Link to home
Start Free TrialLog in
Avatar of rrincones
rrinconesFlag for United States of America

asked on

Internet explorer gets hijacked after using a search engine and clicking on a result

When I search on either yahoo, msn, or google, I get a list of results. If I clik on a link my browser get's hijacked and redirected to other sites with advertisements.

I have scanned my system with AVG and Malwarebytes. I get a Trojan found message and successfully removed, but the problem continues.

I have attached the scan results from the hijackthis program.


hijackthis2.txt
ASKER CERTIFIED SOLUTION
Avatar of Chris Millard
Chris Millard
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Oh, something else to mention, it MAY be worth turning off system restore when you do the scans, because malware and viruses can infect resotre points too - BUT be careful in your decision to do this...
Download and run hijackthis from Trend Micro that will help troubleshoot  the problem.
Avatar of rrincones

ASKER

I did run  hijackthis and attached the results on my original post.
@ roybridge: I have used combofix on windows xp machines, but I have never been able to run it on windows vista.  Do you now if there is a version that runs on vista?
Combofix works perfectly well on Vista. RootAlyzer will tell you if there are any Rootkit infections on your machine.
These you should remove:

      R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
      O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
      O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
      O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab

Just check for Ask.com or Ask.com Toolbar in Add/Remove Program in Control Panel and uninstall.

Then run HitManPro and TDSSKiller
TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684

Then try HitManpro to make sure anything which might be left behind is clean:
32bit
http://dl.surfright.nl/HitmanPro35.exe
http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

If this does not resolve your issue then try Combofix:

Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post logs here for further analysis.

Sudeep
combofix fixed the problem.  It detected that explorer.exe was infected and fixed it.  It also removed several files and folders that contained trojans.