Computer Mystery

Discussion in 'Software' started by mark59, Oct 28, 2014.

  1. mark59

    mark59 MajorGeek

    A change has just occurred on my PC and I'm extremely angry about it. It was fine until I just updated Malwarebytes Anti-Malware. They didn't ask during the download and installation if I wanted to make any changes to my web browser, search engine or anything else. I think Bing has been downloaded and installed but I can't find it in the programmes list.

    When I open my web browser the words "Trovi search" appear in the search box (cf. Image 1) but they have never been there before. When I do a search I get "Bing" in the top left hand corner of the results page as well as "Bing" in the page name (cf. Image 2).

    What could have caused these problems? More importantly, please, tell me the sololution.

    For information -

    Computer: Acer Aspire 5920
    Operating System: Microsoft Windows Vista Home Premium Service Pack 2
    Web Browser: Mozilla Firefox version 33.0
     

    Attached Files:

  2. Earthling

    Earthling Interplanetary Geek

    The first action when things like this happen is usually to perform a system restore to the last restore point preceding the problem. If that fails to fix it then it's possibly malware, though hard to see how that could happen if you were only updating MBAM. But is that what you were doing? Updating MBAM does not normally involve a download and installation. If you were installing or reinstalling MBAM then which website did you use?
     
  3. plodr

    plodr Major Geek Super Extraordinaire

    I have MBAM 2.0.3.1025 Pro installed on 5 computers (four running 7 and one running XP). This version came out 13 Oct. and I installed it soon after because I got a popup on three of the computers.
    https://www.malwarebytes.org/support/releasehistory/

    I'm also running FF 33 on one computer and FF 31.0.2 ESR on two computers. The other win 7 computer is running PaleMoon. (I didn't check what browser is on the XP computer because I don't fire up the browser). None have anything like you suggest.

    Now I have to ask, where did you download the MBAM program from?
    http://www.majorgeeks.com/files/details/malwarebytes_anti_malware.html
    https://www.malwarebytes.org/antimalware/

    I hope it was not CNet because the site is notorious for bundling junk with the downloads. That would explain where you got the crud from.

    Uninstall it
    https://helpdesk.malwarebytes.org/h...How-do-I-uninstall-Malwarebytes-Anti-Malware-

    (Tucows does bundling and some of FileHippo downloads are now unclean).
    Source: http://www.malwareremovalguides.info/trovi-com-browser-hijacker-removal-guide/

    Watch where you get your downloads! MajorGeeks is clean unless the developer ads something and it will be posted in red under the program description. Softpedia is also a clean site.
     
    Last edited: Oct 28, 2014
  4. mark59

    mark59 MajorGeek

    I have to say I didn't know that Filehippo was unsafe. I use their update checker. It looks like I shall have to get rid of it.

    With regards to MBAM I opened its console panel to update it. After it had updated a dialogue box opened and said my new version of MBAM was ready. When I clciked OK to install it it took me to the Majorgeeks website, which is where I installed it from.

    Like I said there were no questions about would you like to instal ...? Would you like to make ... your homepage?

    I can't see it being anything else because I neither updated, upgraded, nor installed anything else.
     
  5. Earthling

    Earthling Interplanetary Geek

    When MBAM is updating, whether it's just its database or for a new version, it does not (if it's a clean version) redirect you to MG or to anywhere else. The update, which I have just this minute completed on my own system, does it directly from the MBAM servers. As yours is redirecting you to MG yours is not a clean version and, as plodr suggests, should be uninstalled. However, as you appear to have updated it from MG that is a mystery in itself, as MG downloads are all tested and clean, or at least that's what we are led to believe.
     
  6. plodr

    plodr Major Geek Super Extraordinaire

    Unusual behavior.
    Yes, all my popups about an "upgrade has been downloaded and waiting to be installed" come from MBAM. The file is on the computer and it updates without sending me to another site to download it again.

    I'd drive the computer over to the malware section and see if you have any other unwanted items besides Trovi Search.

    Did you scan with MBAM? I think it should have noticed Trovi and allowed you to remove the PUP (potentially unwanted program).
     
  7. mark59

    mark59 MajorGeek

    I'm hoping the problem might be resolved.

    I uninstalled MBAM. Prior to that my usual real-time protection provided by MS Security Essentials (MSE) was turned off and I couldn't turn it on.

    Since uninstalling MBAM I've been able to switch MSE's real-time protection back on and update MSE.

    I found listed in my programmes something called Search Project. I don't know what that is. I've uninstalled it.

    After the above actions I've opened Firefox and saw the words "Trovi search" still in the search field. So, I used System Restore to restore to a point about 48 h prior to this problem occurring. The words are no longer in Firefox's search field.

    I shall be checking for malware on the PC in question using MSE, SUPERAntiSpyware and MBAM. I'll also use Trend Micro's Housecall. If these all report no problems should I be satisfied I've had a close call and escaped unscathed or should I run Majorgeek's full malware checking procedure.
     
  8. Earthling

    Earthling Interplanetary Geek

    That sounds pretty good Mark. Keep your eye open for anything else unusual and go straight to malware removal if you can't clear it with those scans.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds