Homepage hijacker of sorts changing address bar

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by sydwayz, Dec 21, 2008.

  1. sydwayz

    sydwayz Private E-2

    Hi, A couple days ago I notices my homepages which is www.google.com/ig
    changing or refreshing the entire page including the address bar about 2 seconds after the page initially loads. When the page would refresh I would be at a new address on the bar but my page would still look identical to my normal igoogle page. The new address would still be www.google.com/ig?false=true

    I have followed all the steps in the malware and spyware removal tutorials and I removed a ton of other stuff but this was my original problem that started my quest to this site and I have had no luck in removing it.

    The biggest change with the new software was adding SUPERAntispyware which now tells me when it is trying to change my homepage and then blocks it. But it does not remove it or register it as a threat.

    Here are my logs. If anyone has any ideas please feel free to share. Thanks so much.
     

    Attached Files:

    sydwayz, Dec 21, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please attach the logs from running both SAS and MBAM. And while you are at it and have SAS open, click on the preferences tab and then the hi-jack tab and make sure you have the boxes checked.

    And you should have removed these from the first steps of the Read and Run:
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Viewpoint Toolbar

    Also --- Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.

    If you use Firefox browser

    * Click Firefox at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    * Click Opera at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.
     
    Last edited by a moderator: Dec 23, 2008
    TimW, Dec 23, 2008
    #2
  3. sydwayz

    sydwayz Private E-2

    where are the malwarebytes and sas logs located? I installed the programs in the exact directories that the tutorial told me to but i cannot find those logs.

    I got rid of the viewpoint and i ran atf but i still have the problem.

    Thanks for the help.
     
    sydwayz, Dec 23, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are here:
    Code:
    C:\Documents and Settings\Jason\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
supera~1.log  Dec 18 2008         632  "SUPERAntiSpyware Scan Log - 12-18-2008 - 03-11-11.log"

"C:\Documents and Settings\Jason\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
mbam-l~1.txt  Dec 18 2008        1117  "mbam-log-2008-12-18 (15-34-39).txt"
     
    TimW, Dec 23, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds