Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Browser being hijacked/redirected

Posted on 2012-03-31
10
Medium Priority
?
1,003 Views
Last Modified: 2013-12-06
Hi everyone. I have searched all over the web and EE and cannot seem to solve this issue. My brother has small children and I believe while playing their online games they may have mistakenly downloaded malware/viruses. I have run multiple software's to try and eliminate the issue and have made progress, but now there are a few issues I can't seem to find a solution to.

First of all, when I click on the start button, only the titles appear such as "all programs, computer, etc" there are no shortcuts to programs like there usually is. secondly, when I open IE or Firefox and do an initial search I get search results based on my search. When I click a link within the search results I can see the URL change to that result, but then it immediately changes to a random website and redirects me. I have run combofix, malwarebytes, hijackthis, and CCleaner but to no success. They all found malware and trojans but did not cure the redirect issue. I ran each of them in safe mode as well as normal startup.

I have attached the hijackthis log and also have the malwarebytes log can be posted if necessary. I can also provide any additional information about the PC you might need.

If anyone has any suggestions as to what other steps I can take to eliminate this issue I would greatly appreciate it. I really don't want to re-format the PC due to the amount of documents and programs installed already. Thank you for the input and your time.

the PC is running Win 7 64 bit.
hijackthis-LogFile-1-.txt
0
Comment
Question by:ngs1995
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 15

Expert Comment

by:cwstad2
ID: 37791742
Have you tried a restote point from a time before the infection?
0
 
LVL 44

Assisted Solution

by:Darr247
Darr247 earned 668 total points
ID: 37792207
I recommend you follow younghv's article at http://experts-exchange.com/A_6209.html even though it says it's for XP/Vista.

It looks like you're part way there, but possibly still have a winsock hijacker and maybe other problems, so just follow that article and see if it can get their shortcuts back.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37792590
Darr, actually that's rpggamergirl's article, but it looks like the type of bug .

Follow the article, and if you need help or have questions, I'm sure we'll be glad to help.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 664 total points
ID: 37793498
If you still getting redirected to some other sites then your system might still be infected. I would suggest you to run TDSSKiller which is also suggested in the article wrote by RPG (link already supplied above). Please post the logs after running the TDSSKIller.

The only thing I would like to mention is that you ran CCLeaner,so it would be difficult to bring back all the entries of Start Menu, however RPG's article would still let you bring most of them.

Sudeep
0
 

Author Comment

by:ngs1995
ID: 37795811
I'm going to follow the article and see what happens. On a side note, I tried TDSSKiller and it would not run on the infected PC. Tried in safe mode as well. If I can get it to run I'll post that log as well. Thanks for the input thus far.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 37797088
> Darr, actually that's rpggamergirl's article

I thought it was by her, but when I searched for her articles I couldn't find anything... I got that link from the bottom of one of younghv's articles and thought they all belonged to younghv. And [smacking forehead] I couldn't find her articles because I input her name as rpgamergirl... (doh!)
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37797442
The fixNCR really needs to be the first thing you run.
0
 

Author Comment

by:ngs1995
ID: 37817701
I followed the article and was able to restore the programs on the start menu as well as background icons. I ran Malwarebytes last and it found 5 additional items. The redirect is still occurring and I still can't get TDSSKiller to run in normal or safe mode. Any suggstions on what I can do to stop the redirect? I have attached the logs from the programs I ran. Appreciate the feedback.
mbam-log-2012-04-06--16-28-07-.txt
rkill-log.txt
unhide.txt
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 668 total points
ID: 37823276
Can we also look at the combofix log please. There's a new variant with same redirect symptom that combofix can't removed unless we remove the service first.

Also run this tool and see if it runs and if it finds the culprit.
Download the yorkyt.exe disinfection tool (1,31 MB).

http://www.pandasecurity.com/resources/tools/yorkyt.exe

Doubleclick to run.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
0
 

Author Closing Comment

by:ngs1995
ID: 37962761
The Panda Security tool seemed to clear up the redirect issue. The article I followed which was first suggested worked for bringing back my programs. Sorry it took so long to close the issue but the PC belonged to a family member who lived in a different state. Each time I visited I would work on it as much as I could. Thank you all for the great advice and input! The PC is 100% again :)
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question