Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: hijacker?

27 May 2011   #1

windows 7 home premium 64-bit hijacker?

I searched the forums and cannot find anyone having this specific issue.

I am relatively new to win7 and a novice by all means. I have recently acquired a browser 'hijacker' that tries to send me to [URL=""][/URL] rather than my intended destination. It never makes it to that site it just keeps shuttering. I can go back a page and try other sites from google and sometimes I go right there sometimes mrcleanpc tries to load.

I have updated and run Spy-Bot S&D, Malwarebytes and AVG. I tried the MS malicious removal tool too. I updated to IE9 and installed Google chrome (to try a different browser). And it is still there. I did a search for mrcleanpc and did not find any files on my laptop with that name.

Can someone please tell me where to look and how to get there and what i should look for?LOL.

I like 7 but it seems more difficult to get in deep to the file structure. I really don't want to mess anything up! I am dangerous that way. I was hoping to be able to get to the temporary internet files folder and see if there was something that i could clean out but I cannot find that either (help here too).

Basically any advice is appreciated. As for system restore????? That will bring me back to a non-issue time but will the hijacker not still be residing somewhere?

Thanks in advance for all your assistance.

in SC

My System SpecsSystem Spec
27 May 2011   #2

Windows 7 x86/x64, Server 2008r2, Web Server 2008

I would reboot into safemode and run MalwareBytes.
If this does not work, I would Suggest ComboFix. (Disclaimer - Have a good backup of your material because while it is a great tool it risks damaging your OS since it does attempt to correct some system files. + I do not claim and liability for damages done, this is meerly a suggestion.)
My System SpecsSystem Spec
27 May 2011   #3

Windows 7

Note   Note
Some folk say this tool is outdated, not so in my experience. If I had £pound for every time it has removed a nasty, simply and efficiently without the need for multiple scans, safe mode, etc, I'd be a lucky fellow. It takes a couple of minutes to use and will often rid you of a browser hijacker or unwanted search toolbar with little fuss...

Always worth a try for this type of thing, before you get the big guns out.

1. Download HijackThis *executable (no installer)*
2. Create a restore point, close any open programs, Explorer, etc, and then run the executable
3. Click Scan at bottom-left, and wait
4. Check down the list for the item you want to remove and check the box next to it (you may have to do a little research here if the name is not obvious)
5. Click "Fix Checked" and follow the prompts

Hopefully it can help you with this?
My System SpecsSystem Spec

27 May 2011   #4

Windows 7 Ultimate x86

Seeing how HijackThis is basically a way to remove certain unwanted entries from the registry in a convenient way, make sure you have a good backup before you simply check everything and click on fix it. you could always run the log file through here and see what the experts say...or with some caution and common sense use an automated log file analyzer for that:
HijackThis Logfileauswertung
HiJackThis! Log auto analyzer V2
My System SpecsSystem Spec
27 May 2011   #5

Windows 7

Good additional points SledgeDG, for which I couldn't agree more.
My System SpecsSystem Spec
27 May 2011   #6

Windows 7 Home Premium 64bit

Norton has a tool called power eraser
Norton Rescue Tools
In the past it has gotten rid of fake antivirus programs, and browser redirect issues. Again, a backup before running it is in order. Also read the instructions with the tool. A system restore might also solve the issue, if you can remember when your PC started doing this, just restore to a point before then, and to answer your question; No, if you do a system restore the browser redirect bug shouldn't be residing on your PC any longer, assuming you restored to the proper point.
My System SpecsSystem Spec
27 May 2011   #7

windows 7 home premium 64-bit

Quote   Quote: Originally Posted by mckillwashere View Post
I would reboot into safemode and run MalwareBytes
I could not get into safe mode! There was an F2 option but I could not find safe mode anywhere in there. It had a F12 boot option but that did not have a safe mode either. I realize that no one has the same set up so F-buttons are different....Is there a way to find safe mode? I would like to try that first.

My System SpecsSystem Spec
27 May 2011   #8

Windows 8.1 Pro x64

Try pressing F8 instead of F2 & F12, you should then get the option to boot into safe mode.

My System SpecsSystem Spec
27 May 2011   #9

win 7 X64 Ultimate SP1

Just a little more coaching...........Your bios screens will roll by and then when they are all done windows begins a boot. You may have to observe this boot to get the exact timing. When the bios is done at that instant you want to begin tapping F8. Like I say you may have to do multiple trys to get the correct timing. I miss it sometimes.
My System SpecsSystem Spec
27 May 2011   #10

Windows 7 Ultimate x86

this is from the aspire 5336 handbook:
BIOS Setup Utility
The BIOS Setup Utility is a hardware configuration program built into your computer’s BIOS (Basic Input/
Output System).
Your computer is already properly configured and optimized, and you do not need to run this utility. However, if
you encounter configuration problems, you may need to run Setup. Please also refer to Chapter 4
Troubleshooting when problem arises.
To activate the BIOS Utility, press F2 during POST (when “Press <F2> to enter Setup” message is prompted
on the bottom of screen).
The default parameter of F12 Boot Menu is set to “disabled”. If you want to change boot device without
entering BIOS Setup Utility, please set the parameter to “enabled”.
Press <F12> during POST to enter multi-boot menu. In this menu, user can change boot device without
entering BIOS SETUP Utility
My System SpecsSystem Spec
Reply hijacker?

Thread Tools

Similar help and support threads
Thread Forum
How to remove browser hijacker from registry
I tried to download a program from Cnet, but did not pay enough attention and I got the in IE 10 and the in Google. While I managed to get back to my start urls, I have been told that I should remove those search bars from the registry. I used Malwarebytes, Superanti...
System Security
possibly have search hijacker
I think I may have some weird search hijacker that needs dealing with. ALL my Google, Amazon, eBay, other search engine etc search results show junk unrelated information even for the most basic searches. not necessarily spam results but more like that NONE of my searches are known information....
Browsers & Mail
How do I get rid of web browser hijacker
Hi I have Mystart by incrediMail hijacker web browser on in/on my computer, I have used CCleaner and malwarebytes programs to no effect, No malicious items were found. following is the Hijackthis log for your perusal All help is appreciated
System Security
Browser Hijacker Deskbar
I have this nasty Browser Hijacker Deskbar on my system. Neither MSE nor Malwarebytes would even find it, but SAS finds it all the time. SAS quarenteened and deleted it at least 8 times, but every time I reboot, the bugger is back again. I looked on the web and there were a few hints for XP, but...
System Security
How would you remove Search Engine Hijacker
I'm trying to remove search engine hijacker from my brothers computer.He says he has run Malwarebytes, SpyBot Search and Destroy and has an up to date scan using McAfee Suite. The symtoms are when he searches using Google or Bing he gets directed to some 3rd rate search engine with phoney...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 19:30.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App