Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Browser Hijacked

02 Dec 2010   #1
James7679

Windows 7 Home Premium x64
 
 
Browser Hijacked

Over the past few days I have been trying to resolve an issue with IE8 having been Hijacked. Most of the time when I use a search through Google or Bing, upon clicking one of the results I will get a random redirect. I have tried scanning with MSE, Malwarebytes, Onecare.live, and Spybot S&D. I have ran multiple scans at the most stringent levels on all programs, the results are always negative. There does'nt seem to be any other programs being affected due to this, but that does'nt mean it won't eventually happen. I have even searched regisrty settings for IE8 and can't seem to find an http redirect anywhere. Your help with this is greatly appreciated. Thank you.


My System SpecsSystem Spec
.
02 Dec 2010   #2
brady

 

check your proxy server through IE and your Host file
My System SpecsSystem Spec
02 Dec 2010   #3
fletch

Windows 7 Home Premium 32bit.
 
 

Also download TDSSKiller.exe. follow the instructions plus can you post the log back on here.

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
My System SpecsSystem Spec
.

02 Dec 2010   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Let's flush your DNS cache and restore MS's original Hosts file:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop. Right click and run the batch file as Administrator. Your computer will shut down and restart itself.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Now, download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your new topic.
The scan will instruct you to post Attach.txt as an attachment.
No need for that though ..... just post it's contents as you would any other log.
My System SpecsSystem Spec
02 Dec 2010   #5
James7679

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by fletch View Post
Also download TDSSKiller.exe. follow the instructions plus can you post the log back on here.

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
This program found the malware you suggested it was, excellent! Do i need to do the other suggested fixes?
My System SpecsSystem Spec
02 Dec 2010   #6
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Yes, go ahead and follow my instructions please.
My System SpecsSystem Spec
02 Dec 2010   #7
James7679

Windows 7 Home Premium x64
 
 

Thanks Jacee, here you are...


Attached Files
File Type: txt DDS.txt (13.8 KB, 34 views)
File Type: txt Attach.txt (22.3 KB, 25 views)
My System SpecsSystem Spec
02 Dec 2010   #8
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

TrojanDownloader:Win32/Renos.LX ... did you get fake Windows Security Essentials pop ups?

Please upload this file: F:\Users\James\AppData\Roaming\inst.exe
to VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines! and scan.

See this inst.exe | ThreatExpert statistics

Next, I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
02 Dec 2010   #9
James7679

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by Jacee View Post
TrojanDownloader:Win32/Renos.LX ... did you get fake Windows Security Essentials pop ups?

Please upload this file: F:\Users\James\AppData\Roaming\inst.exe
to VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines! and scan.
Jacee, no to fake MSE pups, and I can't find the above mentioned file on my pc. I take that back, after researching what the "renos.lx" file was, i realized that I had seen this. I immediately restarted my computer in safe mode and ran MSE scan and M'Bytes scan with no results.
My System SpecsSystem Spec
02 Dec 2010   #10
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Unhide hidden files and folders to find F:\Users\James\AppData\Roaming\inst.exe

Go into Control panel, click folder options, then click the 'view' tab. Now uncheck Don't show hidden files and folders and hide extensions for known file types
You should be able to find the file after doing the above..


Attached Images
 
My System SpecsSystem Spec
Reply

 Browser Hijacked




Thread Tools




Similar help and support threads
Thread Forum
IE11 Browser Hijacked By Google Chrome
Not a plea for help, but a warning of sorts. Yesterday, IE11 on this system appeared to get hijacked by something in an advertisement. SWMBO (the only user on this box that uses IE11) was on the Daily Mail web site and the CPU usage went through the roof. I'm guessing a third party pixel element...
Browsers & Mail
Browser homepage (chrome) hijacked during install
Been a long time. forgotten how to fix. during install a 3rd party homepage snuck passed me. How do I restore google as home page plz.
Browsers & Mail
My IE11 Google browser has been Hijacked!?
Yesterday when I opened IE11 (fully win updated) after a cold startup, I noticed that the "Install Google Chrome" button was missing (FF27.01 too)? Then when I went to browse Redbox, nothing was showing properly (very slow/garbled!))? I rebooted & ran negative KIS2013 Full/Critical/rootkit scans....
System Security
My IE 10 browser has been hijacked
Thank goodness I have the Chrome browser. My IE will not open pages. When I place my cursor in the address bar and enter any address (e.g.: google.com), the cursor jumps back to the beginning of the address and nothing happens. I have done a full scan with MSE: nothing found Ran ADW cleaner...
System Security
IE Browser hijacked: suspect Delta search is the culprit
I have done the following without any success Ran ADW cleaner at least 3 times and restarted each time Ran thorough scan with MSE: negative Performed full scan with Malwarebytes and SuperAntispyware: deleted all adware/spyware I went to IE options and disabled all BHO that were in the list...
System Security
Browser search links hijacked
1) IE 8 / Google search results, click on any and get redirected to another site. IE 8 / Bing search results, click on any and get redirected to another site. Google Chrome, complete a search, click on any and get redirected to another site. Mozilla / Google search results, click on any and...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:43.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App