Browser hijacked-countere.com

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by kadamintz, Aug 26, 2004.

  1. kadamintz

    kadamintz Private E-2

    My operating system is Windows 98 with 96RAM and Pentium 3
    My browser reverts to countere.com which then becomes realsearcher.com AND my favorites list continues to list undesirable items-- no matter how many times I delete them they reappear while I'm on line. I run a Symantec Antivirus corporate edition Edition v8.1. I have cleaned temp files many times today with CCleaner, have scanned many times with Ad-aware and keep deleting the same 14 Registry items but they keep reappearing in the next scan after I go online. I have Hijackthis fixed every entry containing countere.com but it continually reappears. Here is the Hijackthis log. What else should I fix to stop this. I thank you very much in advance!

    Logfile of HijackThis v1.97.7
    Scan saved at 7:39:04 PM, on 8/26/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
     
    Last edited by a moderator: Aug 26, 2004
    kadamintz, Aug 26, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    HijackThis is the last step (and you have an out of date version too). Please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal > If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    NOTE: You should read the tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File > Do not post a HijackThis log until we ask you to and when we do it must be text document attachment to your message.

    Update! Due to Hijack This logs destroying search engine and web site searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your log file, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!


    Do NOT run Hijack This from the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT

    At anyrate get the current HijackThis (link provide in the links given above) and shut down ALL applications (especially browsers) and Fix the below:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://countere.com/?a=2&b=geo
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://countere.com/?a=2&b=geo
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://countere.com/?a=2&b=geo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://countere.com/?b=geo
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://countere.com/?a=2&b=geo
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://countere.com/?a=2&b=geo
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://countere.com/?a=2&b=geo
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://countere.com/?a=2&b=geo
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://countere.com/?a=2&b=geo
    O4 - HKCU\..\Run: [SpywareGuardPlus] C:\WINDOWS\SYSTEM32\WINMM64.EXE
    O4 - HKCU\..\Run: [S-SY] C:\WINDOWS\S-SY.EXE
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1277f56...ip/RdxIE601.cab

    Then enable viewing of hidden and system files: http://forums.majorgeeks.com/showthread.php?t=37650
    The reboot in safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

    And then use Windows Explorer to locate and delete:
    C:\WINDOWS\SYSTEM32\WINMM64.EXE
    C:\WINDOWS\S-SY.EXE

    Reboot normal and see how things look.
     
    Last edited: Aug 26, 2004
    chaslang, Aug 26, 2004
    #2
  3. kadamintz

    kadamintz Private E-2

    Re: Browser hijacked-countere.com -Thank you!

    I want to thank chaslang for the help with my problem. I did what you suggested and I haven't had any problems since then. I apologize for not following all of the correct procedures when posting my problem and will follow your instructions for posting in the future. Thanks again.
    kadamintz
     
    kadamintz, Sep 4, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Browser hijacked-countere.com -Thank you!

    You're welcome. I'm happy we got this fixed so quickly.
     
    chaslang, Sep 4, 2004
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds