MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 04-21-12, 17:46
genius34 genius34 is offline
Private E-2
 
Join Date: Feb 2007
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Google Chrome Browser Hijacker

64 Bit Windows 7 system. Basically running fine, just some annoying redirects in my Chrome browser.

Been through the basic steps for browser redirects and the Read & Run Me First, still have problems.

All of the scans came back clean as far as I could see, no real indication any problems.

Will appreciate any help.
Attached Files
File Type: txt ComboFix.txt (22.4 KB, 3 views)
File Type: zip MGlogs.zip (286.8 KB, 5 views)
File Type: txt TDSSKiller.2.7.31.0_21.04.2012_14.51.45_log.txt (124.6 KB, 3 views)
File Type: log SUPERAntiSpyware Scan Log - 04-21-2012 - 15-42-17.log (584 Bytes, 2 views)
Reply With Quote
Sponsored links
  #2  
Old 04-21-12, 17:46
genius34 genius34 is offline
Private E-2
 
Join Date: Feb 2007
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Google Chrome Browser Hijacker

MB log.
Attached Files
File Type: txt mbam-log-2012-04-21 (15-56-47).txt (1.8 KB, 2 views)
Reply With Quote
  #3  
Old 04-21-12, 20:18
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,651
Thanks: 62
Thanked 7,767 Times in 4,202 Posts
Default Re: Google Chrome Browser Hijacker

Do the redirects only occur? Or do they also occur with Internet Explorer? To test, reboot your PC and DO NOT OPEN Chrome. Only run IE and see if the redirects still occur.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #4  
Old 04-21-12, 22:35
genius34 genius34 is offline
Private E-2
 
Join Date: Feb 2007
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Google Chrome Browser Hijacker

They don't seem as bad or as regular in IE, but still some hiccups every now and then. This is the first time I've used IE on this system. Also, most of the time in both browsers it goes to a failure to load screen, which if you refresh it three or four times it will load.
Reply With Quote
  #5  
Old 04-21-12, 22:54
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,651
Thanks: 62
Thanked 7,767 Times in 4,202 Posts
Default Re: Google Chrome Browser Hijacker

It is not looking like malware but there is a possibility one of your hard disk MBRs is infected but we will dig a little deeper. Your MBRcheck log showed:
Code:
    232 GB  \\.\PhysicalDrive2   RE: Unknown MBR code
Do you have your Windows 7 boot DVD?

Uninstall Chrome and reboot. After reboot delete all Chrome related folders like:

C:\Program Files (x86)\Google\Chrome
C:\Users\Joe\AppData\Google

Do not reinstall it yet. Just use Internet Explorer for now. But when you run IE, right click on the icon and select Start Without Add-Ons.




Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop. (If running Vista or Win7 right-click and select Run as Administrator)
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Change the setting of "Drivers" and "Services" to "All"
  • Copy the text in the code box below and paste it into the Customs Scans/Fixes text-field.
    Code:
    netsvcs
    /md5start
    afd.sys
    atapi.sys
    csrss.exe
    dhcpcsvc.dll
    explorer.exe
    lsass.exe
    nsiproxy.sys
    regedit.exe
    services.exe
    svchost.exe
    tcpip.sys
    tdx.sys
    userinit.exe
    winlogon.exe
    /md5stop
    %systemdrive%\*.*
    %systemdrive%\MGtools\*.*
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %windir%\assembly\GAC\*.ini
    %windir%\assembly\GAC_MSIL\*.ini
    %windir%\assembly\gac_32\*.ini
    %windir%\assembly\gac_64\*.ini
    %windir%\assembly\temp\*.ini
    %windir%\assembly\tmp\u /s
    %allusersprofile%\application data\*.exe
    hklm\system\currentcontrolset\services\dhcp
    hklm\system\currentcontrolset\services\afd
    hklm\system\currentcontrolset\services\tdx
    hklm\system\currentcontrolset\services\tcpip
    hklm\system\currentcontrolset\services\nsiproxy
    hklm\software\microsoft\windows\currentversion\run
    hklm\software\microsoft\windows\currentversion\runonce
  • Now click the Run Scan button.
  • Two reports will be created:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Attach both OTL.txt and Extras.txt to your next message. (See how to attach)
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #6  
Old 04-22-12, 02:09
genius34 genius34 is offline
Private E-2
 
Join Date: Feb 2007
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Google Chrome Browser Hijacker

Attached.
Attached Files
File Type: txt Extras.Txt (32.2 KB, 3 views)
File Type: txt OTL.Txt (264.1 KB, 1 views)
Reply With Quote
  #7  
Old 04-22-12, 13:38
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,651
Thanks: 62
Thanked 7,767 Times in 4,202 Posts
Default Re: Google Chrome Browser Hijacker

The sign of possible malware is still the MBR. Did uninstalling Chrome resolve your problem? That is does IE also get redirected? If IE also has redirections, disconnect this 232 GB external drive from your computer and reboot your PC. See if you have redirections when this drive remains disconnected.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #8  
Old 04-22-12, 21:14
genius34 genius34 is offline
Private E-2
 
Join Date: Feb 2007
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Google Chrome Browser Hijacker

Uninstalled Chrome, still had issues with IE. Rebooted with the external ejected and disconnected, still the same thing. Ran a quick scan of the external and didn't come up with anything. I also tried rebooting and resetting my router a couple of times, still getting failure to load pages.
Reply With Quote
  #9  
Old 04-22-12, 21:22
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,651
Thanks: 62
Thanked 7,767 Times in 4,202 Posts
Default Re: Google Chrome Browser Hijacker

Keep the USB drive disconnected for now.

So your problems are not that you are being hijacked but rather that some pages don't load?

Have you tried totally bypassing your router and directly connecting to your cable or dsl...etc modem? You will have to reboot the modem and or your PC to reaquire an IP address.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
The Following User Says Thank You to chaslang For This Useful Post:
genius34 (05-01-12)
  #10  
Old 05-01-12, 19:40
genius34 genius34 is offline
Private E-2
 
Join Date: Feb 2007
Posts: 27
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Google Chrome Browser Hijacker

This issue was in my router, just FYI. Never even knew that was a possibility until now. I disconnected the router and have zero redirects over the last week. I'm restarting my network from scratch and taking the router all the way back to the factory reset.

Thanks for the help, always appreciated.
Reply With Quote
Sponsored links
  #11  
Old 05-03-12, 00:49
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,651
Thanks: 62
Thanked 7,767 Times in 4,202 Posts
Default Re: Google Chrome Browser Hijacker

Glad to hear you have found the problem.

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /uninstall
      • Notes: The space between the combofix" and the /uninstall, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  7. Go to add/remove programs and uninstall HijackThis.
  8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
    related to MGtools and some other items from our cleaning procedures.
  9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 7 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  10. After doing the above, you should work thru the below link:
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Google Chrome Browser Redirect hiptolick Malware Removal 6 01-04-12 19:15
For anyone using Google Chrome Browser oma The Lounge 2 04-18-11 17:00
Google Redirect malware in Google Chrome browser only zicozak Malware Removal 10 04-05-11 21:59
Google Browser Hijacker cloaked malware drp3636 Malware Removal 10 03-23-10 02:22
Google Chrome Web Browser Oooops! The Lounge 32 09-06-08 17:29


All times are GMT -5. The time now is 10:07.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger