've noticed lately that my computer has been sluggish while online, so yesterday I updated my AV program and during the scan it found Startpage.DF and said it detected a virus. The AV program put it into the vault, so I thought fine. Well, going through the forums and reading I've noticed A LOT of people talking about browser hijacks, so I downloaded Spybot S&D and ad-aware. Ad-aware found 17 problems in the registry, so I am posting what the log file says, so you can give me an idea of to delete this stuff or not. Also, Spybot will NOT update for some unknown reason

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Page%6f%75%74%2e%74%72%75%65%2d%63%6f%75%6e%74%65%72%2e%63%6f%6d

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://%6f%75%74%2e%74%72%75%65%2d%63%6f%75%6e%74%65%72%2e%63%6f%6d/%62/?%31%30%31"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : &... Read more

Answer:[Solved] Possible browser hijacks?

13 more replies
Relevance 61.09%

Hello,
Over the past 3 months I've been experiencing consistant browser hijacks, pop-ups for WinAntivirus20006 (and some others too numerous to recall) along with what seems to be another common issue...unable to open the IE7 or windows explorer (running WinXP, SP2).
If lucky, a few re-boots was able get the OS stable enough to launch IE7 or Windows explorer long enough to browse, but eventually IE would start to get hijacked to AV sites (when using google search) and win explorer (and IE) would open and close quickly.
I've followed ALL the scan procedures posted on your malware forum and to a large extent, the IE and Windows explorer stability has returned (thanks); however I still have the hijack issue on IE. I have also run Hijackthis and captured the logs (posted here and a second post) for a total of 6 logs for the following:
On this posting:
-CounterSpy
-BitDefender
-PandaActiveScan

On a subsequent posting in this thread:
-GetRunKey
-ShowNew
-HijackThis

Your assistance and recommendations based upon the logs (esp. with the hijack issue) is sincerely appreciated. Thanks.

Ians
 

Answer:Browser Hijacks,WinAntiVirus2006,unable to open browser

This is a follow-up with additional logs for your reference on this issue.

thanks,
Ians
 

11 more replies
Relevance 57.81%
Question: Browser Hijacks

Just wanted to pass on these 2 sites that will Hijack your Browser, and Freeze everything to the point that You have to use Task Mgr. to Close Chrome completely to get rid of them. I use Malwarebytes Anti-exploit and Glasswire, plus AB+ (which I have entered these addresses, unfortunately "they" use several extensions.)
When I researched these sites, No Certificates, No Seals of Trust, No BBB, and Contact Us FAILS to submit..-->.installthesoftware.com, & downloadsoftware.com
They tell You Your FLASH Player needs updated is the messages I received. Mine are Fine...but to the untrained internet user this could be a Train wreck.
Wish I could find a way to turn them into the Feds for investigation.

More replies
Relevance 57.81%
Question: Browser Hijacks

Many Thanks.
 

Answer:Browser Hijacks

Re-run Hitman and have it fix all that it finds. Then reboot and re-scan with Hitman and attach the new log.
 

1 more replies
Relevance 57.81%
Question: browser hijacks

For some time I have had a problem with my browser being re-directed. When I click on a link after a Google search I will be re-directed to a different site. There are a number of sites that seems to pop up. Most recently I was being directed to porn sites. I used system restore yesterday as I do not want my young son being re-directed to porn!
I have previosly used AVG, now use SPyware and AdAware neither of which have found a problem. I use Google searches in my work so can visit up to about 50-60 sites in a day.

My OS is Windows XP (SP2). My browser is Firefox.

My HJT log is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:30, on 12/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Lig... Read more

Answer:browser hijacks

6 more replies
Relevance 57.81%

I came home from class the other day and my sister had been using my computer. When i got on there were like 6-7 pop ups and the computer was running incredibly slow. After running a few spyware programs, adaware, spybot, true sword, cw shredder and a couple others. I ran a virus scan with AVG and it came up with a few trojans. After doing some failed research on them i found your site and realized it was probably my only hope to post my hijackthis log on here. Thank you for any future help..... you have a great site here.

Most of the popups sites end in muon.html and most of the time they lead to a site that tells me i have a trojan and want me to download winantivirus2006, i just click close on this stuff or end task on mozilla. At first i thought i might have the winfixer virus but i used VundoFix and it didnt detect it. Anyways here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 6:08:43 PM, on 4/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~... Read more

Answer:Pop-ups, Browser Hijacks, Help Plz.

Hello,Please perform next steps in the right order!Please download Look2Me-Destroyer.exe to your desktop.Close all windows before continuing.Double-click Look2Me-Destroyer.exe to run it.Put a check next to Run this program as a task. You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OKWhen Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.Once it's done scanning, click the Remove L2M button.You will receive a Done Scanning message, click OK.When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.Your computer will then shutdown.Turn your computer back on.If Look2Me-Destroyer does not reopen automatically, reboot and try again.If you receive a message from your firewall about this program accessing the internet please allow it.If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCXAfter reboot,Download Brute Force Uninstaller to your C:\Unzip it to a folder of its own (C:\BFU). So BFU should be on your root. In most cases this is C:\Download qoofix.bat (rightclick on this link and choose save as)Place qoofix.bat in your C:\BFU - folder. (Important!)Doubleclick qooFix.bat, Close all browsers and explor... Read more

2 more replies
Relevance 57.81%

Hello,

I am experiencing browser hijacks. I don't know the name of the virus but the url sometimes briefly changes 'partners.mamma....' Doesn't happen everytime. I don't think I have alot of problems but this one just keeps hijacking my browser.

Thanks for you assistance.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:30 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svcho... Read more

Answer:browser hijacks - thanks

Hello and welcome to TSF.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

1 more replies
Relevance 57.81%

Hi, my hijack is being hijacked or a new browser window pops up every few minutes. I've carried out steps 1 to 7 of the "READ & RUN ME FIRST Before Asking for Support" post, except that somehow I couldn't get Panda activescan to work.

I've also tried as far as I can, to identify the trojans in HijackThis (based on instructions in the HJT Tutorial thread) and tried to fix them (some of them refused to go away though).

I'm attaching the bitdefender and Hijackthis logs.

Please help. The popups are driving me nuts!
 

Answer:Help! Browser pop-ups and hijacks

Welcome to MajorGeeks.com!

Please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

5 more replies
Relevance 57.81%
Question: Browser Hijacks

Like another recent poster, I have problems with browser windows opening at random times. The go to Vortal fairly often, sometimes try to go to Winfixer (which Symantec does stop), and various other sites that do and don't exist.

I'm running:
Windows XP SP2 - completely up to date.
IBM/Lenovo Thinkpad T43 (hence all the IBM & TP processes in the log file)
IE 7.0 (upgrading to this solved nothing, and only made things run slower)
Zone Alarm Pro
Symantec Anti-Virus version 10
Xoftspy ant-spyware.

They always find the breadcrumbs - that is cookies created by those random pop-ups, but no root cause. Here's my Hijack This log. I can't find anything odd or unusual.

Boy, would I love to fix this. A friend from Microsoft suggested the only way to get rid of this problem was to re-format and start over. I'm not keen to do that.

I tried to get rid of a couple of things from the log before, but failed badly and had to do a system restore.

Ideas and thoughts are welcome.

Logfile of HijackThis v1.99.1
Scan saved at 10:35:41 PM, on 11/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.... Read more

Answer:Browser Hijacks

Hi paular8706, Welcome to TSF !!
I recommend you Subscribe to this thread (if you have not already done so) so you are notified of any replies via email
To do this :
Click Thread Tools, then click Subscribe to this Thread
Make sure it is set to Instant Notification by email, then click Subscribe

You may wish to print out a copy of these instructions to follow while you complete this procedure

I need you to download some programs to aide in our fix :Do Not Run Them Yet

Download VundoFix.exe? by Atribune to your desktop.

Download ATF (Atribune Temp File) Cleaner? by Atribune

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Run VundoFix
Double-click VundoFix.exe
Click the Scan for Vundo button.
When it finishes scanning, Click the Remove Vundo button
You will receive a prompt asking if you want to "remove the files", click YES
Once you click yes, your desktop will go blank as it starts removing Vundo
When completed, it will prompt that it will reboot your computer, click OK
The .txt file will be in C:\Vundofix.txt

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot

Post a fresh HijackThis log and the vundofix.txt file here

10 more replies
Relevance 57.81%
Question: browser hijacks

looking for help on browser hijack and unremovable programs , have been unable to get rid of click hereas my home page , i`ve tried heeps, also every time i start my computer , once all the settings are loaded, dialog box appears saying windows explorer has encountered a problem and must close,(send / dont send error report blah blah) when it is not even in use, and in add/remove programs, i have a program listed as lycos search that will not remove from this list but i can not see it anywhere else on the computer???help! please, the explorer thing is the biggest nuisance, as sometimes i have started with bits and bobs

Answer:browser hijacks

Download and run Spybot security.kolla.de/

4 more replies
Relevance 57.81%
Question: Browser Hijacks

Just wanted to pass on these 2 sites that will Hijack your Browser, and Freeze everything to the point that You have to use Task Mgr. to Close Chrome completely to get rid of them. I use Malwarebytes Anti-exploit and Glasswire, plus AB+ (which I have entered these addresses, unfortunately "they" use several extensions.)
When I researched these sites, No Certificates, No Seals of Trust, No BBB, and Contact Us FAILS to submit..-->.installthesoftware.com, & downloadsoftware.com
They tell You Your FLASH Player needs updated is the messages I received. Mine are Fine...but to the untrained internet user this could be a Train wreck.
Wish I could find a way to turn them into the Feds for investigation.

Answer:Browser Hijacks

Rogue software vendors are the scourge of the internet in my opinion.
Are these sites safe to look at provided I don't click on anything?....I wouldn't mind taking a look so that I can give my AV's a test....see if they pick anything up! 

2 more replies
Relevance 56.99%

I use deepnet explorer as my web browser and I make it my default bowser in tools, options etc
If I then immediately click a link in an email e.g. it opens in IE9!!!!!
Is there a way of making deepnet explorer my permanent web browser?
I'm using Windows 7 Home premium.

Answer:IE9 Hijacks default browser.

Apparently this is a problem that is not unknown. Look at these links:
enter link description here
enter link description here
But the Deepnet words say it can be set as default. Ramesh gives a way for XP but whether this is adaptable for W7 ...

8 more replies
Relevance 56.99%

Hi everyone,I am having issues with some malware/browser redirects that I can't seem to solve. (Possible Rootkit?.. I have no idea). I primarily use Firefox. It started last week after I did a google search looking for a recipe. Clicked on one bad site, and immediately got a fake anti-virus program installed. I'm an online producer, so I should have known better. I immediately ran my Norton's anti-virus. Also ran MalwareBytes and Spybot, which originally picked up an offending program. But, scans since then have been clean. However, the browser redirect issues still persist, so I am here, humbling asking for your help!I do not get popups. So far, I have only gotten redirected after doing Google searches. Sometimes, when I hover over the links on the Google results page, I will see a strange URL formation, rather than the straight URL to the page. Mostly the redirects go to scour.com or dealparty, although sometimes, I just get a similar site with similar content, but not the correct URL. (ie., a a link for an orthopedics office sent me to a site that was a directory of links about orthopedics.)I have followed the instructions in the Preparation guide, and pasted my DDS Logs below. HOWEVER, I can't get Gmer to scan all the way through. It eventually just locks up and I have to do a hard-reboot. If there's another scan I should try, let me know.I ran Defogger and disabled CD Emulation. The DDS attach.txt file is attached. Please let me know what else I c... Read more

Answer:Scour Browser Hijacks

Hi, you can close this topic. My issue has been resolved. Computer took a turn for the worst, so I had to re-install Windows. Thanks.

2 more replies
Relevance 56.99%

My Firefox browser takes me to all kinds of sites except the one I have set out to find.I have the log from HiJack this here, is there anything else I need?Thanks FidoLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:53:11 AM, on 12/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exeC:&#... Read more

Answer:Browser Hijacks in Firefox

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab and then scan.Don't check
Show All
box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

3 more replies
Relevance 56.99%

Heya,

I recently went to a site to d/l a crack for a game I lost the regestration key for. Normally this place is ok but one one fateful occasion I used IE to browse instead of Opera and all of a sudden I was swamped with Porn Sites and Diallers and Trojans all trying to infest my computer. I eventually got on top of it and managed to close the browser. Norton went mad and deleted all the trojans and diallers.

I had more difficulty getting rid of all the spyware crap (152 critical obj according to my adware program) but eventually I got rid of the program that had hijacked my desktop.

I thought I was fine

Everytime I log into windows I run my anti-virus and adware programs, the adware always picks up a browser hijack and removes it. I don't use IE so I never see the hijack in action but I accidentally selected it once and, sure enough www.abcsearch or similar was there instead of the homepage I'd set-p (also tried putting a trojan onto the computer which Norton dutifully removed)

Everytime I shutdown windows I get a WIN MIN problem that requires me to "end now" and also some random applications (I don't know what they are) encounter errors and close but it doesn't affect anything I'm doing, it's not normal though so I'm unhappy it happens at all.

I had a look here and it seem Hijack This is the app to use so I tried it, as I have approx 0.0001% understanding of computers (double click is complicatated enough kthnx) I can&#... Read more

Answer:viruses and browser hijacks

16 more replies
Relevance 56.99%

Hey, uh, I ran M$ antispyware, spybot S&D and Ad-Aware, gotten rid of everything there and still having spyware trouble. So, heres a HJT log. Thanks in advance.
Logfile of HijackThis v1.99.1
Scan saved at 12:13:58 AM, on 6/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.exe
E:\WINDOWS\System32\rundll32.exe
E:\WINDOWS\Mixer.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Windows Media Player\wmplayer.exe
E:\WINDOWS\System32\Services\{3852F36F-644C-4629-BDB9-D66F2FE0EDE2}\SVCHOST.EXE
E:\WINDOWS\System32\Services\{8DEA054A-1073-4576-A5B8-1300D57DBC3B}\SVCHOST.EXE
E:\WINDOWS\System32\Services\{8DEA054A-1073-4576-A5B8-1300D57DBC3B}\SVCHOST.EXE
E:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HJTHotkey\HJTHotkey.exe
C:\Program Files\Avant Browser\avant.exe
E:\PROGRA~1\WINZIP\winzip32.exe
E:\Documents and Settings\Mitch\Local Settings\Temp\HijackThis.exe
E:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/index.php?aff=19
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = &... Read more

Answer:Browser hijacks, way too much spyware, HJT log

14 more replies
Relevance 56.99%

Experiencing random browser hijacks and popups asking me to install something. Found and removed Pipas.A with Spybot Search & Destroy (which took 5 hours to run) and Trojan.Downloader.Small.Popcorn with Microsoft Antispyware.

Haven?t noticed anything since, but like I said, it?s random so I?ve attached my hijackthis.log.

Thanks,
Goliano
 

Answer:Experiencing browser hijacks

Did a Webroot Spy Sweeper scan and found and removed the following three Adware: searchtoolbar & idesk, and Trojan Horse: trojan-downloader-ruin.

New hijackthis.log attached.

Thanks,
Goliano
 

8 more replies
Relevance 56.99%

I'm done pulling my hair out and am ready to have an expert talk me through this issue.

Upon starting IE or Firefox, after home page comes up, I quickly get sent elsewhere. Sometimes, popups appear when the browsers aren't even running. When attempting to go to sites where I might get help (Lavasoft, Safer-Networking, etc.) I am blocked from doing so. Either Page Cannot be Displayed or Connection Interrupted messages. Edit - I also get random audio messages saying I've won something or other and go "here" to collect.

I've followed the "Read This Before Posting..." instructions and the log.txt from RSIT is below.

I eagerly look forward to any help you can give.

Dan V.

info.txt logfile of random's system information tool 1.04 2008-11-08 20:52:04

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6041B9C1-775E-4C6A-AECE-70C39CAED90A}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6CB60... Read more

Answer:Browser Redirects, Hijacks, etc.

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
[*]Double click on combofix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended t... Read more

16 more replies
Relevance 56.99%

I am running Vista and using IE 8 on my HP desktop. Somehow, I have been infected with a malware or whatever that hijacks my home page (Google) and changes it to somoto.com. I have run all kinds of malware, spyware and virus software, but none of them have been able to find this hidden file. Any help would be appreciated.

Answer:somoto hijacks browser

Hello and welcome...Are you on a router? Are other machines on it,if so are they redirecting?Do you use Firefox?Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal InstructionsIf it finds something make sure Cure is selectedNext click Continue then Reboot nowA log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Pre... Read more

1 more replies
Relevance 56.99%

MS Malicious Software Removal Tool found and removed the subject. Spybot at the same time removed kdyfl.exe. Both occured at startup, but I cannot get my browser (IE 7.07) to go to any site, unless I connect with my wireless connection. My wired connection is functioning. Following is HJT log file. Can you please help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:32 PM, on 03-15-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\... Read more

More replies
Relevance 56.99%

Win XP Media Center sp2Back again fellas! And again I can thank my significant other for this I think it happened after my wife went on facebookone day. She said it was acting weird. The "weird" was browser redirects. I have run malwarebytes, SuperAntispyware, Avast, spybot and none of them caught anything. I even ran HJT and I didn't see anything...I can usually spot something that looks odd as I am pretty wellversed with the processes that run on my laptop. The problem happens in both Firefox and IE. I think it might beone of the svchost.exe processes because a couple of times I got windows errors say that there was aproblem with it and asking if I would like to report it to Microsoft. I am posting my HJT logs and Malwarebyes logs. Thanks.HJT Logs:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:27:03 AM, on 5/15/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireles... Read more

Answer:Browser redirects/hijacks

Hello shaseebWelcome to BleepingComputer ========================Download OTL to your desktop.Double click OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on RunIt may take a minute to load and become available.If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on N... Read more

10 more replies
Relevance 56.99%

Here is what I come up with when I run a scan. Any and all help would be greatly appreciated. Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:28:55 AM, on 1/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\CTsvcCDA.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32... Read more

Answer:Still Infected with Browser Hijacks and Pop-Ups

mtnbay1. Go HERE and download File Lister.Save it to your DesktopRt Click ->> Extract all ->> And extract it to your DesktopAdditional help on extracting zip files can be found HEREOpen the File Lister Folder. Rt Click FileLister.vbe ->>Select Open Then Open to confirm.As the program runs, it will appear that nothing is happening.When the program is fnished it will produce a log for you C:\Files.txtCopy and paste the contents of that log in your reply.

13 more replies
Relevance 56.99%

This is my first post. I have recently been plagued with several adware problems and now browser hijacks. In addition I had a trojan that, when running sucks up all my processor cycles. The process that is doing it is mfccr.exe. I had been using norton AV and Adaware and Adwatch. But none of them could clean up the problems. I then tried Microsofts new adware remover with no result. All the programs can detect the problem and supposedly correct it, but they keep coming back. Finally I invested more money in Mcaffees AV and new antispyware software. Even that is not working. Anyway, here is my HJT file and hopefully somebody can help me. After this I am surely getting a software firewall. Logfile of HijackThis v1.99.1Scan saved at 6:21:46 PM, on 6/30/2005Platform: Windows 2000 SP3 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\System32\ibmpmsvc.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\appen.exeC:\WINNT\System32\Ati2evxx.exeC:\WINNT\system32\crypserv.exeC:\WINNT\system32\hidserv.exec:\progra~1\mcafee\MCAFEE~1\MssSrv.exec:\PROGRA~1\mcafee.com\vso\mcvsrt... Read more

Answer:Browser hijacks and spyware

If you still need help, could you post a fresh log please?

9 more replies
Relevance 56.99%

MSN games ( jewel quest, bejeweled etc,) hijack my ie explorer and lock my computer to the point that the task manager has trouble shutting it down. When it finally shuts down I can't get back on homepage of google. I get into properties and find it has hijacked my home page and messed up settings. Not being a very savvy computer user, this takes me quite some time and guessing to figure out. This has been deduced from 4 episodes and the only common thread they have is these games. Any thoughts or help? Thanks for any assistance

Answer:MSN games hijacks my browser and changes IE d

lshelton,Try the following:Please download TDSSKillerhttp://support.kaspersky.com/downlo...Save it to the Desktop. Double-click* on TDSSKiller.exe to run the program.Vista/Windows 7 users, right-click the file, and select: Run As AdministratorClick the 'Start Scan' button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.When the scan finishes it displays a Scan results screen stating whether or not an infection was found on your computer. To remove the infection, click on the Continue button. If it does not say Cure on the results screen, leave it at the default action of Skip, and press the Continue button. Do not change to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.Reboot to finish the cleaning process.If no reboot is requested, click on: Report. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) is created and saved to the root directory (usually Local Disk C:).>>Please provide the contents of TDSSKiller in your reply.<<Now, re-start your computer.Tap the F8 key before Windows starts, to bring up the Windows Advanced Options menu Use the arrow keys to select Safe Mode with NetworkingPress: EnterIn Safe Mode with Networking, download iExplore.exe, which is a renamed copy of RKill:http://www.bleepingcomputer.com/dow...[If the file does not download, paste the following, >without the brackets<, in the... Read more

2 more replies
Relevance 56.99%

Here is the log file that hijackThis generated. Please let me know which of the files need to be removed.

Thanks a lot,
Phil
----------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:34:45 PM, on 7/13/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.ya... Read more

Answer:pop-up problems/browser hijacks

Hi and welcome to TSF.

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

---------------------------------------------------------------------------------------------

The cleaning process is not instant. Please follow through to the end until I tell you your machine is clean.
The absence of symptoms does not mean that everything is clean.

---------------------------------------------------------------------------------------------

Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

Download combofix from here

**Save it directly to your desktop**

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

A log will be produ... Read more

11 more replies
Relevance 56.99%

Hi
I suspect my computer is infected with some virus/adware/malware/spyware
i am getting frequent popups or opening of multiple windows

I am getting multiple tabs or window opening both in firebox, as well as IE 8, when I browse

Earlier I used to get 16 bit program error,

I read in internet and deleted registry keys of

winfixmaster.com - registry entries were removed

windupdates.com - registry entries were removed

After removal I am not getting 16 bit error, but multiple window opening in browser is continues
my k9 protection blocks the multiple windows but opening of multiple windows is infection
how to remove them?
i have tried spyware doctor, malware byts, windows security essentials but infection is not removed

I have tried adware, but smart scan is not getting completed, get itself freeze

I have tried adware in safe mode, in that case scan is ok, but seems to be not removed the infection

Tried to read Norton software cd, but cd drive is not reading the Norton cd, but reads other cd
i have attached all the required files by this forum

Gmr scan has taken more than one hour is it right? ? I have stopped after 1 hr
i have attached hijack this also
please help me to remove the infection<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

thanks

kannan

Answer:Infected with browser hijacks

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

98 more replies
Relevance 56.58%

Hello all, im having issues with my browser being hijacked to random websites. It only happen when I use the search function in say google or yahoo. If I search for something I get the normal results on the website, but alot of times when I got to click on the search links I got it will then redirect me to a random website, always another search type site usually. 123search.com type places for example. It is almost always a different site also! Very strange stuff. Im running windows 7 32bit, and im no newbie here so please know that I understand how to remove spyware. Ive used combofix in the past as it always took care of the problems, but now nothing seems to work. Not malwarebytes, previx, cccleaner, adaware, etc

im posting my hijack this and otl logs below, thanks in advance and feel free to ask me any questions I may have left out.
Hijack this log......

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:38:07 PM, on 5/29/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Windows\Explorer.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\ImgBurn\ImgBurn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32... Read more

Answer:Browser Hijacks to random websites

6 more replies
Relevance 56.58%

Hello and thanks in advance for any help.

About a month ago I contracted some sort of malware that redirected my browser searches. If I searched google, I'd get results but if I clicked on any of the results I'd get redirected to yellowpages or quickfind or somewhere else I didn't want to be. I found, though, that if I clicked the back button three times I'd eventually get to my search result. My other alternative was to use bookmarks or type a url directly into the address bar. Both worked fine without any redirect.

Things then got worse. I started getting redirected to a page with a pop-up window (despite pop-up blocker) that asked me to perform some action. The back button wouldn't work as long as the pop-up was open, and as soon as I closed it I'd get redirected right back to the same page and same pop-up. Don't know if the original malware morphed or if this was something new.

Then things got worse still. Whenever I opened a browser (and all of this happened equally in IE and Firefox), I'd get some bogus security alert/download antivirus message. Spybot described the problems as Microsoft.WindowsSecurityCenter.AntiVirusOverride and Microsoft.WindowsSecurityCenter.FirewallOverride, and seems to have resolved them for the moment.

Even without the bogus alert, things have gotten still worse. Operating in safe mode with networking, opening a browser now gets me an immediate redirect (I don't get search results nor do I get to ... Read more

Answer:malware redirects and/or hijacks browser

7 more replies
Relevance 56.58%

Hi,

Got some malware on my laptop. Spec as lower. Problem is that even after re-starting, IE fires up and takes up whole screen. No menu bars visible, cannot get rid of this screen. Now a message has come up asking for payment.

I can use computer in Safe mode, downloaded HJT but cannot install (Windows installer will not work in Safe mode?). What do I do? Assistance appreciated.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Business, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz, x64 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 2938 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1341 Mb
Hard Drives: C: Total - 145276 MB, Free - 57862 MB;
Motherboard: Sony Corporation, VAIO
Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated and Enabled
 

Answer:Got malware: hijacks browser and hence screen

Still cannot install/use HJT.

Managed to get DDS, dds.txt lower:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19088
Run by jugal at 12:15:34 on 2012-02-18
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.44.1033.18.2938.2247 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Sophos Anti-Virus *Disabled/Outdated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Sophos Anti-Virus *Disabled/Outdated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wb... Read more

2 more replies
Relevance 56.58%

So I believe this computer has a virus. It is randomly playing advertisements through the speakers, although it doesn't pup up an ad or anything, just the sound. Also, it will periodically redirect my web browser to strange websites like "bejingcheapflights".c om (purposely made that link not work :P ) The other thing I know is it seems to infect any sort of anti-spyware or antvirus i try to download to clean it off.

Here's the log files:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Tech at 9:48:36.70 on Sun 01/09/2011
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft? Windows Vista? Business 6.0.6002.2.1252.1.1033.18.2037.966 [GMT -9:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\sy... Read more

Answer:Possible Trojan? Plays Ads, Hijacks Browser

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - ComboFix will not run until AVG is uninstalled. This is because AVG falsely detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. You may do this through Control Panel > Programs > Uninstall a program or you can use this tool for a more complete removal:

Download AppRemover from... Read more

5 more replies
Relevance 56.58%

Hi,I have been having a problem in firefox with a tab opening up to a mediajmp.com or other site at times when i click on links. I have run malwarebytes anti-malware, spybot s&d, ad-aware, and microsoft security essentials and nothing has come up. I have tried to do my due diligence, running these programs and searching on google, but have not had success finding a solution. I will post my DDS logs, however i was unable to get GMER to work. I downloaded it from both mirror sites and unzipped it, but i get a windows error saying C:\\Windows\system32\config\system: The system cannot find the file specified. If anyone can help me with my problem I would greatly appreciate it. ThanksDDS (Ver_10-03-17.01) - NTFSX64 Run by Andy Scott at 11:09:41.27 on Mon 05/17/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.5944 [GMT -4:00]SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows... Read more

Answer:Browser hijacks/redirects / mediajmp.com

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

10 more replies
Relevance 56.58%

 
My wifes system has been hijacked. She now recieves constant ads (AdPunisher). I'm also seeing a variety of other highly suspicious entries in the log files. Any help in clearing out her system is greatly appreciated!
 
 

Answer:Browser hijacks --AdPunisher. Possibly more...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by annazus (administrator) on ANNAZUS-PC on 14-07-2015 14:30:26
Running from C:\Users\annazus\Downloads
Loaded Profiles: annazus & UpdatusUser (Available Profiles: annazus & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporatio... Read more

6 more replies
Relevance 56.58%

I inadvertently visited a site from a yahoo search the unleashed the virus hounds from hell into my system. It caused pop-ups, internet search redirects, installed sysinternal antivirus, and changed my DNS settings. I combatted the problem by running HItmanPro, MBAM, Spybot Search & Destroy, and Sophos AntiSpyware which temporarily took care of the symptoms, and then after a couple of days the pop-ups start again and the process starts over. This has gone on for about 3 cycles. Any help/advice you can give will be greatly appreciated. I have disabled CD emulation, created a DDS log, and ran GMER and attached the log. Thanks. Here is my DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by KAW at 14:11:31.98 on Wed 06/09/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2001 [GMT -7:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\System32\svchost.exe -k eapsvcssvchost.exeC:\WINDOWS\System32\svchost.exe -k dot3svcC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Progra... Read more

Answer:Pop-ups and browser hijacks are ruining my life!

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

21 more replies
Relevance 56.58%

I think I got some type of trojan through a facebook link. I stupidly clicked on a link and now I have two infected pc's. I keep getting some "adultfinder" pop, something stating my pc is infected and it immediately takes over my browser with several pop ups. McAfee usually catches this kind of stuff for me, but mine has expired. Please help.

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:06 PM, on 9/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\System32\rundll32.exe
C:\Windows\pp12.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sideb... Read more

More replies
Relevance 56.58%

I have an Acer Travelmate 290 notebook which I use when traveling.
I recently did a fresh install of XP and installed SP3. Now, whenever I go to the internet, I am able to get to my homepage (MSN) but either after a search, or simply typing in an address, my browser gets hijacked to some unknown search sites of advertisments.
I installed IE8 but the problems still exist. If I try to update windows xp I get a "Can Not Connect - "Internet Explorer can not display the webpage."
I use Microsoft Security Essentials and run Malware Bytes from tboth scanners come up clean.

My Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:52:02 PM, on 11/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\WINDOWS\syst... Read more

More replies
Relevance 56.58%

Experiencing a slow computer, viruses that keep coming back and browser hijacks.Deckard's System Scanner v20071014.68Run by kasutaja on 2008-06-06 00:18:35Computer is in Normal Mode.--------------------------------------------------------------------------------System Drive C: has 0.31 GiB (less than 15%) free.-- HijackThis (run as kasutaja.exe) --------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:21, on 2008-06-06Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeD:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXED:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXED:\Abyss Web Server\database\mysql\bin\mysqld-nt.exeD:\Program Files\No-IP\DUC20.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeD:\Program Files\Sunbelt Software\CounterSpy... Read more

Answer:Virtumundo, Browser Hijacks, Adware, Lot More

Hello Equal and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, ... Read more

15 more replies
Relevance 56.58%

Hi, I cant figure why my browser keeps on getting hijacked to various sites eg. winfixer, yieldmanager etc... it is starting to get extremly annoying!!! Any help would be appreciated. Here is a copy of my Hijack This Log I have gone through it and nothing seems out of the ordinary. Please Help!!!Logfile of HijackThis v1.99.1Scan saved at 10:39:41 PM, on 28/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvraidservice.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\WINDOWS\system32\WF2K.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svcho... Read more

Answer:Annoying Browser Hijacks - Help! - Spysheriff

* Click here to download smitRem.zip. Save the file to your desktop. Unzip smitRem.zip to extract the files it contains. Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.*Download Cleanup from Here A window will open and choose SAVE, then DESKTOP as the destination. On your Desktop, click on Cleanup40.exe icon. Then, click RUN and place a checkmark beside "I Agree" Then click NEXT followed by START and OK. A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality. Click OK DO NOT RUN IT YET* Download the trial version of Ewido Security Suite here.Install ewido.During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewidoIt will prompt you to update click the OK button and it will go to the main screenOn the left side of the main screen click updateClick on Start and let it update.DO NOT run a scan yet. You will do that later in safe mode.* Click here for info on how to boot to safe mode if you don't already know how.* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.* Restart your computer into safe mode now. Perform the following steps in safe mode:si* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and... Read more

7 more replies
Relevance 56.58%

I am having real problems with some virus which is hijacking my browser. Hijackthis will not run unless renamed, and some process is creating dll's in the system32 folder with random names. These dll's are constantly being added to the run section of the registry. Below are the logs from Deckard's System Scanner.

Deckard's System Scanner v20071014.68
Run by pattersoel on 2008-04-20 02:48:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as pattersoel.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:05 AM, on 4/20/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescom... Read more

More replies
Relevance 56.58%

So I switched to Firefox about 6 months ago because all my IT colleagues wore up and down that it was virus proof. Well they were wrong, evidently...

I was on the website for one of the local newspapers and a Sun Java loading dialog popped up in the middle of the browser and immediately froze the machine...I rebooted into safe mode and ran malware bytes and it found a few things and i had them removed.

Everything seemed ok until i randomnly viewed taskmanager and saw like 30 mshta.exe instances going. So at that point I tried numerous virus/malware removals it kept finding "TDS rootkit" and they seemed to be gone.

However now my browsers - both of them - are hijacked and are redirecting to BS shopping sites and everytime i use google or bing etc. On top of that, the computer just keeps crashing with a general 32 error whatever that it.

If someone with more expertise in this would lend a hand I'd be very happy. Thanks in advance.

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:14:56 AM, on 12/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
... Read more

Answer:mshta.exe and multiple browser hijacks

so the rules say I can bump this after more than a day. so.. bump. thanks
 

2 more replies
Relevance 56.58%

Hi all,

I am hoping someone can help identify the malware that is affecting my computer. I've been running multiple programs to fix the program for two days now with no luck.

The issue: Both Firefox 3.0.11 and Internet Explorer 7 are hijacked after I click on search results. It doesn't seem to matter which search tool I use (so far I've tried Google and Yahoo with the same results). I am forwarded to a multitude of other sites such as realtor.com, and shopping guides, etc that all look suspicious. Iobit Security 360 picks up on some of them and blocks them automatically. If I type in the url for a site directly, the browser will automatically take me there. I have had no trouble clicking links on sites I manually go to, it only seems to be search results that are the problem. I am running XP.

I have also been having intermittent connectivity issues. I am using a wireless connection, but others in the house have had no trouble with their connectivity. Once, while running SuperAntiSpyware, I got a blue screen with a bunch of text (went away so fast I couldn't read it) and then the computer rebooted.

My attempts at fixing the problem: I have run AVG 8, Advanced SystemCare, Spybot Search and Destroy, Adaware, SuperAntiSpyware, TrendMicro House Call, and Malawarebytes multiple times with no luck. A few times the programs have picked up infections, but the problem still remains. Actually, the only programs that picked anything up were TrendMicro House Call and Malawarebytes. Ev... Read more

Answer:Browser hijacks; malware tools can't fix

Hello Neeny and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the result... Read more

10 more replies
Relevance 56.58%

I do not have any viruses, spyware, browser hijacks or any other similar crappy problems as many of you have and the computer runs just fine.
What am I doing wrong?
Oh, I know, it must be because I am NOT running the strange OS called WINDOWS
I am running the secure OpenBSD 3.9 system,
That must be it.
 

Answer:I do not have any viruses, spyware, browser hijacks

ummm, why did you post? do you need help on something?
 

3 more replies
Relevance 56.58%

In the past few weeks, maybe longer ive been getting redirected via firefox or IE. It doesnt matter which I use, both send me to random websites usually to search for something I typed in the search box. For example on google, if I type property taxes, it might take me to 123search.com and have a list of tax sites I can click, very random stuff. Its almost always a random site too. I am pretty knowledgeable about spywayre and malware, so please feel free to ask away if you have questions. Ive used combofix(has alwasy fixed the problem in the past) prevx, malwarebytes, superantispyware, adaware, spybot, etc. Nothing seems to fix it at this point. Im posting my OTL and Hijackthis logs below, let me know if they clue anyone in onto what this might be, thanks in adavance...

Hijack this log.....
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:25:17 PM, on 5/29/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Windows\Explorer.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\ImgBurn\ImgBurn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD... Read more

Answer:Browser Hijacks to random websites

sorry this got posted twice,but when you hit submit it goes to an error page telling you the site is down. I hit solved for this one, if possible please delete this one nad use the post above! Thanks
 

1 more replies
Relevance 56.58%

Hi!
Unfortunately, I think Ive got a rootkit / malware infection...PLease HELP!!!

When I click on my IE icon, IE wont always start, and usually have to click 3 - 5 times before my homepage will open. However, task manager will show several IE processes running.
In addition, Google results are being hijacked, when I do a search (on virus scans let say) and techguy.org is a result, when I click on techguy.org, I get re-directed to some other webpage that is obvious just an advertisement. Im also getting ramdom popups to appear on my desktop, that are nothing more than additonal advertising!!

I already ran CCLeaner, and it found BHO:wormradar so I removed it. But the problems still persist.
Dont think it matters but I will also let you know, I was using IE 9 beta, then reverted back to IE 7 just this morning as I thought the weird behavior was due to IE 9 beta, but maybe not. Figgered I would mention this.

Ive followed the instructions in your sticky, and here are the results of the scans:

(thanks - John)

Hi Jack This Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:09 AM, on 10/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AV... Read more

Answer:Browser Hijacks, Random Ads popping up

13 more replies
Relevance 56.58%

Hello all. I'm having a bit of an issue with a machine of mine. When using a search engine like Google or Yahoo! I get redirected to an unintended link, like trafficposter or Lucky Search for example. This is independent of which browswer I am using, Firefox and IE behave the same way. I will note that BING works great and i can click any links it provides after performing a search.Other info about the machine is that it has a current subscription to Norton 360. When the problem started, Norton 360 didn't find anything. AVG (Free) was then tried, as well as Ad-Aware, and Malwarebytes. After only finding simple tracking cookies, the problem still persists. I have a HiJack This! log that I can post. But I thought it would be common courtesy to ask before posting. If someone can help me it would be much appreciated and I will post the log. Thank you! I will admit that I am more of a hardware geek than a software and web guru. I build gaming machines for fun, and Engineering/CAD/3D modeling machines as well.Thanks in Advance! maybe this will help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:45:05 PM, on 12/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesL... Read more

Answer:Browser Hijacks and Search Re-directs.

Hi,* Download: HostsXpertUnzip hoster to an own folder, eg C:\HostsXpert Start HostsExpert.exe, click 'Restore MS Hosts file' and click OK. Then post a new HijackThislog in your next reply.If you're having problems or get an error when trying to perform my steps, please let me know.

6 more replies
Relevance 56.58%

I am trying to clean up my dad's computer...it may be a lost cause : (

I have spent the last couple of evenings going through the "5 steps", it's a painful process because of the frequent freezups. I was successful except as described below:

1.IE is CONSTANTLY being hijacked/redirected. After a Google search, it often takes 3 tries with a "back to previous page" in between before the desired link is reached. There are some places I cannot reach NO MATTER how many times I try...the Microsoft updates page being one such example.

2. I CANNOT run foxfire, despite downloading and installing the latest version. I hoped it might behave better than IE Explorer...

3. I CANNOT reach the Microsoft updates page. I eventually found a work-around to their 'downloads' page, but when I try to click the 'scan you computer to see which updates you need' icon, the new window tries to open then freezes

The computer is 6 years old, which may be part of the problem. It is running windows XP version 2002, with ServicePak 2.

Dad has previously purchased and is running Panda antiviral software. A program called Windows Defender is also running, I wasn't sure if I should remove that one or not, so fr now it remains running.

I'm not certain if I was successful with IE-Spyad...I was redirected to a program called Zoned Out (at someplace called "Funky Toad"???), which I downloaded and installed, but I don't seem to have been able to run.

Following is ... Read more

More replies
Relevance 56.58%

Hi Tech Guys!
Recently my laptop has been suffering - search redirects, Generic Systems Host failures, sound card driver errors and Windows Theme changes.

I have done all I know how to do - run a few sweeps and resolved a few issues. Unfortunately, the issues have continued.

If you could help me with this I would be immensely grateful!

System Info - Sony VAIO VGN-FE28GP

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 2558 Mb
Graphics Card: NVIDIA GeForce Go 7600, 128 Mb
Hard Drives: C: Total - 28615 MB, Free - 5877 MB; D: Total - 80128 MB, Free - 40027 MB;
Motherboard: Sony Corporation, VAIO, N/A, N/A
Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated: Yes, On-Demand Scanner: Enabled

HijackThis Log File

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:26:59 PM, on 2/10/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Pr... Read more

Answer:Browser hijacks, theme changes and other shenanigans.

16 more replies
Relevance 55.76%

Hi,
I may have gotten ahead of myself, and may have done something stupid. Avast, Adware, and ESET all have located a malware/trojan. However, even when removed, my browser continues to be hijacked via google searches. When I rerun Avast and ESET, they no longer locate the trojan. I (perhaps stupidly) ran ComboFix on my own. After researching some more realized that may have been a mistake.

Thank you for your help!

Here are my dds results (below and attached):

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Kelli at 18:17:58 on 2012-03-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.384 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\stacsv.exe
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Java\jr... Read more

Answer:Browser Hijacks via Firefox/Google Searches

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Pl... Read more

14 more replies
Relevance 55.76%

Please help me out! Two days ago I was hit with some pretty serious malware, browser hijacks were sending me to some "registry scan" websites and something like dogfleatreatment.com. I've also experienced lots of other problems, like my computer freezing when trying to shut down, not being able to connect to the internet (I seem to have fixed that), some processes not launching, etc.

I'm running 32 bit Windows XP and have gone through the cleaning procedure. I've run MBAM and SAS multiple times. The first time I ran MBAM I thought things were pretty clean, but I was just redirected to some "registry cleaner" site and I need some help! I also get an error message: "Generic Host Process for Win32 Services has encountered a problem and needs to close" after the computer has been on for a while. Please see the attached logs.
 

Answer:Help with browser hijacks, random processes freezing, etc.

More logs attached here...thanks! I could not get RootRepeal to finish a scan, even after waiting 3 hours, so I gave up.
 

7 more replies
Relevance 55.76%

While browsing the net a online virus removal ad pops up, prompting that I click it (while exluding access to all my other tabs until I either click it or ctrl-alt-del firefox, which is what I've been doing). How do I get rid of this? I'd appreciate the help thanks.

Answer:Virus Removal Spyware that Hijacks my Browser

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 55.76%

So I switched to Firefox about 6 months ago because all my IT colleagues wore up and down that it was virus proof. Well they were wrong, evidently...

I was on the website for one of the local newspapers and a Sun Java loading dialog popped up in the middle of the browser and immediately froze the machine...I rebooted into safe mode and ran malware bytes and it found a few things and i had them removed.

Everything seemed ok until i randomnly viewed taskmanager and saw like 30 mshta.exe instances going. So at that point I tried numerous virus/malware removals it kept finding "TDS rootkit" and they seemed to be gone.

However now my browsers - both of them - are hijacked and are redirecting to BS shopping sites and everytime i use google or bing etc. On top of that, the computer just keeps crashing with a general 32 error whatever that it.

If someone with more expertise in this would lend a hand I'd be very happy. Thanks in advance.

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:14:56 AM, on 12/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32&#... Read more

Answer:mshta.exe and multiple browser hijacks/redirects

are there other sites that help with these problems? This is the third site ive tried, still no help

3 more replies
Relevance 55.76%

Hello,

I have a very frustrating system at the moment. It's a Windows XP Pro SP3 system, with ESET NOD32 Antivirus which as reported the Olmarik Trojan. The ESET resident antivirus detects the infection but can't remove it. ESET's own Olmarik removal tool also detects the Olmarik infection and offers to remove it. Upon restarting I run the tool which says it's still infected. The detection seems to be intermittent, whereby sometimes it says it's detected and other times not.

I have tried MBAM, SAS, Spybot, Ad-Aware, Spyware Doctor, HijackThis and possibly other tools (I have lost track) and none of them are able to remove the browser redirect, which may be related to Olmarik. Ultimately when browsing a website or searching Google I get redirected to a site other than the link I clicked on. When I press *BACK* and try to click on the link again it goes through to the correct site.

Upon attempting to boot into safe mode the system hangs on mup.sys so I am unable to boot into safe mode.

Please give me some feedback or suggestions. Has anyone encountered this before?

Thanks,
Ram

Answer:Browser Hijacks-Can't Boot into Safe Mode

Hello,This will require a deeper look into the machine.Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 55.76%

On this Windows XP Pro PC, a hijack takes-over after entering erroneous logon credentials to secure sites' (banks) web sites; Phishing attempt prompts user to enter sensitive data (account number, SSN, and more). A picture is worth 1000+ of my words, so for a thorough description see this brief video (30 seconds) showing two cases: hxxp://www.youtube.com/watch?v=MKoRz6jnr2IThe PC initially was heavily infected, with several viruses. They've been removed, and now there are very few symptoms of any problem -- just the phishing hijack. Two potential symptoms are: n boot-up, PC always wants to run CHKDSK; after Windows starts-up, it persistently wants to run SFC (which I intended to run just once, of course). I've scanned with several (six, or so) reliable AV programs, but none detect any malware. Details available on request.What is this type of attacked called? What is the name of the malware?How can I remove it? (!) DDS.TXT is enclosed below; ATTACH.TXT and ARK.TXT are attached. Let me know what other info you need / questions you have.Thanks in advance for your help!Eggy+++Begin DDS.TXT+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 12:37:52.03 on Tue 06/15/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.534 [GMT -4:00]AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AED... Read more

Answer:Unidentified malware hijacks browser SSL session

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

24 more replies
Relevance 55.76%

Hi I've got a persistent set of browser hijacks that keep coming back despite me using Malware Bytes, Junkware Removal Tool and Spyware S&D in addition to Microsoft Security Essentials.
 
I've seen ReadyCoupon, DiscountBomb, DiscountExt, DiscountMan and Compareit install themselves in Chrome so far. Not seen any problems with Firefox or IE but I don't use those browsers often. I'm using Windows 7.
 
I remove the plugin and clean things up but they just pop back up within a few days. Have used several removal guides but I suspect I've got a rootkit of some description and I'm missing a step in cleaning it out.
 
Any advice would be very welcome.
 
Thanks
 
 

Answer:Compareit, Discount Bomb and other Browser Hijacks

Hello and welcome Let's see what we got here.MiniToolbox by FarbarAvast users please disable your antivirus before downloading!Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (choose Errors only)List Users, Partitions and Memory size.List Minidump FilesList Restore PointsClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.===Security Check by screen317Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.Regards,Alex

11 more replies
Relevance 55.76%

These services were off after attempting to fix the browser hijack and rebooting:? DHCP client? Remote Procedure Call Locater? error reporting? Help and Support (Tried to use these when network wouldn?t work)? QOS RSVP? Remote Desktop Help Session Manager? Removable Storage? Secondary Logon? Themes (After re-boot, default visual themes are applied, rather than user?s.)When I manually start these services in the console, everything works again and the browser hijack remains. This is the hijack: When click on link in Google search, results takes user to various "search" locations, rather destination requested. Have following your instructions for posting except GMER run and log. GMER blue screens the infected machine. Blue screen error message: ?Stop 0000145: {application error}The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.?This occurred with and without the virtual CD driver enabled. The last attempt, GMER ran for several hours without complete the scan before the blue screen occurred. This is a 500 gigabyte drive with plenty of free space.Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Tom at 21:10:15.96 on Sat 05/29/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.937 [GMT -7:00]AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813... Read more

Answer:Malware hijacks browser; blocks network & help

Hello and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\*. /mp /s%SYSTEMDRIVE%\*.exenetsvcsmsconfigdrivers32CREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

11 more replies
Relevance 55.76%

I'm sure it's been mentioned before, but there have been so many "hijacked" threads lately that I thought I'd bring it up again.Download and use either the Opera browser or Mozilla Firefox. Dump Internet Explorer - most hijacks are written for IE and both Opera and Firefox are more secure in the way they are built.My own prefernece is for Opera, it's got heaps more in the way of facilities than IE.

Answer:Preventing browser hijacks made easy

Well said.And get click here

1 more replies
Relevance 55.76%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:11:47, on 25/02/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\Ve... Read more

Answer:Browser hijacks - redirect to other sites like monstermarketplace

Hello and Welcome to forums! My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.Please observe these rules while we work:I will be working on your Malware issues this may or may not solve other issues you have with your machine.The fixes are specific to your problem and should only be used for this issue on this machine.I f you don't know or understand something please don't hesitate to ask.Please DO NOT run any other tools or scans whilst I am helping you.It is important that you reply to this thread. Do not start a new topic.Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.Absence of symptoms does not mean that everything is clear.No Reply Within 5 Days Will Result In Your Topic Being Closed!!random's system information tool (RSIT)Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open:log.txt (<<will be maximized)info.txt (<<will be minimized)Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)

3 more replies
Relevance 55.76%

SYMPTOMS:For the past day or so, I've been seeing random calls to my default browser targeted at various Chinese URLs. Full scans and Intelli-Scans (quick scans of commonly problematic areas) with Spyware Doctor with AntiVirus turn up nothing unusual.The calls are infrequent (every few hours?), but they tend to come back-to-back for a few minutes when they happen. My default browser (Maxthon 2) doesn't have to be open for one of the URLs to load; whatever's behind this can call up the browser and pass the URL to it. It seems to happen most often at startup or shortly thereafter.Nothing has been added to Favorites, and my home page hasn't been changed.On two occasions when no browser was open, I've caught these calls opening Maxthon as a child of wmiprvse.exe, under System Processes. (Very unusual ? to me, at least.) As far as I can tell, this is a harmless Windows process, but it sounds as if it could be used to covertly launch a browser, so maybe it's just being exploited by some nasty on my hard drive.URLs I'VE BEEN REDIRECTED TO (so far):<http://www.5181888.cn/iphao.html><http://detail.zol.com.cn/><http://www.qq452.cn/8/?cid=1092><http://www.hexun.com/?B28><http://international.caixun.com/?wt.mc_id=exad003><http://www.oyesgo.com/r.aspx><http://stock.hexun.com/?b28>TROUBLESHOOTING to date:I've run HijackThis 1.99 and removed a few unknown/missing-value entries (mostly from the ActiveX/O16 section, but one or two known annoyan... Read more

Answer:Seemingly Random Chinese Browser Hijacks

For anyone reading while I was adding to the original post, I'm all done now.

9 more replies
Relevance 55.76%

'Lo folks, I'm back. Again. Seems like once every year or so I'm back with a new story of dumb. I really do appreciate you folks and what you do, you're lovely people. :D

Right-oh, then. Visited a suspicious site, bleep went down as it generally does, and I found a piece of malware on my computer through running Malwarebytes.

Trojan Dropper BCMiner is his name, redirecting my browser to advertisements whenever I google something is his game. Malwarebytes did its scan, and attempted to remove the Trojan, but upon restart I found that it was still intact. I really hate smart malware.

Not sure there's any other relevant info I can give ya that's not in the log, so here we go:

------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Owner at 23:16:45 on 2012-06-20
Microsoft Windows 7 Professional 6.1.7601.1.932.81.1033.18.6135.4136 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRes... Read more

Answer:Trojan Dropper BCMiner - Browser hijacks to ads.

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

16 more replies
Relevance 55.35%

Boot up is very slow, when I do log on I get various errors (such as Plug and Play could not start and DCHP could not start), all ending with telling me that Windows will be shut down and I will be logged off. Some links from Google redirect me to fake spyware remover sites, No services start at start up anymore (Have to manually start audio and the wireless service). I'm also getting a rundll32 error. I'm running Vista.
 

More replies
Relevance 55.35%

Someone managed to download Total Security (TSC) which instantly started hijacking both IE and Firefox. Upon trying to remove it via control panal, it just opens the Total Security Center and locks up the control panel. There were no uninstall options at all. Being fed up with it, I just manually deleted the TSC files from folders it was found in and in one registry key. However the browsers are still being hijacked but at least I am not getting that annoying red TSC page anymore. Some sites have been rendered completely inaccessible, i.e. gmail.com.

The main problem I am having though is with explorer.exe trying to boot up. The icons and taskbar appear, then I get the "Windows Explorer has encountered a problem..." error. If I click any option, the desktop goes blank again for a few minutes, then starts loading back up and I get the same error. As long as I do not select any option it seems it functions just fine, I just have to move the error window to the side of the screen.

Well here is the hijack log... any ideas?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:01 PM, on 8/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\C... Read more

Answer:Malware attack and explorer.exe suffering as well as browser hijacks

Update, actually I am still getting that red hijacked page claiming to be unprotected and trying to get me to purchase that scamming product.
 

2 more replies
Relevance 55.35%

Hey there, whoever you are - You're awesome. Onwards:[NEWEST EDIT: I think Spybot S&D did some good, but some popups are still happening - so I'd really appreciate the double checking - The following paragraph is my original post, but I'll replace my HijackThis! listing with the newest one............ ]=================== start of orig post:(I'm blaming the housemate) but "System defender" got on the system with a flurry of browser hacks (redirecting a lot of google searches to things like allgive.com, etc)- Ran a System Restore, Scanned and cleaned with Avast, Malwarebytes, and even threw in Windows defender and adaware for kicks. After hours of scanning and a few found baddies, they all say I'm clean. Firefox and IE were still hijacked - I uninstalled and reinstalled both: didn't change much - and I'm occasionally getting the sudden flurry of pop-ups. So while I may have avoided some of the wave, the storm rages on... Seriously though, I thank anyone out there who dedicates their time to doin' this for schmucks like me. On we go:===================== end of orig post.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:19:24 AM, on 11/17/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.ex... Read more

Answer:Am I clean? I can't tell. (Recovering from System Defender & browser hijacks.)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

4 more replies
Relevance 55.35%

Hi,

Over the past few days my browser has been repeatedly hijacked. Norton 360 detects this, and "quarantines" a number of threats, but the problem continues.

I have attached the DDS log. I could not run the Rootkit tool. I tried several times to download it and my computer would go to 100% CPU utilization, then I get a message telling my that I am now on virtual memory. I have rebooted and made sure that there are no other applications running to consume system resources. But no success.

Teenagers in the home. The problem first appeared on Tuesday evening.

Thank you for your assistance. Let me know what else you need.

Answer:browser hijacks, low virtual memory, returning malware

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

4 more replies
Relevance 55.35%

Hey Guys, recently I've been having problems with my computer. It started out with just redirecting me to websites that I wasn't trying to go to, mainly trying to sell me things. Yesterday when I turned the computer on it would get to the Welcome screen and then tell me that my version of windows wasn't verified, and I wouldn't be able to use it. Apparently something changed the system files. I was able to boot in safe mode after a few attempts, and ran System Restore to about 2 weeks previous. The computer booted slowly, but everything loaded fine, so I ran Windows Update and installed Service Pack 2. After the restart, the computer blue screened before the Welcome screen, and would just reboot and crash over and over again. It wouldn't even boot in safe mode. I used my Vista DVD to run system restore again, to the point just before installing Service Pack 3, and that is where I am at now. I have switched to Google Chrome for web browsing, installed Avast! to replace my AVG 9.0, and have installed Adaware and HijackThis! I'll post the HijackThis log below, thank you in advance for any assistance you can provide.Corey.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:47:04 PM, on 12/9/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18349)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Win... Read more

Answer:Windows Vista Browser Hijacks and System Crash

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 55.35%

A worm that installs a 'Safety Browser', plays screeching music and dumps a graphic on the victim's desktop is circulating via IM...IM security company FaceTime Communications described the malware, which it calls "yhoo32.explr", as "insidious"...When the link is clicked, a worm installs the so-called 'Safety Browser', a program that leads the user to pages mined with adware and viruses...The Safety Browser uses an Internet Explorer logo to make it look more legitimate.http://www.pcadvisor.co.uk/news/index.cfm?newsid=6218http://blog.spywareguide.com/

More replies
Relevance 55.35%

Hi

As the title says I got this virus/malware which takes over any address bar search I try to do (on all 3 chrome, firefox and IE). I have tried searching for a solution and nothing has worked so far. My search has made me conclude that it got infected when I installed the vshare.tv plugin on an online streaming site.

I am running Windows 7 Ultimate 32-bit (not sure of service pack #)
I don't believe I have access to a Windows 7 boot disk but I might somewhere...I could check if really necessary

I have followed the instructions provided here to the best of my ability...I apologize if I missed something...please let me know and I'll update the post

Thanks a lot for your help

Here is the DDS text:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by shek at 20:03:50 on 2011-09-15
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1453 [GMT -4:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\syst... Read more

Answer:startsear.ch virus hijacks browser address bar searches

Hi,

Please do the following

Refer to the ComboFix User's Guide
Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

13 more replies
Relevance 55.35%

Due to a very slow computer I recently did a reinstall of XP from my Acer Laptop Restore Disks. I did the same thing about a year ago and everything went well and computer speed was great. That restore was full of browser hijacks and the inability to update XP. I did another restore but with the same bad results. I have an Acer Travel Mate 290 laptop with a Pentium M 1,30ghz processor and 512 mb of ram, running Windows XP SP3 and IE7. (the system disks are SP2 and I had previously downloaded SP3 to use with this reinstall.
I am continually getting an error "Generic Host Process for Win32 Services had a problem and must close" The computer runs slowly and it seems that 100% of the cpu is being used with no special programs running. Ctrl, Alt, Del shows that Svchost for the system is using most of the memory and the cpu.
Since the reload of XP I have been unable to access the Windows Update site for updates and a little badge in my tray tells me that it is trying to download updates but nothing is ever downloaded. I am continually getting browser hijacks ending up on search sites I have never heard of or on porn sites I don't wish to visit. Pop-ups are also common from "freegivawayoffers.com" informing me of the $1000 I have won at
WalMart.
I have tried to follow your written instructions on your site but, SuoerAnti Spyware reports no problems, Malwarebytes finds nothing, and ComboFix informs me that my MBR is infected, runs for a while,... Read more

Answer:ComboFix Wont run, Browser Hijacks, Slow Computer

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.
 

11 more replies
Relevance 55.35%

Hi

As the title says I got this virus/malware which takes over any address bar search I try to do (on both, firefox and IE). I have tried searching for a solution and nothing has worked so far. My search has made me conclude that it got infected when I installed the vshare.tv plugin on an online streaming site.

I am running Windows 7 home premium 64-bit (service pack 1)
I don't have access to a Windows 7 boot disk but i generated wondows system recovery disk when i got this computer. all programs are uptodate (from what i can say). I have filehippo which keeps things updated by warning me all the time. Antivirus is microsoft security essential.

I have followed the instructions provided to the best of my ability...as I have 64 bit laptop, i have not downloaded and ran GMER:. I apologize if I am missing something...please let me know and I'll update the post

Thanks a lot for your help


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by NJ at 22:15:44 on 2011-10-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6140.3976 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\Sys... Read more

Answer:startsear.ch virus hijacks browser address bar searches

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------


Quote:




Antivirus is microsoft security essential.




I see no evidence of MSE installed or running on your machine. Did you mean Windows Defender? That isn't an antivirus.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Get help here

Open Notepad and copy/p... Read more

19 more replies
Relevance 55.35%

Hello all, another person in need of help!

A few days ago i started getting browser redirects to all sorts of sites and then a menacing desktop message. I have windows xp.
I looked through the *READ ME FIRST* thread and downloaded everything it told me to, however, i am unable to execute any of these programs or any programs at all (except internet explorer) and access to task manager is denied.

My computer very briefly resumed normal service when i turned it on at some point and there was no sign of the rogue anti spyware (but the browser hijacks continued). Upon rebooting a different anti spyware thing (win antivirus pro) has showed up and the computer has returned to that sorry state.

I feel i should mention that i used to own avg and spyware doctor but my subscriptions ran out and i had no money to renew them, so i started using the free version of antivir but a year on this has happened

Can anybody here share their wisdom? Itd obviously be really appreciated if anybody could!!

lillywilde
 

Answer:Browser/desktop hijacks/Cant open programs/Rogueantispyware

Are you sure neither ComboFix nor MGTool.exe can not run? The only way to assist you is to see what is happening in your system.

Did you try running any of the scans in safe mode? Did you try renaming them?
 

15 more replies
Relevance 55.35%

HI

Ok my initial problem was that search results from google / bing etc would produce random pages when clicking on the links, multiple browser windows opening, and even spoof alerts to viruses on my machines

So I followed your removal guide, with most parts being ok,

Both Combofix and Rootrepeal failed to complete, both of them restarted the pc mid session

However SAS, Malwarebytes and MGtools did complete

Laptop is vista, with McAfee security centre, and have also run Spybot search and destroy and immunized, as well as CCleaner

Logs from the successfull parts of the guide are attached

SAS Malwarebytes and MGtools

I'm considering a complete reinstall of the OS if I can not resolve this
 

Answer:Followed removal guide still problems with Malaware and browser hijacks

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for your patience
 

2 more replies
Relevance 55.35%

When I first open Google, in the Search Box is a typo which I cannot delete.Any ideas? Many thanks. pianojoe
 

Answer:Solved: how to delete typo which remains in Google search box when I first open Googl

6 more replies
Relevance 54.53%

My 64-bit Vista laptop is infected with a virus despite having been using and running avast real-time protection. I've tried a variety of products to remove the virus to no avail. Among the symptoms are processor overload from multiple instances of:dllhost.exe *32 processpowershell.exe *32 process (while in Safe Mode w/Networking)powershell has stopped working message boxes (while in Safe Mode w/Networking)wermgr.exe *32 process It also changes my Internet Explorer browser setting to not allow downloads, and when internet access is turned on there are automated attempts to reach various urls that are blocked by avast. Some of these symptoms do not always appear now in Normal startup mode, but they still occur in Safe Mode w/Networking. Following is the DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16563Run by Steff at 17:07:12 on 2014-08-31Microsoft® Windows Vista Home Premium   6.0.6002.2.1252.1.1033.18.3998.1951 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrict... Read more

Answer:Multiple dllhost powershell wermgr processes and browser hijacks

Hi there,please run the following scans:Step 1Please download Combofix (by sUBs) and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start Combofix.exe and follow its instructions.Do not use the computer while the scan is running. This may cause the program to stall.When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).Please copy and paste the contents of this file into your next post.Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.(You can find more detailed instructions in this guide on using Combofix.)Step 2Please download Farbar Recovery Scan Tool and save it to your Desktop.Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

6 more replies
Relevance 54.53%

I am having trouble with malware... experiencing search redirects, pop ups, and application errors. Ran MBAM but it did not remove the threat completely. Also, when trying to run the gmer application it could not finish the scan without crashing (blue screen) or other windows prompt that the application had a fatal error and was closed. I appreciate any assistance. DDS (Ver_10-10-10.03) - NTFSx86 NETWORK Run by Casey at 23:47:42.01 on Sun 10/17/2010Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3030.2452 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k LocalServiceN... Read more

Answer:Search Redirects, Browser Hijacks, Blue screen of death

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

27 more replies
Relevance 54.53%

Sorry - posted in wrong forum.

Answer:Quick BSOD, reboot loop; safemode: browser hijacks

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

2 more replies
Relevance 54.53%

I noticed my Google searches were getting hijacked/redirected. The issue occurs with Firefox 3.6x as well as Internet Explorer 8.x. I am running WinXP.

I have MSE as my antivirus. It is scanning without catching or noting any problems.

I ran MBAM and it caught and resolved several items: Rogue.SecuritySuite, Trojan.FakeAlert.Gen, Spyware.Passwords.XGen, Rootkit.TDSS.Gen, Spyware.Passwords.XGen.

However, even after MBAM did its clean up and ran again clean, the hijack/redirect issues continue.

I tried running TDSSKiller but it only gets to 80% then errors out.

IMPORTANT: I ran GMER overnite. It was taking a very long while. When I returned to my computer this morning, a window with "WARNING!!!" and an OK button was on screen, but as soon as I moved the mouse, the computer Blue Screened and restarted. And so, I'm unable to provide a GMER scan File here. Please advise if I should do something else to get it.

I appreciate any help you can provide.

Here are my DDS logs.

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by USER at 15:17:53.90 on 04/22/11
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.604 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ======... Read more

Answer:Browser search hijacks/redirects virus, possible TDL3 rootkit

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

17 more replies
Relevance 54.53%

Hello, I have been getting annoying pop up ads in the bottom left and right of my web browsers. In addition to this whenever I do a google search and click on a result it always redirects me to another ad page. Sometimes a tab will randomly open up and send me to yet another ad. In addition to this, my temporary internet files folder is full of at least 50 gigs of junk files. I see them when SuperAntiSpyware is taking two days to scan through the computer but when i manually go in to try and delete them they are hidden. I've been working on fixing this for a month. I need a pro. All help is appreciated. Also I have run spydoctor, malwarebytes, ccleaner, and wise disc cleaner to no avail. Thanks.

Answer:Mass junk files, annoying browser ads, and google hijacks.

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

9 more replies
Relevance 54.53%

I'm having similar firefox redirects as described in http://www.bleepingcomputer.com/forums/lof...hp/t329132.html . My machine is incredibly slow and my usual programs wont pick up anything. I've heard great things about combofix but need someone to walk me through it. Here are my logs... I appreciate any help you can give me!DDS (Ver_10-03-17.01) - NTFSx86 Run by C at 14:53:09.33 on Sun 08/01/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.83 [GMT -7:00]AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\ctfmon.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Mozilla Fire... Read more

Answer:Rootkit removal - please help!! Have logs, browser hijacks, super slow

Hi CWB212001KD7DB, and welcome to Bleeping Computer.Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Post the log from ComboFix when you've accomplished that.

10 more replies
Relevance 54.53%

I have attached the log and txt files for you. I look forward to your expert advise,
 

Answer:Browser redirects hijacks search malware after attempt of removal

forgot this one too
 

7 more replies
Relevance 54.53%

Hello, I was instructed to post a new topic in this forum. Here is a link to my first one with all previous logs.

http://www.bleepingcomputer.com/forums/topic480172.html/page__gopid__2934424#entry2934424

I was instructed to follow the prep guide starting with step 6 however when I run DDS the program says it should not take more than a few minutes but I have let it run for hours in both normal and safe mode. What do I need to do next.

Answer:Mass junk files, annoying browser ads, and google hijacks.

HelloThese are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.--RogueKiller-- Download & SAVE to your Desktop RogueKiller or from here
Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished"click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo

7 more replies
Relevance 54.53%

Referred from here: http://www.bleepingcomputer.com/forums/topic430839.html ~ OBHello, Topic was moved from Am I infected? and instructed to post dds, gmer and ark.logs here:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19154Run by Glenn at 14:23:20 on 2011-12-09Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2047.1095 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Cor... Read more

Answer:backdoor trojan-browser hijacks and regenerates deleted files

Hello again, I don't know if this happens to correlate with the findings of the logs posted, but presently I have no executable files it seems...for instance I launched IE from quick launch it does not open it asks what program I would like to use to open application...malwarebytes, microsoft word...the error code says: The file does not have a program associated with it for performing this action. Create an association in the Set Association control panel.Prior to running Gmer and dds..etc logs I had not encountered this error...just thought I should add the information to the post.

11 more replies
Relevance 54.53%

 dds.txt   19.89KB
  2 downloadsI leave my laptop at home while on vacation and my roomates must have downloaded a bunch of fake anti-spy type programs, pc optimizers etc.
 
Normally booting into safe mode, running rkill and MBAM solves my issues but not this time. Some stuff is still lurking and now out of my knowledge so some help would be appreciated.
 
DDS log attached.

