Solved

Browser appears to have been hijacked

Posted on 2011-09-29
5
502 Views
Last Modified: 2013-11-22
I am trying to advise my brother on a problem he's got with his PC running IE and Vista.  It's recently taken on a life of it's own and keeps popping up porn site windows.  Lots of us have fallen victim to stuff like this over the years but these sites are utterly vile.

He runs Panda Cloud Antivirus (which found nothing) and I've also told him to hit it with MalwareBytes, AdAware and Advanced SystemCare Pro.  However, nothing seems to touch it.  The only thing I've seen that was this resilient was a rootkit virus (TDSS I think) that a specific Kaspersky utility looked for and got rid of.  The behaviour of that was totally different though in that browser links would simply re-direct to other sites - but not this vile stuff.

I'm going to remote connect to it and see what HijackThis comes up with but I just wondered if anyone else out there has experienced similar recently and found success in getting rid of it? Some idea of how the thing might be getting in would also be helpful as I tell him to patch everything as a routine and he does so religiously.

Many thanks
0
Comment
Question by:funasset
  • 2
  • 2
5 Comments
 
LVL 6

Accepted Solution

by:
bluemeln earned 250 total points
ID: 36817965
When nothing else works, use Kaspersky. If you don't want to buy the license (although very affordable), they have a malware removal tool that you can download from another computer and run from a USB stick if you can no longer use the Internet on the infected machine. If you can only boot up in safe mode, still start the scan from the USB and Kaspersky will direct you to reboot. http://www.kaspersky.com/antivirus-removal-tool-register

Kaspersky has found what Malwarebytes, TrendMicro's OfficeScan, McAfee, PC Doctor, and Nod32 did not find. What's also nice is that it does not weigh down the system, especially if it's an older computer.
0
 
LVL 32

Assisted Solution

by:willcomp
willcomp earned 250 total points
ID: 36879206
I recommend using ComboFix. It is usually effective in removing such infections. Be sure to follow instructions at link.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 

Author Comment

by:funasset
ID: 36890057
Cheers for the advice - I won't have time to remote in to it until tomorrow so I'm collating all the ammo I can to get rid of this disgusting thing.

I'll let you know how I get on!

Thanks
0
 

Author Comment

by:funasset
ID: 36904389
It seems to have gone - I'm not 100% sure what got rid of it as I kind of hit it with everything.  I wish the people who write these things would just get a life!!

Thanks
0
 
LVL 32

Expert Comment

by:willcomp
ID: 36904614
Glad to help and glad it's gone.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now