[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Browser being hijacked/redirected

Posted on 2012-03-31
10
Medium Priority
?
1,004 Views
Last Modified: 2013-12-06
Hi everyone. I have searched all over the web and EE and cannot seem to solve this issue. My brother has small children and I believe while playing their online games they may have mistakenly downloaded malware/viruses. I have run multiple software's to try and eliminate the issue and have made progress, but now there are a few issues I can't seem to find a solution to.

First of all, when I click on the start button, only the titles appear such as "all programs, computer, etc" there are no shortcuts to programs like there usually is. secondly, when I open IE or Firefox and do an initial search I get search results based on my search. When I click a link within the search results I can see the URL change to that result, but then it immediately changes to a random website and redirects me. I have run combofix, malwarebytes, hijackthis, and CCleaner but to no success. They all found malware and trojans but did not cure the redirect issue. I ran each of them in safe mode as well as normal startup.

I have attached the hijackthis log and also have the malwarebytes log can be posted if necessary. I can also provide any additional information about the PC you might need.

If anyone has any suggestions as to what other steps I can take to eliminate this issue I would greatly appreciate it. I really don't want to re-format the PC due to the amount of documents and programs installed already. Thank you for the input and your time.

the PC is running Win 7 64 bit.
hijackthis-LogFile-1-.txt
0
Comment
Question by:ngs1995
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 15

Expert Comment

by:cwstad2
ID: 37791742
Have you tried a restote point from a time before the infection?
0
 
LVL 44

Assisted Solution

by:Darr247
Darr247 earned 668 total points
ID: 37792207
I recommend you follow younghv's article at http://experts-exchange.com/A_6209.html even though it says it's for XP/Vista.

It looks like you're part way there, but possibly still have a winsock hijacker and maybe other problems, so just follow that article and see if it can get their shortcuts back.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37792590
Darr, actually that's rpggamergirl's article, but it looks like the type of bug .

Follow the article, and if you need help or have questions, I'm sure we'll be glad to help.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 664 total points
ID: 37793498
If you still getting redirected to some other sites then your system might still be infected. I would suggest you to run TDSSKiller which is also suggested in the article wrote by RPG (link already supplied above). Please post the logs after running the TDSSKIller.

The only thing I would like to mention is that you ran CCLeaner,so it would be difficult to bring back all the entries of Start Menu, however RPG's article would still let you bring most of them.

Sudeep
0
 

Author Comment

by:ngs1995
ID: 37795811
I'm going to follow the article and see what happens. On a side note, I tried TDSSKiller and it would not run on the infected PC. Tried in safe mode as well. If I can get it to run I'll post that log as well. Thanks for the input thus far.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 37797088
> Darr, actually that's rpggamergirl's article

I thought it was by her, but when I searched for her articles I couldn't find anything... I got that link from the bottom of one of younghv's articles and thought they all belonged to younghv. And [smacking forehead] I couldn't find her articles because I input her name as rpgamergirl... (doh!)
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37797442
The fixNCR really needs to be the first thing you run.
0
 

Author Comment

by:ngs1995
ID: 37817701
I followed the article and was able to restore the programs on the start menu as well as background icons. I ran Malwarebytes last and it found 5 additional items. The redirect is still occurring and I still can't get TDSSKiller to run in normal or safe mode. Any suggstions on what I can do to stop the redirect? I have attached the logs from the programs I ran. Appreciate the feedback.
mbam-log-2012-04-06--16-28-07-.txt
rkill-log.txt
unhide.txt
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 668 total points
ID: 37823276
Can we also look at the combofix log please. There's a new variant with same redirect symptom that combofix can't removed unless we remove the service first.

Also run this tool and see if it runs and if it finds the culprit.
Download the yorkyt.exe disinfection tool (1,31 MB).

http://www.pandasecurity.com/resources/tools/yorkyt.exe

Doubleclick to run.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
0
 

Author Closing Comment

by:ngs1995
ID: 37962761
The Panda Security tool seemed to clear up the redirect issue. The article I followed which was first suggested worked for bringing back my programs. Sorry it took so long to close the issue but the PC belonged to a family member who lived in a different state. Each time I visited I would work on it as much as I could. Thank you all for the great advice and input! The PC is 100% again :)
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
MS Outlook undoubtedly is the most widely used email client.Its user-friendliness, cost effectiveness, and availability with Microsoft Office Suite make it the most popular email application.  Its compatibility with Microsoft applications like Exch…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

640 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question