Browsers have been hijacked

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by SuperiorBuff, Feb 23, 2011.

  1. SuperiorBuff

    SuperiorBuff Private E-2

    Hello, I was having some redirect issues with Firefox and decided to go through the malware removal and cleaning proceedures. I have attached all of the logs except MGtools, I can't get it to run. I installed .net and it still wont run.

    I did manually run Hijack this and have attached the log. I did not take any corrective action.

    Thanks in advance for your help.
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.
    cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
    GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
    ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
     
  3. SuperiorBuff

    SuperiorBuff Private E-2

    When I type cd\MGtools I see no change in the command prompt. I tried cd \MGtools with the same result.

    GetRunKey - "the system can not find the path specified"

    ShowNew - "the system can not find the path specified"
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Combo shows that you have it here:
    C:\MGtools.exe
    Does it do anything when you run the exe?
     
  5. SuperiorBuff

    SuperiorBuff Private E-2

    I can see it too, cd just won't acknowladge it. When I double click on the .exe I get a quick hour glass, a window pops up and disapears too fast to see anything but the fact there was a window. Task manager show no programs running.
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Have you disabled all your AV and AS software? Have you tried running it in safe mode?
     
  7. SuperiorBuff

    SuperiorBuff Private E-2

    I did have the AV disabled, but did not try Safe Mode. It did run in Safe Mode and have attached the zip file.
     

    Attached Files:

  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any malware in your logs.

    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!


    Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_14.17.05_log.txt) will be created and saved to the root directory ( usually Local Disk C ).
    • Attach this log to your next message
     
  9. SuperiorBuff

    SuperiorBuff Private E-2

    Completed with nothing found. I have attached the log file.
     

    Attached Files:

  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Is FireFox the only browser that is giving you the re-directs? If so, let's have you do this:


    • Run FireFox and click Bookmarks.
    • Then select Organize Bootmarks.
    • Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.

    Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla FireFox

    You will need to exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

    Start by uninstalling FireFox and then reboot. Do not skip the reboot.
    After reboot, delete the below folders:

    C:\Documents and Settings\UserAccount\Local Settings\Application Data\Mozilla
    C:\Program Files\Mozilla Firefox

    where UserAccount is the actual user account name being used.

    Now reinstall FireFox from the file previously downloaded.
    Import your bookmarks file. (similar process to exporting).


    Is FireFox working okay now?
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds