IE browser redirected

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by marrober9, Dec 8, 2006.

  1. marrober9

    marrober9 Private E-2

    When I log onto IE it opens my home page fine. Now when I type in a search request Explorer will open up the appropriate web site options. When I click on the sight I am redirected to other web search engines and it is not only one sight that it will take me to. A few examples are Monster Market, Shopica, and Auto Mart, it will open up search helpers that are related to my original search entry. A funny thing is if I go back to the MS search page and open the same web site again it will open another web search assistant. On the third time though on the MS search it will open the correct sight always on the third attempt. I have run every possible cleaner, finder, buster whatever and still it comes back. I tried looking for it in my registry but have not gotten it yet. So i will post my HiJackThis log and see if anyone can help.Thanks

    • Edit by bjgarrick: Unrequested, Inline HJT log removed!
     
    Last edited by a moderator: Dec 8, 2006
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

    [​IMG] Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    • Make sure you check version numbers and get all updates.
    [​IMG] Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

    [​IMG]After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

    [​IMG] Downloading, Installing, and Running HijackThis
    • Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
    [​IMG]When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
    • CounterSpy
    • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
    • Bitdefender - from step 6
    • Panda Scan - from step 6
    • runkeys.txt - the log from GetRunKey.bat
    • newfiles.txt - the log from ShowNew.bat
    • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
  3. marrober9

    marrober9 Private E-2

    which ones should be run in safe mode
     
  4. marrober9

    marrober9 Private E-2

    bitdefender found nothing said everything is clean here are panda and hijackthis logs
     

    Attached Files:

    Last edited: Dec 9, 2006
  5. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    I still need the log, if you don't have it just don't worry about it. I do however need the below logs.

    CouterSpy or AVG AntiSpyware
    runkeys.txt - the log from GetRunKey.bat
    newfiles.txt - the log from ShowNew.bat
     
  6. marrober9

    marrober9 Private E-2

    logs
     

    Attached Files:

  7. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Your logs don't show anything really, are you still having the problem? I would like you to run the below as a precaution.

     
  8. marrober9

    marrober9 Private E-2

    ok I will run it i was on another web sight and they helped me remove the virus they said it was a safesurfer hijacker but as soon as I removed it it came back and they closed my topic so I thought I would try this sight for help. I will try what you said
     
  9. marrober9

    marrober9 Private E-2

    I do not see anything under the programs tab that says Reset Web Settings
     
  10. marrober9

    marrober9 Private E-2

    ok did what you said still having the same problem
     
  11. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    If you're doing steps from other sites it makes it difficult for me to help you. You're going to have to stay with one forum and only perform what they forum request.

    Run a fresh Panda scan and then attach the the log from the scan, also attach a fresh HJT log and ShowNew log.
     
  12. marrober9

    marrober9 Private E-2

    logs
     

    Attached Files:

  13. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

  14. marrober9

    marrober9 Private E-2

    What ever that did it killed it but as soon as I open IE something downloads itself real fast and the thing is back. so I'm still having the problem hers my log.
     
  15. marrober9

    marrober9 Private E-2

    log HJT
     

    Attached Files:

  16. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Did you purchase Spy Sweeper? If not, please uninstall it along with the AOL Spyware stuff as this I believe is blocking the fix.

    After doing the above, reboot into Safe Mode and run the SurfSideKick Removal thread once more. After you complete it, reboot back to normal mode and let me know how things are running.
     
  17. marrober9

    marrober9 Private E-2

    did it still doing the same thing heres the HJT log
     

    Attached Files:

  18. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Please download Blacklight to its own folder...

    F-Secure Blacklight

    After download is complete, double click to run the program. Click "Accept" to procede. Then click SCAN to begin scanning your system.

    Once the scan is complete it will attempt to clean the found infections. There should be a log in the folder that you ran the program from, attach this log to your next post.
     
  19. marrober9

    marrober9 Private E-2

    heres the log
     

    Attached Files:

  20. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Download Pocket KillBox
    • Save it to your desktop or a place easy to find.
    • Do not run it yet
    Now reboot into Safe Mode and run the SurfSideKick Removal thread. Once you complete this thread, still in Safe Mode procede with the below.

    Locate PocketKillbox
    (Procede with this step even if they do not show in blue)

    Now, Copy and Paste C:\WINDOWS\system32\kdrrn.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

    • If you get an error message about Pending Operations, just reboot your computer manually.

    Once you complete the above instructions, let me know how things are running. Also attach a new log from Blacklight.
     
  21. marrober9

    marrober9 Private E-2

    looks like eveything is back to normal. How can I keep myself from being reinfected. can you recomend any good free virus protection and is there any free firewalls? thanks a lot for the help:)
     

    Attached Files:

  22. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Looks good! Next I need you to delete the C:\KillBox! folder to delete the backups.

    Yes, I recommend AVG AntiVirus and ZoneAlarm Firewall.

    You should see this article on How to Protect yourself from malware!
     
  23. marrober9

    marrober9 Private E-2

    did it thanks again
     
  24. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Your Welcome!

    Surf Safely!:)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds