Solved

Browser appears to have been hijacked

Posted on 2011-09-29
5
520 Views
Last Modified: 2013-11-22
I am trying to advise my brother on a problem he's got with his PC running IE and Vista.  It's recently taken on a life of it's own and keeps popping up porn site windows.  Lots of us have fallen victim to stuff like this over the years but these sites are utterly vile.

He runs Panda Cloud Antivirus (which found nothing) and I've also told him to hit it with MalwareBytes, AdAware and Advanced SystemCare Pro.  However, nothing seems to touch it.  The only thing I've seen that was this resilient was a rootkit virus (TDSS I think) that a specific Kaspersky utility looked for and got rid of.  The behaviour of that was totally different though in that browser links would simply re-direct to other sites - but not this vile stuff.

I'm going to remote connect to it and see what HijackThis comes up with but I just wondered if anyone else out there has experienced similar recently and found success in getting rid of it? Some idea of how the thing might be getting in would also be helpful as I tell him to patch everything as a routine and he does so religiously.

Many thanks
0
Comment
Question by:funasset
  • 2
  • 2
5 Comments
 
LVL 6

Accepted Solution

by:
bluemeln earned 250 total points
ID: 36817965
When nothing else works, use Kaspersky. If you don't want to buy the license (although very affordable), they have a malware removal tool that you can download from another computer and run from a USB stick if you can no longer use the Internet on the infected machine. If you can only boot up in safe mode, still start the scan from the USB and Kaspersky will direct you to reboot. http://www.kaspersky.com/antivirus-removal-tool-register

Kaspersky has found what Malwarebytes, TrendMicro's OfficeScan, McAfee, PC Doctor, and Nod32 did not find. What's also nice is that it does not weigh down the system, especially if it's an older computer.
0
 
LVL 32

Assisted Solution

by:willcomp
willcomp earned 250 total points
ID: 36879206
I recommend using ComboFix. It is usually effective in removing such infections. Be sure to follow instructions at link.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 

Author Comment

by:funasset
ID: 36890057
Cheers for the advice - I won't have time to remote in to it until tomorrow so I'm collating all the ammo I can to get rid of this disgusting thing.

I'll let you know how I get on!

Thanks
0
 

Author Comment

by:funasset
ID: 36904389
It seems to have gone - I'm not 100% sure what got rid of it as I kind of hit it with everything.  I wish the people who write these things would just get a life!!

Thanks
0
 
LVL 32

Expert Comment

by:willcomp
ID: 36904614
Glad to help and glad it's gone.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question