Answer:Unknown Malware/Adware remaining...popups, browser hijacks as well

Hello digitalmatterI would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more

3 more replies
Relevance 54.53%

Hi and thanks in advance for your help. I'm having a heckuva' time trying to get this issue cleaned up and figured I'd better turn to someone who knows what they're doing before I ruin something. Issue started while browsing a fox sports forum at fightonstate.com. It immediately shut down my browser and Outlook and I got this pop-up, ostensibly from Microsoft Security Essentials. I came here, searched it out and used rkill and MBAM to clean it up. No luck. Multiple other tries with MBAM, Ad-Aware, SpyBot S&D and AVG have gotten me mostly clean, but the browser hijacker persists. It's taking over in IE, Firefox and Chrome and redirects the search result links to sites like findstuff.com. I also get new tab pop-ups from winnerweekly about a WalMart gift card and they end up locking up the browser.Lastly, programs are slow to start up now and that was never an issue. I also am intermittently getting a Rundll32 error; I keep forgetting to write down the specifics, but the GUI on my XP reverts to a Windows 3.1 style when that happens. Also, at the moment, my browser can't post in this Forum. I can navigate to it, but I can't post. All three browsers are getting a page not available error when I click "post new topic". I'm currently using a terminal connection to my office to post this. Is it usual for a browser hijacker to block access to BLEEPINGCOMPUTER forums?!This has been ongoing for almost a week and I'm a... Read more

Answer:Fake Microsoft Security Essentials / Hotpoint led to browser hijacks

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

15 more replies
Relevance 54.53%

Referred from: http://www.bleepingcomputer.com/forums/t/234721/firefox-jumping-to-windowstopcontent/ ~ OBI currently use Mozilla Firefox as my default internet browser.Starting yesterday, every time I do a google search and click on one of the result links I end up being redirected to a blank page with the URL reading "http://windowstopcontent.com/?q=(whatever the google search term was)" and the tab reads "Jumping"This happens every time I try to do a google search and click on a link.I have ran Superantispyware and Malwarebytes Antimalware, but neither program was able to fix this problem.I've also noticed that the same problem occurs on Internet Explorer when doing google searches.It seems similar to the "Jump/Redirect" problem which is found and acknowledged by many help sites.But it's not completely the same.For example:I typed "Runescape" into Google, and the first search result was the Runescape site (www.runescape.com) but when I clicked on it I was redirected to this page "http://windowstopcontent.com/?q=runescape"This happens for every search.Logs postedUNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-05-14.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 4/5/2007 8:15:18 PMSystem Uptime: 6/23/2009 6:29:55 AM (6 hours ago)Motherboard: ASUSTek Computer INC. | | Opal Processor: AMD Turion™ 64 Mobile Technology ML-34 | Socket 754 | 1790/200mhz==== Disk Partitions ========... Read more

Answer:Computer infection, hijacks browser and redirects google search

Hello Marc E. and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

2 more replies
Relevance 54.12%

Greetings all.My relatively new Dell laptop has been infected with browser hijacks on Firefox ( my main browser ) and now, IE. Google Chrome has not been affected. In the last few days, I also have had the dreaded Blue Screen of Death.I have used HiJackThis before on my old PC.I see a few suspicious entries in here, but you're the experts.~~~~~~~~~~~~~~~~~~~~~~~~~~~~Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:52:02 PM, on 05/10/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18813)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\DellTPad\Apoint.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\BOINC\boinctray.exeC:\Windows\vsnpstd3.exeC:\Program Files\CyberLink\PCM4Everio\EverioService.exeC:\Program Files\IDT\WDM\sttray.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\ehome\ehtray.exeC:\Program Files&... Read more

Answer:6 month old Dell Laptop - Blue screen of death and browser hijacks

As per the above, it would appear that I have not correctly posted my problem. My apologies for this error.

~~~~~~~~~~~~~~~~~`
DDS (Ver_09-09-29.01) - NTFSx86
Run by Cameron at 0:03:46.96 on 07/10/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.2.1033.18.2006.902 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Syst... Read more

3 more replies
Relevance 54.12%

Before we start, I just want to thank the kind volunteers who help people in these forums. You guys are amazing! Thank you SO much!I seem to have been infected with some pesky malware. It is hijacking my browsers (happens both in IE & Firefox) and re-directs me to other sites. What happens specifically is if I do a google or search, if I click on one of the linked search results, instead of going to that page, I am re-directed somewhere else. It doesn't appear that I am always redirected to the same place, though.I tried removing malicious software using Malwarebytes. It detected 20-some objects, but said 2 could not be removed. I removed those manually, but I think I must have screwed up Malwarebytes in the process, because not it doesn't work correctly. I tried uninstalling and reinstalling, but I can't seem to do either correctly.Here is my DDS Report (Attach.txt & Ark.txt files attached): DDS (Ver_09-12-01.01) - NTFSx86 Run by Jennifer Ashbrook at 13:03:57.21 on Sun 01/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.336 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32&... Read more

Answer:Malware Hijacks/Re-directs Browser (IE & Firefox) + Malwarebytes no longer working

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 54.12%

Will very much appreciate your help, I have tried whatever I can and am at the limit of my competence here.It started with a visit to a file-sharing site that I'd used before, but this time it had a message that it had been acquired by Zango (oh oh). It wanted to put junk on my machine but I wouldn't let it, then all heck happened - McAfee gave me a trojan alarm, said I didn't have the rights to delete it. Next my NVidia display driver got corrupted, I had to re-install it but it still gives me a BSOD stop error at boot-up on occasion. Then some lame search page called SearchAllStuff.com started coming up; IE windows would pop up with ads even when I wasn't using IE (and I usually use Firefox)... McAfee detected stuff called Adware-Isearch.dr ("cannot be completely removed"), Downloader-BCF and Downloader.gen.a trojans, vundo. Windows Defender caught Adware:Win32/Isearch.B, BrowserModifier: Win32/Toolbar888, BrowserModifier: Win32/Matcash, Adware:Win32/Bestrevenue (removals all succeeded). Then this a.m. I ran Ad-Aware in Safe Mode and it caught & deleted a couple of trojans, tracking cookies etc.Anyway my machine is still acting wonky, it wouldn't boot once today and the screen was blank earlier this evening. It seems each time I run McAfee Antivirus or Ad-Aware, especially in Safe Mode, more malware is found.Here's the DSS report:Deckard's System Scanner v20071014.68Run by Admin on 2008-05-03 23:33:41Computer is in Normal Mode.------------------------------... Read more

Answer:Having Multiple Browser Hijacks, Trojan Detects, Corrupt Display Driver

P.S. - I also noted that HJT shows this adware entry:R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mtn5.goole.ws/aiw3.php?try=1&ve...17-041205030002should I check & wipe it out through HJT ?

11 more replies
Relevance 52.89%

First off, I'd like to thank all volunteers VERY MUCH for helping me out. It is truly appreciated!Secondly, apologies for not being able to provide any infection details. I've run CA anti-virus and Ad-Aware multiple times, including in Safe Mode, and nothing is being detected. Additionally, both programs are unable to update, either via the program or manually. The hijacks must be blocking these, because when I go to the web address for Ad-Aware manual updates the zip file does not appear, and the webpage is completely blank.I also downloaded Malwarebytes and while it did install, it will not launch from the icon or by going directly to the .exe, even in Safe Mode. Kaspersky will not install in Safe Mode. It now looks like CA anti-virus and Ad-Aware are also being blocked from running. I am still able to run Hijack This!, but have not done anything more than simply scan & create a report with it.The specific symptoms of the hijack, listed in order of annoyance, are: Win XP completely locks-up after I've browsed with IE7 and closed it down, to the point that I cannot Ctrl-Alt-Del or Start>Shut Down. My only choice has been to power down. I'm now beginning to see Win XP locking up in this way after a hard reboot and Fire Fox, to the point that I've had to use another PC to enter this post. Because of this I'm no longer using IE. All search engines results are redirected no matter which search engine I've used. When I click on a result, I am redirected to an an a... Read more

Answer:Unknown hijacks redirect search engines & browser, disabled virus & malware protection

I've just completed another scan using CA anti-virus in Safe Mode, and detected 3 instances of HTML/FakeAV.A and 1 instance of Win32/LdPinch.XI, all of which CA says were deleted. XP Restore was not enabled.Hello machias,We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)

27 more replies
Relevance 50.02%
Question: Solved: Hijacks

I get porn pop ups when i open a link wat can i do ?
 

Answer:Solved: Hijacks

Please do this. Go here http://www.tomcoyote.org/hjt/ and download Hijack This. Un Zip it and click on the Hijackthis.exe.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

Do NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.
 

1 more replies
Relevance 49.61%

Greetings, I need a computer savy person to tell me what to delete from this following list created by the program HijackThis. When i hit ctrl+alt+delete, there are numerous programs that seem to badly affect my computing. Hope someone can help! Thanks.

Logfile of HijackThis v1.97.7
Scan saved at 4:57:16 PM, on 1/31/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\ROAD RUNNER\MEDIC\RRMEDIC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
C:\PROGRAM FILES\N-CASE\MSBB.EXE
C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TEM... Read more

Answer:[Solved] Deleting Hijacks

13 more replies
Relevance 49.61%

Hi I'm new here and I'm looking for some help in removing these annoying spyware problems that have gotten into my computer somehow. Let me try my bext to explain:
Getting these results in every Google & AJ search result page:

Free Virus Scan
Scan for spyware, malware and keyloggers in addition to viruses, worms and trojans. New threats
and annoyances are created faster than any individual can keep up with.
http://defender.veloz.com/ - 15k

Finding COMPUTERS is a Click Away at 2020Search.com
Having trouble finding what you re looking for on: VELOZ? 2020Search will instantly provide you
with the result you re looking for by drawing on some of the best search engines the Internet has
to offer. Your result is a click away!
http://www.2020search.com/ - 47k Click to expand...

Among others, which are obviously not related to the search, but placed in there some how.

"Web Savings"

When I Right-Click in an IE window I get an option for "web savings" I dont have a clue how it got there or what it does, but Im fairly sure it has something to do with the other spyware problems I'm having.

Browser Hijacks & Random Popups

Every time I open a new page I get a popup, and sometimes these will make my IE go to a certain site, like the ones above called "veloz"
My operating system is: Windows ME
I only use Internet Explorer
I do not use Kazaa or any other p2p programs
I've tried fixing these problems with both A-A and Sp... Read more

Answer:Major Spyware Problems - browser hijacks, strange search results, "web savings", etc.

11 more replies