browser hijack.

[2PMHottest]

i have this issues. every time i click on the Google search result URL it go to the other website. i already try to use the Malwarebytes Anti-Malware, Rkill , and tdsskiller to scan and remove but it still there.
this is the website it direct me to--> (click dot expandsearchanswers dot com).
any solution for this??
Sorry for my bad english.

 

[Borg 386]

Since none of the the tools you mentioned seemed to have any effect at removing the infection, try d/l ing & running Windows Offline Defender. This is a boot disk/USB scanner. Download this on a clean PC (not the infected one), follow the directions and post back what the results were.

http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html?filter

 

[shawn77]

Reinstall your browser.

 

[Golden]

Reinstall your browser.

:sarc:

Try the following please:

Copy the following text exactly as shown into a new instance of Notepad, and save it as flush.bat on your desktop.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Close any open applications. Right-click on flush.bat and choose to Run as Administrator. Your computer will reboot itself.

Now download TFC.exe (Temporary File Cleaner) to your desktop, from this location:
TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums

Ensure all applications are closed. Right-click on TFC.exe and choose to Run as Administrator.
Click Start to run TFC - note:

• do not interrupt it! Let it finish completely.

• if TFC prompts you to reboot, then do so immediately.

• once finished, if you were not prompted to reboot, reboot anyway

Once rebooted, perform an online scan using the ESET online scanner:
ESET Online Virus Scanner | ESET

Report back on anything it finds.

Regards,
Golden

 

[2PMHottest]

Reinstall your browser.

:sarc:

Try the following please:

Copy the following text exactly as shown into a new instance of Notepad, and save it as flush.bat on your desktop.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Close any open applications. Right-click on flush.bat and choose to Run as Administrator. Your computer will reboot itself.

Now download TFC.exe (Temporary File Cleaner) to your desktop, from this location:
TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums

Ensure all applications are closed. Right-click on TFC.exe and choose to Run as Administrator.
Click Start to run TFC - note:

• do not interrupt it! Let it finish completely.

• if TFC prompts you to reboot, then do so immediately.

• once finished, if you were not prompted to reboot, reboot anyway

Once rebooted, perform an online scan using the ESET online scanner:
ESET Online Virus Scanner | ESET

Report back on anything it finds.

Regards,
Golden

ok. will use your methods 1st.

now using the ESET scanning the file.

 

[2PMHottest]

another update. seems like only my first user in the google chrome have the problem. the second user seem to be not infected by the malware.

and when everytime i try to key in an word on the google search bar or the google chrome address bar. the google chrome will crush and shut down itself.

 

[2PMHottest]

Reinstall your browser.

:sarc:

Try the following please:

Copy the following text exactly as shown into a new instance of Notepad, and save it as flush.bat on your desktop.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Close any open applications. Right-click on flush.bat and choose to Run as Administrator. Your computer will reboot itself.

Now download TFC.exe (Temporary File Cleaner) to your desktop, from this location:
TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums

Ensure all applications are closed. Right-click on TFC.exe and choose to Run as Administrator.
Click Start to run TFC - note:

• do not interrupt it! Let it finish completely.

• if TFC prompts you to reboot, then do so immediately.

• once finished, if you were not prompted to reboot, reboot anyway

Once rebooted, perform an online scan using the ESET online scanner:
ESET Online Virus Scanner | ESET

Report back on anything it finds.

Regards,
Golden

i have try your methods. but the result is still the same. no luck. thank you for your help.

 

[Layback Bear]

Did you useWindows Defender Offline as per Borg post #2??
Two other things.
1. Removing it using Safe Mode.
2. Internet Options/Connection/Lan and make sure proxy is not checked.
I just went through something like this and many times a anti malware don't find it because it's not considered malware. It can also be a add on in your browser. Something like, (Price watcher, coupon saver) or the likes. Completely remove all browsers except I.E. Then set I.I. to default. Nothing added what so ever. If your okay you can add more browser of your choice.

 

[Golden]

i have try your methods. but the result is still the same. no luck. thank you for your help.

I'm guessing you ran ESET? What did it find. Try post some more detail in your replies.