Solved

Browser appears to have been hijacked

Posted on 2011-09-29
5
544 Views
Last Modified: 2013-11-22
I am trying to advise my brother on a problem he's got with his PC running IE and Vista.  It's recently taken on a life of it's own and keeps popping up porn site windows.  Lots of us have fallen victim to stuff like this over the years but these sites are utterly vile.

He runs Panda Cloud Antivirus (which found nothing) and I've also told him to hit it with MalwareBytes, AdAware and Advanced SystemCare Pro.  However, nothing seems to touch it.  The only thing I've seen that was this resilient was a rootkit virus (TDSS I think) that a specific Kaspersky utility looked for and got rid of.  The behaviour of that was totally different though in that browser links would simply re-direct to other sites - but not this vile stuff.

I'm going to remote connect to it and see what HijackThis comes up with but I just wondered if anyone else out there has experienced similar recently and found success in getting rid of it? Some idea of how the thing might be getting in would also be helpful as I tell him to patch everything as a routine and he does so religiously.

Many thanks
0
Comment
Question by:funasset
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 6

Accepted Solution

by:
bluemeln earned 250 total points
ID: 36817965
When nothing else works, use Kaspersky. If you don't want to buy the license (although very affordable), they have a malware removal tool that you can download from another computer and run from a USB stick if you can no longer use the Internet on the infected machine. If you can only boot up in safe mode, still start the scan from the USB and Kaspersky will direct you to reboot. http://www.kaspersky.com/antivirus-removal-tool-register

Kaspersky has found what Malwarebytes, TrendMicro's OfficeScan, McAfee, PC Doctor, and Nod32 did not find. What's also nice is that it does not weigh down the system, especially if it's an older computer.
0
 
LVL 32

Assisted Solution

by:willcomp
willcomp earned 250 total points
ID: 36879206
I recommend using ComboFix. It is usually effective in removing such infections. Be sure to follow instructions at link.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 

Author Comment

by:funasset
ID: 36890057
Cheers for the advice - I won't have time to remote in to it until tomorrow so I'm collating all the ammo I can to get rid of this disgusting thing.

I'll let you know how I get on!

Thanks
0
 

Author Comment

by:funasset
ID: 36904389
It seems to have gone - I'm not 100% sure what got rid of it as I kind of hit it with everything.  I wish the people who write these things would just get a life!!

Thanks
0
 
LVL 32

Expert Comment

by:willcomp
ID: 36904614
Glad to help and glad it's gone.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
A hard and fast method for reducing Active Directory Administrators members.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question