Solved

Browser being hijacked/redirected

Posted on 2012-03-31
10
978 Views
Last Modified: 2013-12-06
Hi everyone. I have searched all over the web and EE and cannot seem to solve this issue. My brother has small children and I believe while playing their online games they may have mistakenly downloaded malware/viruses. I have run multiple software's to try and eliminate the issue and have made progress, but now there are a few issues I can't seem to find a solution to.

First of all, when I click on the start button, only the titles appear such as "all programs, computer, etc" there are no shortcuts to programs like there usually is. secondly, when I open IE or Firefox and do an initial search I get search results based on my search. When I click a link within the search results I can see the URL change to that result, but then it immediately changes to a random website and redirects me. I have run combofix, malwarebytes, hijackthis, and CCleaner but to no success. They all found malware and trojans but did not cure the redirect issue. I ran each of them in safe mode as well as normal startup.

I have attached the hijackthis log and also have the malwarebytes log can be posted if necessary. I can also provide any additional information about the PC you might need.

If anyone has any suggestions as to what other steps I can take to eliminate this issue I would greatly appreciate it. I really don't want to re-format the PC due to the amount of documents and programs installed already. Thank you for the input and your time.

the PC is running Win 7 64 bit.
hijackthis-LogFile-1-.txt
0
Comment
Question by:ngs1995
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 15

Expert Comment

by:cwstad2
ID: 37791742
Have you tried a restote point from a time before the infection?
0
 
LVL 44

Assisted Solution

by:Darr247
Darr247 earned 167 total points
ID: 37792207
I recommend you follow younghv's article at http://experts-exchange.com/A_6209.html even though it says it's for XP/Vista.

It looks like you're part way there, but possibly still have a winsock hijacker and maybe other problems, so just follow that article and see if it can get their shortcuts back.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37792590
Darr, actually that's rpggamergirl's article, but it looks like the type of bug .

Follow the article, and if you need help or have questions, I'm sure we'll be glad to help.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 166 total points
ID: 37793498
If you still getting redirected to some other sites then your system might still be infected. I would suggest you to run TDSSKiller which is also suggested in the article wrote by RPG (link already supplied above). Please post the logs after running the TDSSKIller.

The only thing I would like to mention is that you ran CCLeaner,so it would be difficult to bring back all the entries of Start Menu, however RPG's article would still let you bring most of them.

Sudeep
0
 

Author Comment

by:ngs1995
ID: 37795811
I'm going to follow the article and see what happens. On a side note, I tried TDSSKiller and it would not run on the infected PC. Tried in safe mode as well. If I can get it to run I'll post that log as well. Thanks for the input thus far.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 37797088
> Darr, actually that's rpggamergirl's article

I thought it was by her, but when I searched for her articles I couldn't find anything... I got that link from the bottom of one of younghv's articles and thought they all belonged to younghv. And [smacking forehead] I couldn't find her articles because I input her name as rpgamergirl... (doh!)
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37797442
The fixNCR really needs to be the first thing you run.
0
 

Author Comment

by:ngs1995
ID: 37817701
I followed the article and was able to restore the programs on the start menu as well as background icons. I ran Malwarebytes last and it found 5 additional items. The redirect is still occurring and I still can't get TDSSKiller to run in normal or safe mode. Any suggstions on what I can do to stop the redirect? I have attached the logs from the programs I ran. Appreciate the feedback.
mbam-log-2012-04-06--16-28-07-.txt
rkill-log.txt
unhide.txt
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 167 total points
ID: 37823276
Can we also look at the combofix log please. There's a new variant with same redirect symptom that combofix can't removed unless we remove the service first.

Also run this tool and see if it runs and if it finds the culprit.
Download the yorkyt.exe disinfection tool (1,31 MB).

http://www.pandasecurity.com/resources/tools/yorkyt.exe

Doubleclick to run.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
0
 

Author Closing Comment

by:ngs1995
ID: 37962761
The Panda Security tool seemed to clear up the redirect issue. The article I followed which was first suggested worked for bringing back my programs. Sorry it took so long to close the issue but the PC belonged to a family member who lived in a different state. Each time I visited I would work on it as much as I could. Thank you all for the great advice and input! The PC is 100% again :)
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question