Jump to content


Photo
- - - - -

browser search hijacked


  • This topic is locked This topic is locked
29 replies to this topic

#1 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 17 January 2011 - 03:56 PM

Both Firefox and IE browsers.
Google and Yahoo search engines hijacked.
I am often directed to an unrelated page.
I've run numerous antivirus, rootkit, trojan, ect. scanning software and can't seem to find the problem.
Attached are the results of running OTL.exe. Please inform me if anything looks suspicious.
Any help would be greatly appreciated. Thank you.

#2 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 17 January 2011 - 04:51 PM

I need the scan log from Emsisoft Anti-Malware as well.
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#3 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 17 January 2011 - 06:45 PM

I need the scan log from Emsisoft Anti-Malware as well.

Sorry. I'm getting the error message "Error You aren't permitted to upload this kind of file" here when trying to attach the file a-squared.db3 from Program Files\EmsisoftAnti-Malware\Logs. I copied the DB3 file to my text editor and attached it instead. Hope that is okay.

Nothing is showing infected. However, running Emsisift Hijackfree is did show in red C:\Program Files\realtekAudio\HDA\RtHDVCpl.exe, Infection User, Risk level Low\ 1/16/2011 which I simply quarantined but my sound still works.
Thanks.

#4 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 17 January 2011 - 07:15 PM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    SRV - (McciServiceHost) --  File not found
    SRV - (0051071294925773mcinstcleanup) McAfee Application Installer Cleanup (0051071294925773) --  File not found
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnceEx: [Title]  File not found
    
    :Files
    C:\Windows\tasks\Rzjv.job
    @C:\Windows:
    @C:\ProgramData\TEMP:A8ADE5D8
    @C:\ProgramData\TEMP:DFC5A2B2
    @C:\ProgramData\TEMP:CB0AACC9
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [ResetHosts]
    [Start Explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#5 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 17 January 2011 - 09:22 PM

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    SRV - (McciServiceHost) --  File not found
    SRV - (0051071294925773mcinstcleanup) McAfee Application Installer Cleanup (0051071294925773) --  File not found
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnceEx: [Title]  File not found
    
    :Files
    C:\Windows\tasks\Rzjv.job
    @C:\Windows:
    @C:\ProgramData\TEMP:A8ADE5D8
    @C:\ProgramData\TEMP:DFC5A2B2
    @C:\ProgramData\TEMP:CB0AACC9
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [ResetHosts]
    [Start Explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!


Thank you so very much. Apparently the search problem was fixed with your directions but will wait a day or so to be certain. The new OTL text file attached.
You're the BEST!

#6 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 17 January 2011 - 09:40 PM

You still have an Alternative Data Stream present that shouldn't be there.

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1
Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Attach logs for:
  • ComboFix (C:\combofix.txt)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#7 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 17 January 2011 - 11:04 PM

You still have an Alternative Data Stream present that shouldn't be there.
Download ComboFix from one of these locations:
Let me know of any problems you may have encountered with the above instructions and also [b]let me know how things are running now!


Downloaded ComboFix but forgot to rename it. It ran well though. I now notice a lot of new entries under c:\.
Attached is the text file.
Search is still working properly.
Thanks. :-)

#8 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 17 January 2011 - 11:09 PM

Rename combofix.exe to uninstall.exe. Double-click uninstall.exe. ComboFix should remove itself.

How are things running?
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#9 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 17 January 2011 - 11:49 PM

Rename combofix.exe to uninstall.exe. Double-click uninstall.exe. ComboFix should remove itself.

How are things running?


Renamed as instructed and ran it. Text file attached. Looked like it did another scan with the numbered stages completing. I'm not sure if it was deleted.

One thing I forgot to mention is a warning popup came up at the beginning of combofix.exe and uninstall.exe saying MS Security Essentials anti-virus and anti-spyware needed to be closed first. I had installed it last week but uninstalled it with Revo Uninstaller with the thorough setting cleaning out leftovers and the registry items. There is no reference to it that I can find anywhere so I'll tackle that job later.

