Browser search hijack

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by thatt, Apr 3, 2009.

  1. thatt

    thatt Private E-2

    Hi there. I'm at my wits end here so I'm turning to people smarter than me for help :)

    I'm trying to clean up my roommate's PC that have a search hijacking malware. It affects both Firefox and IE. I've run the Read Me for cleaning and have run all the scans and remove all the malware that malwarebytes found and ran cclearner. However, it looks like the malware is still present. I've looked through several other post with the same situation but none that matches mine exactly. 2 differences that I found in my roommate's machine that does not exist in the other post is that:
    1. i can't access regedit.exe in the windows folder from normal or safeboot. It would just restart the session in safe boot and an error message appear in normal boot
    2. combofix does not produce the log. when i run it from the desktop, it creates the 32788r22fwjfw in C:\ but no log

    both SAS and MBAM says no infection and HJT looks ok to me but I can still see the malware redirecting searches. I've uninstalled Firefox and Java on his machine but no help there.

    Please let me know what else I can do to get rid of this thing. Thanks.
     

    Attached Files:

    thatt, Apr 3, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Did you allow MGtools to finish running? Your log is very incomplete. Did you notice any error messages? Try running C:\MGtools\GetLogs.bat by double clicking on it and wait for it to say it is finished. Attach the new C:\MGlogs.zip file.


    Please delete the copy of ComboFix.exe that you currently have and then download the current version from here: combofix.exe

    Then reboot the PC into safe mode and see if you can run ComboFix. Attach the log if it runs.
     
    chaslang, Apr 7, 2009
    #2
  3. thatt

    thatt Private E-2

    hi chaslang

    well i tried running combofix in safeboot but it complained about pc-cillin running. not knowing how to turn it off, i just uninstalled it on a normal reboot and was then able to run combofix in safeboot (i'll install it back later).

    I had some problem running MGtools (keeps saying cannot access memory location something something) but again that works after i removed pc-cillin.

    I've attached both new logs to this reply. Looking forward to hearing your diagnostics :)
     

    Attached Files:

    thatt, Apr 7, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not seeing anything that would indicate a problem. Are you sure it was not already fixed by previous scans.

    Attach the below log file from a previous SAS scan.
    Code:
    C:\Documents and Settings\Jonathan Caparso\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\
Apr 1 2009 3899 "SUPERAntiSpyware Scan Log - 04-01-2009 - 21-51-44.log"
    If still being redirected, exactly when does it occur and where are you being redirected to? Is it still happening right now with PC-Cillin uninstalled?
     
    chaslang, Apr 11, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds