[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Web Browsers Start Page Hijacker

Posted on 2016-10-05
14
Medium Priority
?
305 Views
Last Modified: 2016-10-12
I have installed one of those free software which with one click and hard to see recommendation and agreements I ended up to a new start page (hijacked) of my browsers.
The unwanted page is http://www.seeklatin.com/ 
I blocked it in the host file, but the browsers still redirect for that page when I start them.
I have the problem with internet explorer, firefox, chrome and opera.
I have tried all kind of cleaners and after some cleaning nothing could be detected anymore. Still I have the same problem.
I have rested the web browsers and only chrome is now clean.
How do I get rid of www.seeklatin.com?
What cleaners and methods do you recommend?
Cleaners used: MalwareBytes, Hitman Pro, SpyHunter, SuperAntiSpyware, AdwCleaner, Lavasoft Ad-Aware and other...
0
Comment
Question by:viki2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 37

Assisted Solution

by:bbao
bbao earned 300 total points
ID: 41830843
> I blocked it in the host file, but the browsers still redirect for that page when I start them.

the host file doesn't help here at all if the hijacker software uses IP addrssing directly.

> I have the problem with internet explorer, firefox, chrome and opera.

that basically means the malware has been installed and running (still active) on your computer. it might be initially injected by IE using an unsolicited ActiveX control but then implanted itself into your system once the marlicious binary code was executed at privilege rights (I guess your account is an admin, right?).

which version of Windows are you using?

anyway first try disabling all add-ons in IE, Chrome, Firefox and Opera and all unknown Auto Start items of Windows using MSCONFIG, then restart your computer and boot into Windows Safe Mode with networking support. Open a non-IE browser to see if the start page is still hijacked one. if yes, try changing it and see if it still comes back automatically.

let us know your test result.
0
 
LVL 29

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 300 total points
ID: 41830935
Restore the system to the most recent Restore Point prior to when the problem occurred.
0
 
LVL 49

Assisted Solution

by:dbrunton
dbrunton earned 300 total points
ID: 41831146
What operating system are you running?

Do you have anything loaded in your Startup folder?
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 21

Author Comment

by:viki2000
ID: 41831223
I will try your suggestions tonight when i am home. Until then here are some answers:

@Bing CISM / CISSP
“the host file doesn't help here at all if the hijacker software uses IP addrssing directly”
I realized that, but at least the content is not shown any more.
My account is admin on that PC indeed.
I am using Win 8.1 64bit.
I disabled all the add-ons on all browsers and there is nothing on Auto-Start. I tried to reset all the browsers. After cleaning and the reset of browsers only Chrome became clean and does show that problem anymore.
I did not try yet the safe mode; I forgot about it, I will try tonight.

@Dr. Klahn
I never liked system restore and I do not want it. I prefer it as last solution. The reason is that I play with different programs, sometimes often and are too many changes which a system restore cannot remember as I do not make a regularly backup/save point for the system.

@dbrunton
I use Win 8.1 64bit.
There is nothing in Startup folder.

I tried also 2 antiviruses and several antispyware, anti-adware, anti-malware and it is nothing detected. That is the strange part. So it seems somehow attached to the browser. If it would be an active malware inside Windows and tries to reach that page no matter what browser I use, then how come Chrome is now clean?
0
 
LVL 49

Assisted Solution

by:dbrunton
dbrunton earned 300 total points
ID: 41831239
Possible test.

Got Flash installed?  If so, try removing it.

Chrome uses its own version of Flash.  The others use Adobe Flash.
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 500 total points
ID: 41831327
use kaspersky rescue disk or bitdeffender rescue disk
quick google you can finf both of them and the tutorials

download iso install to USB or burn on CD
boot from CD/USB follow all the prompts
download latest definitions
scan pc

restart
reset all browser settings

DirkMare
0
 
LVL 21

Author Comment

by:viki2000
ID: 41832514
SpyHunter detected next:
Conduit search
If I delete sessionstore.js what do I lose except all the tabs and history?
I except that will solve the Firefox problem.
0
 
LVL 21

Author Comment

by:viki2000
ID: 41832547
Removed Flash.
Still the same problem.
0
 
LVL 21

Author Comment

by:viki2000
ID: 41832567
Restarted in safe mode.
The same problem.
If I remove all the tabs from Firefox and I set Show My Home Page when Firefox starts and I set My Home Page as www.google.com, then that home page is hijacked. When Firefox starts it jumps to that www.seeklatin.com , the same in safe mode, with firefox, opera and IE. Only Chrome is now clean.
0
 
LVL 21

Author Comment

by:viki2000
ID: 41832594
I have made important progress.
Now I have also IE and Firefox clean.
I used next cleaner https://www.avast.com/browser-cleanup
I had to uncheck at the bottom "Exclude add-ons with a good rating", reset browser and set the home page to Google.
I downloaded Kaspersky Rescue CD and Rufus to make USB bootable, but I did not try them yet.
Now I need only Opera to be cleaned.

I could uninstall and reinstall Opera.
Other suggestions?
0
 
LVL 10

Assisted Solution

by:davidanders
davidanders earned 300 total points
ID: 41832607
HijackThis is available from FileHippo, MajorGeeks, and BleepingComputer.
I have used it successfully on WinXP. It supposedly runs on Win8.
Getting advice from an online expert is recommended.
0
 
LVL 21

Author Comment

by:viki2000
ID: 41832616
I uninstalled Opera, deleted user data and reinstalled latest version of Opera.
Now is clean.
Seems all browsers are clean now and the problem solved.
I will let this question open for several days to see if everything remains clean.
0
 
LVL 30

Assisted Solution

by:serialband
serialband earned 300 total points
ID: 41833699
HijackThis! should really be downloaded from SourceForge where the current latest vesion resides.  Don't send people to download aggregators, especially FileHippo.  https://sourceforge.net/projects/hjt/
0
 
LVL 21

Author Closing Comment

by:viki2000
ID: 41839664
Thank you for your suggestions.
It seems I am clean now.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
In this article, I’ll show how research, determination, and use of modern technology helped me solve a DNA mystery.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question