Solved

Browser being hijacked/redirected

Posted on 2012-03-31
10
984 Views
Last Modified: 2013-12-06
Hi everyone. I have searched all over the web and EE and cannot seem to solve this issue. My brother has small children and I believe while playing their online games they may have mistakenly downloaded malware/viruses. I have run multiple software's to try and eliminate the issue and have made progress, but now there are a few issues I can't seem to find a solution to.

First of all, when I click on the start button, only the titles appear such as "all programs, computer, etc" there are no shortcuts to programs like there usually is. secondly, when I open IE or Firefox and do an initial search I get search results based on my search. When I click a link within the search results I can see the URL change to that result, but then it immediately changes to a random website and redirects me. I have run combofix, malwarebytes, hijackthis, and CCleaner but to no success. They all found malware and trojans but did not cure the redirect issue. I ran each of them in safe mode as well as normal startup.

I have attached the hijackthis log and also have the malwarebytes log can be posted if necessary. I can also provide any additional information about the PC you might need.

If anyone has any suggestions as to what other steps I can take to eliminate this issue I would greatly appreciate it. I really don't want to re-format the PC due to the amount of documents and programs installed already. Thank you for the input and your time.

the PC is running Win 7 64 bit.
hijackthis-LogFile-1-.txt
0
Comment
Question by:ngs1995
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 15

Expert Comment

by:cwstad2
ID: 37791742
Have you tried a restote point from a time before the infection?
0
 
LVL 44

Assisted Solution

by:Darr247
Darr247 earned 167 total points
ID: 37792207
I recommend you follow younghv's article at http://experts-exchange.com/A_6209.html even though it says it's for XP/Vista.

It looks like you're part way there, but possibly still have a winsock hijacker and maybe other problems, so just follow that article and see if it can get their shortcuts back.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37792590
Darr, actually that's rpggamergirl's article, but it looks like the type of bug .

Follow the article, and if you need help or have questions, I'm sure we'll be glad to help.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 166 total points
ID: 37793498
If you still getting redirected to some other sites then your system might still be infected. I would suggest you to run TDSSKiller which is also suggested in the article wrote by RPG (link already supplied above). Please post the logs after running the TDSSKIller.

The only thing I would like to mention is that you ran CCLeaner,so it would be difficult to bring back all the entries of Start Menu, however RPG's article would still let you bring most of them.

Sudeep
0
 

Author Comment

by:ngs1995
ID: 37795811
I'm going to follow the article and see what happens. On a side note, I tried TDSSKiller and it would not run on the infected PC. Tried in safe mode as well. If I can get it to run I'll post that log as well. Thanks for the input thus far.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 37797088
> Darr, actually that's rpggamergirl's article

I thought it was by her, but when I searched for her articles I couldn't find anything... I got that link from the bottom of one of younghv's articles and thought they all belonged to younghv. And [smacking forehead] I couldn't find her articles because I input her name as rpgamergirl... (doh!)
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37797442
The fixNCR really needs to be the first thing you run.
0
 

Author Comment

by:ngs1995
ID: 37817701
I followed the article and was able to restore the programs on the start menu as well as background icons. I ran Malwarebytes last and it found 5 additional items. The redirect is still occurring and I still can't get TDSSKiller to run in normal or safe mode. Any suggstions on what I can do to stop the redirect? I have attached the logs from the programs I ran. Appreciate the feedback.
mbam-log-2012-04-06--16-28-07-.txt
rkill-log.txt
unhide.txt
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 167 total points
ID: 37823276
Can we also look at the combofix log please. There's a new variant with same redirect symptom that combofix can't removed unless we remove the service first.

Also run this tool and see if it runs and if it finds the culprit.
Download the yorkyt.exe disinfection tool (1,31 MB).

http://www.pandasecurity.com/resources/tools/yorkyt.exe

Doubleclick to run.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
0
 

Author Closing Comment

by:ngs1995
ID: 37962761
The Panda Security tool seemed to clear up the redirect issue. The article I followed which was first suggested worked for bringing back my programs. Sorry it took so long to close the issue but the PC belonged to a family member who lived in a different state. Each time I visited I would work on it as much as I could. Thank you all for the great advice and input! The PC is 100% again :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
login scripts windows 10 5 27
How to install MDT 2013 on Windows Server 2012 R2 3 52
harddrive crash 6 43
Unabled to open web site 10 37
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question