Unfortunately the searching is still hijacked but everything else is running okay. Looks like I may in for a format and clean VISTA install I guess.

#10 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 18 January 2011 - 12:18 AM

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#11 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 18 January 2011 - 02:43 AM

Posted Image Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.


Thank you.
I updated my Malwarebytes. For some reason a previous scan result came up with some Trojans. Sorry, I should have made a list but I deleted all of them and then ran a scan. Results attached with nothing suspicious.

#12 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 18 January 2011 - 03:30 AM

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you receive an error message, chose a different source, then click Start again
  • After the update, from the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm, virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach the Compressed file, virusinfo_syscheck.zip, to your next reply.

Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#13 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 18 January 2011 - 09:55 PM

Download avz4.zip from here

  • Attach the Compressed file, virusinfo_syscheck.zip, to your next reply.


Sorry I couldn't get back to you right away. Zip file attached. Thanks.

I also ran Trend Micro Rootkit Buster with the log named TMRB00001 text log attached too.

#14 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 18 January 2011 - 10:13 PM

In the Control Panel, go to Internet options>connections>LAN settings and check if you have anything in your proxy configuration. Make sure "use proxy server.." under Proxy Server is unchecked.

Also, check your Firefox internal proxy settings, options>advanced>network>connection-settings, make sure it's on "use system proxy settings".
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#15 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 18 January 2011 - 10:59 PM

In the Control Panel, go to Internet options>connections>LAN settings and check if you have anything in your proxy configuration. Make sure "use proxy server.." under Proxy Server is unchecked.

Also, check your Firefox internal proxy settings, options>advanced>network>connection-settings, make sure it's on "use system proxy settings".


All are set to your recommendations. Thanks for all your help, attention, and work on this.

#16 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 19 January 2011 - 12:02 AM

Nothing is showing in any of the logs that would explain the search hijack.

I'm going to have you use a couple tools meant to find rootkits.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Save the log somewhere where you can find it.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.(Version)_(Date)_(Time)_log.txt".
  • Attach the TDSSKiller log.

Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#17 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 19 January 2011 - 01:23 AM

Nothing is showing in any of the logs that would explain the search hijack.

I'm going to have you use a couple tools meant to find rootkits.

Read carefully and follow these steps.
Download TDSSKiller and save it to your Desktop.


Apparently nothing found. No reboot required. Log attached.

#18 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 19 January 2011 - 04:31 AM

OK, now for GMER.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      Alternate Zip Mirror 2
      Alternate Zip Mirror 3
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Double click Posted Image or Posted Image on your desktop. If you are using Vista, please right-click and select run as administrator
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Allow the gmer.sys driver to load if asked.
If it detects rootkit activity, you will receive a prompt to run a full scan. Click NO.

  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Attach the GMER log.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on <--- ROOKIT entries
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#19 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 19 January 2011 - 01:32 PM

OK, now for GMER.

Download and Run Scan with GMER

We will use GMER to scan


I think I goofed on this one. I downloaded and ran as instructed. I'm not sure what happened, if I got a full scan or even a log file. When I tried it again it rebooted my machine so I went in as Safe Mode and the same thing happened. I downloaded GMER again, different file name came up this time, and popup says it can't run and to close it. Sorry. Anyway Gmer.log attached but not sure if it is correct and I should have shut down my Avast anti-virus first.

Often when I select and click on a search result I get this briefly:
http://west.05tz2e9....526&c=15|2|6000
before being misdirected.

#20 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 19 January 2011 - 01:56 PM

GMER is having problems in Normal Mode. Some RootKits can interfere with GMER, could be a bad driver also.

Download to your desktop OSAM Autorun Manager Portable from http://www2.online-s...le.php?p=131115

This is a RAR archive and you will need a program like 7-zip, http://downloads.sou...enzip/7z464.msi to unpack the archive.

Install 7-zip

Right click on osam_autorun_manager_portable.rar, select "7-Zip" -> Extract to "osam_autorun_manager_portable"

Open osam_autorun_manager_portable, double-click osam.exe.

When OSAM begins to run, click "Next" until you get to "Close" then click on "Close"

Press the second button in the top menu ("Save Log" button).

The standard Windows "Save as" dialog will appear.

You need to save a report in the .log format (not .html).

Save the log file somewhere you can find it, then attach the log to your reply.
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#21 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 19 January 2011 - 02:33 PM

GMER is having problems in Normal Mode. Some RootKits can interfere with GMER, could be a bad driver also.
Download to your desktop OSAM Autorun Manager Portable
Save the log file somewhere you can find it, then attach the log to your reply.


Log attached. I can't thank you enough for all your hard work and time.

#22 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 19 January 2011 - 03:34 PM

Download ADS Spy to your Desktop: http://download.blee...rijn/adsspy.zip

UnZip ADS Spy

Run ADS Spy, Click the "Scan the system for alternate data streams" button.

Slecet any streams found. Click the "Remove selected streams" button.

Close ADS Spy.

-----------------------------------------------------------

Download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#23 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 19 January 2011 - 08:33 PM

[quote name='ShadowPuterDude' timestamp='1295447675' post='19498']


Ran ADS Spy. Quick scan showed nothing so I ran Full scan of NTFS drives. In the results
I then saw some weird Bellsouth newsgroup things in
C:\uers <my name>\App Data\local\microsoft\WindowsMail which I deleted, but I haven't used that in a year or so and I think they had older dates.
Left and protected was c:\Windows:(a character) (8 bytes).

Ran Goored Fix and attached text file.

I just did a few searches and they are coming up correct. I'll give it some time and get back to you in the next day or so if that is alright. I'm keeping my fingers crossed. Again thanks.

#24 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 19 January 2011 - 08:51 PM

OK, let me know how things turn out in a day or so.
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#25 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 19 January 2011 - 09:15 PM

OK, let me know how things turn out in a day or so.


I spoke too soon. I'm getting redirected again. Usually goes here
EDIT: //// HOSTILE URL REMOVED \\\\
and then to another site.
:-(

#26 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 19 January 2011 - 09:37 PM

Download HijackThis to the Desktop.

Run HijackThis, accept the license agreement is displayed.

Click on the "Open the Misc Tools section" button.

Click on the "Open ADS Spy ..." button.

Click on the "Scan" button.

Select all Alternate Data Streams found by the scan.

Click on the "Remove Selected" button.

Exit HijackThis.

Reboot your system.

Still getting the search redirects.
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#27 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 19 January 2011 - 10:58 PM

Run HijackThis
Still getting the search redirects.


Ran and rebooted. So far so good. Either this or the previous scanner listed some IE stuff so I deleted them. Don't think that was it though and took a chance.
I'll let you know.

#28 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 20 January 2011 - 01:08 PM

The problem still exists. I think we have about exhausted every possible means of fixing it, don't you?

#29 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12348 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 20 January 2011 - 03:24 PM

The problem still exists. I think we have about exhausted every possible means of fixing it, don't you?

Yes.

Nothing shows in any of the logs. So, I am unable to formulate a procedure that targets what is causing the problem. At this point we are basically throwing things at the problem and see what sticks.

You may have to perform a "Clean Install" of the Operating System.
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#30 Beau

Beau

    Member

  • Members
  • PipPip
  • 16 posts

Posted 20 January 2011 - 04:01 PM

Yes.

Nothing shows in any of the logs. So, I am unable to formulate a procedure that targets what is causing the problem. At this point we are basically throwing things at the problem and see what sticks.

You may have to perform a "Clean Install" of the Operating System.


Again I can't thank you enough. I really appreciate everything.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users