Solved

Browser being hijacked/redirected

Posted on 2012-03-31
10
958 Views
Last Modified: 2013-12-06
Hi everyone. I have searched all over the web and EE and cannot seem to solve this issue. My brother has small children and I believe while playing their online games they may have mistakenly downloaded malware/viruses. I have run multiple software's to try and eliminate the issue and have made progress, but now there are a few issues I can't seem to find a solution to.

First of all, when I click on the start button, only the titles appear such as "all programs, computer, etc" there are no shortcuts to programs like there usually is. secondly, when I open IE or Firefox and do an initial search I get search results based on my search. When I click a link within the search results I can see the URL change to that result, but then it immediately changes to a random website and redirects me. I have run combofix, malwarebytes, hijackthis, and CCleaner but to no success. They all found malware and trojans but did not cure the redirect issue. I ran each of them in safe mode as well as normal startup.

I have attached the hijackthis log and also have the malwarebytes log can be posted if necessary. I can also provide any additional information about the PC you might need.

If anyone has any suggestions as to what other steps I can take to eliminate this issue I would greatly appreciate it. I really don't want to re-format the PC due to the amount of documents and programs installed already. Thank you for the input and your time.

the PC is running Win 7 64 bit.
hijackthis-LogFile-1-.txt
0
Comment
Question by:ngs1995
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 15

Expert Comment

by:cwstad2
ID: 37791742
Have you tried a restote point from a time before the infection?
0
 
LVL 44

Assisted Solution

by:Darr247
Darr247 earned 167 total points
ID: 37792207
I recommend you follow younghv's article at http://experts-exchange.com/A_6209.html even though it says it's for XP/Vista.

It looks like you're part way there, but possibly still have a winsock hijacker and maybe other problems, so just follow that article and see if it can get their shortcuts back.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37792590
Darr, actually that's rpggamergirl's article, but it looks like the type of bug .

Follow the article, and if you need help or have questions, I'm sure we'll be glad to help.
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 166 total points
ID: 37793498
If you still getting redirected to some other sites then your system might still be infected. I would suggest you to run TDSSKiller which is also suggested in the article wrote by RPG (link already supplied above). Please post the logs after running the TDSSKIller.

The only thing I would like to mention is that you ran CCLeaner,so it would be difficult to bring back all the entries of Start Menu, however RPG's article would still let you bring most of them.

Sudeep
0
 

Author Comment

by:ngs1995
ID: 37795811
I'm going to follow the article and see what happens. On a side note, I tried TDSSKiller and it would not run on the infected PC. Tried in safe mode as well. If I can get it to run I'll post that log as well. Thanks for the input thus far.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 44

Expert Comment

by:Darr247
ID: 37797088
> Darr, actually that's rpggamergirl's article

I thought it was by her, but when I searched for her articles I couldn't find anything... I got that link from the bottom of one of younghv's articles and thought they all belonged to younghv. And [smacking forehead] I couldn't find her articles because I input her name as rpgamergirl... (doh!)
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37797442
The fixNCR really needs to be the first thing you run.
0
 

Author Comment

by:ngs1995
ID: 37817701
I followed the article and was able to restore the programs on the start menu as well as background icons. I ran Malwarebytes last and it found 5 additional items. The redirect is still occurring and I still can't get TDSSKiller to run in normal or safe mode. Any suggstions on what I can do to stop the redirect? I have attached the logs from the programs I ran. Appreciate the feedback.
mbam-log-2012-04-06--16-28-07-.txt
rkill-log.txt
unhide.txt
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 167 total points
ID: 37823276
Can we also look at the combofix log please. There's a new variant with same redirect symptom that combofix can't removed unless we remove the service first.

Also run this tool and see if it runs and if it finds the culprit.
Download the yorkyt.exe disinfection tool (1,31 MB).

http://www.pandasecurity.com/resources/tools/yorkyt.exe

Doubleclick to run.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
0
 

Author Closing Comment

by:ngs1995
ID: 37962761
The Panda Security tool seemed to clear up the redirect issue. The article I followed which was first suggested worked for bringing back my programs. Sorry it took so long to close the issue but the PC belonged to a family member who lived in a different state. Each time I visited I would work on it as much as I could. Thank you all for the great advice and input! The PC is 100% again :)
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Kaspersky installation 8 36
auto desk feauture 4 30
FlexNet and ususweb.dll 3 15
firefox deployment by sccm 1 24
This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now