69.50.190.131 hijack

Hi there!

I was trying to get rid of a browser hijack before on this forum, and I recently noticed it first redirects to 69.50.190.131, which seems to be a problem lots of people have. I use Firefox as my web browser.

I have AVG, CounterSpy and HijackThis installed.

Anything you can do to help me get rid of it at once??

Thanks,
Frederic

 

Hi!

So I completed the "read and run me first" and ran into a few problems scanning in safe mode and running the online scans.

Spybot ran fine but couldn't get rid of 2 threats, Altnet and Huntbar, even when I ran it again after re-boot.

I had already used the CounterSpy trial so I used the AVG free edition, but I couldn't save a log.

I couldn't get either bitedefender nor Pandascan working, I was on both webpages before the actual tests, but couldn't click on the "start scan" buttons. I was using IE7 and never had a similar problem, but I usually work with Firefox. I had already performed those online tests.

Other logs are attached, let me know what you find!

Thanks,
Frederic

 

Reboot into Safe Mode and try those online scans again. Those scans are the most important because they both dig deep and help us a lot.

 

I can't access the internet while in Safe Mode with the networking support even though I have DSL. You think the problem might be linked to Internet Explorer? Should I try to uninstall it? I have the latest version.

Thanks

 

Click on the link below and run the online scan...

Kaspersky Anti-Virus Online Scan

• Click on "Kaspersky Online Scanner"
  
• Click Accept to procede...
  
• If you get a popup askiing if you want to Install Kaspersky's ActiveX Control, click Yes to install it.
  
• If you get a Security Warning popup asking if you want to install and run kavwebscan_unicode.cab, click Yes to install it.
  
• After all updates are downloaded, click NEXT to continue...( Note it will take awhile to download these updates based on your connection speed).
  
• Click Scan Settings and select extended and make sure both boxes are checked at the bottom, Click OK to continue.
  
• Now click on My Computer and let it run!
  
• This scan may take a while but it is very thorough. After the scan is complete save the log as a txt file and attach it to your next post.

 

Once again I'm unable to get to the Kapersky test. This one mentions that I have to be logged in as the administrator to be able to run it. I rebooted in Safemode with networking support as the administrator, but I couldn't connect even though in the control panel under networks, my connection was active. Can I log in as the administrator without being in Safemode? It's my last shot to try and get these online tests to work, what else can I do???

Thanks

 

What exactly happens when you try to run the scans?

You must use Internet Explorer to run these scans.

 

I'm using Internet Explorer 7, and I can navigate all the pages just find, but for bitedefender, pandascan and Kapersky online scan, when I reach the last page before the tests I cannot click on "scan my computer" or "start the scan". My mouse doesn't turn into a small hand for bitedefender, it's like the "button" doesn't exist. For Pandascan and Kapersky, my mouse turns into a small hand when I'm on top of the "button", but when I click nothing happens. This has never happened to me on any website ever.

Frederic

 

Those scans are very important in the removal of malware, without them it will be more difficult to target each trace.

See this thread, Running Ewido Security Suite

Once you are complete, attach the log from the scan with a fresh GetRunKey, ShowNew and HJT logs.

 

OK, I was able to run the ewido scan and the logs are attached. Hope that helps!

Thanks

 

And the Hijack This log.

 

Run the Ewido scan once more, and this time remove everything it finds. Afterwards reboot and attach the new log.

 

I ran the Ewido scan, and it deleted everything except Adware.Altnet and Adware.WebSearch. Log is attached.

Thanks

 

Attach a fresh HJT log, we can remove those manually that Ewido didnt remove.

 

Here's a fresh Hijack This log.

 

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

Again, make sure ALL browser windows are closed when you click FIX.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Next, run CCleaner to clean up cookies and temp files.


Once you have completed the above, please procede with the thread below.

WareOut Removal

Once you complete the above removal thread, reboot and attach a fresh HJT log and the log from the Wareout Fix.

 

Ok, I ran all procedures, the logs are attached.

Thanks

 

Your log looks good, are you having any further problems?

 

Looks like everything's back to normal with my browsers, no more hijacks!

Thanks so much!
Frederic

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!