IE Browser hijacked

biscuit88 · Feb 21, 2009

My buddy asked me to look at his computer. When I opened his IE browser, it was some sort of adware and kept opening window after window. I couldn't do anything with it. I brought it to my house and used my home network to download a mozilla browser and to access this website and downloads I would need to repair this computer. I followed the instructions on the read me before posting thread and would like someone to check my lastest logs and see if there is anything else I need to pull out. (I did get the IE browser back)

Thank you

biscuit88 · Feb 21, 2009

Additional logs

TimW · Feb 21, 2009

Both the newfiles and runkeys logs are mostly empty. Did you get error messages when you ran the MGTools?

The MBAM log indicates that you did not fix what it found.

Use windows explorer to find and delete:
c:\progra~1\castbo~1\roam jugs this.exe
c:\windows\Tasks\AB788F5A918704F6.job
c:\windows\Tasks\AAD7B11F91942523.job

Now tell me what problems you had running the MGTools.

The biggest problem I see is this:

Total Physical Memory 256.00 MB
Available Physical Memory 76.96 MB
Click to expand...

Hardly enough to run XP.

biscuit88 · Feb 21, 2009

Thank you. Did as you said and computer seems to be running OK. I am returning the computer to its owner. (Will suggest he get more memory)

TimW · Feb 22, 2009

I hope you were able to remove the items that we used for the scans:

We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

biscuit88 · Feb 23, 2009

Thank you. You can close this thread.

TimW · Feb 23, 2009

No problem..........safe surfing.

Log in or Sign up

IE Browser hijacked

biscuit88 Private E-2

Attached Files:

SUPERAntiSpyware Scan Log - first.log

combofix_log.txt

mbam-log-2009-02-20 (21-41-10).txt

biscuit88 Private E-2

Attached Files:

MGlogs.zip

kaspersky.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

biscuit88 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

biscuit88 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member