Author Topic: I Have A Browser Hijack Problem :/  (Read 7316 times)

0 Members and 1 Guest are viewing this topic.

Offline Crimzen

  • Full Member
  • ***
  • Posts: 612
  • Karma: 0
  • Gender: Male
  • Sending You Positive Energy!
    • Sleeping Awake
I Have A Browser Hijack Problem :/
« on: January 16, 2012, 10:05:19 am »
So I had a virus attack a while ago and these are the following programs I used to get rid of what I had:

SUPERAntiSpyware
Malwarebytes
Kaspersky TDSSKiller

And I had a Trojan and it got rid of that and I had a ton of Adware Tracking Cookies. Got rid of those. Now I do complete scans with SUPERAntiSpyware and Malwarebytes and nothing comes up.

For some reason when I search something in Google or any search engine. And I see the link I need to click (and I know it's a legitimate link and it's the site I need to go to) when I click on it in the search results it starts to go to said link, then redirects to some random site with ads about what I searched. My friend said it's a type of broswer hijack and hard to get rid of. The tool he used to get rid of one once was TDSSKiller. I tried that and it results with no threats. I'm not sure what to do about this. Can anyone in the forums help me? I'm hoping that whatever it is isn't affected my computer harmfully, but it is quite an annoyance. 


Offline yas‮

  • The laziest one.
  • Sr. Member
  • ****
  • Posts: 1280
  • Karma: 36
  • Gender: Male
  • I believe in respawn.
    • Me on SoundCloud
Re: I Have A Browser Hijack Problem :/
« Reply #1 on: January 16, 2012, 11:22:36 am »
Try Spybot: Search & Destroy and of course scan your HDD with an up-to-date antivirus.
Also, try a different browser and see if the problem persists. If it doesn't - it may be your browser's executable or data files which are infected.

Check if you have any unwanted browser add-ons installed.

Offline Crimzen

  • Full Member
  • ***
  • Posts: 612
  • Karma: 0
  • Gender: Male
  • Sending You Positive Energy!
    • Sleeping Awake
Re: I Have A Browser Hijack Problem :/
« Reply #2 on: January 16, 2012, 11:10:49 pm »
I installed Google Chrome and it does the same thing. I also tried uninstalling Firefox and reinstalling it. And it still happens.

I downloaded Spybot and scanned and it said I had no threats.

It's very strange. It's doesn't feel like a huge problem. I had a Trojan on my computer and my SUPERAntiSpyware got rid of that. It stopped picking up those Adware Tracking Cookies finally. The Malewarebytes finally found something called PUP.something I can't remember

I checked Firefox and there was no weird add-ons and I removed all the ones I had before that I've always used. I'm still not sure what to do. I'd like to learn more about these things so that I can not only help myself but others too. Any more suggestions?

Offline yas‮

  • The laziest one.
  • Sr. Member
  • ****
  • Posts: 1280
  • Karma: 36
  • Gender: Male
  • I believe in respawn.
    • Me on SoundCloud
Re: I Have A Browser Hijack Problem :/
« Reply #3 on: January 16, 2012, 11:56:05 pm »
Get some reporting software like HijackThis! and post a log. We'll see if there are any strange processes or services running around, cause that might be the case.

Offline Crimzen

  • Full Member
  • ***
  • Posts: 612
  • Karma: 0
  • Gender: Male
  • Sending You Positive Energy!
    • Sleeping Awake
Re: I Have A Browser Hijack Problem :/
« Reply #4 on: January 17, 2012, 12:28:09 am »
Ok trying this one now, I'll let you know what happens. Thanks for all the help you're giving me Yas :)

Offline yas‮

  • The laziest one.
  • Sr. Member
  • ****
  • Posts: 1280
  • Karma: 36
  • Gender: Male
  • I believe in respawn.
    • Me on SoundCloud
Re: I Have A Browser Hijack Problem :/
« Reply #5 on: January 17, 2012, 12:45:43 am »
No problem, always here to help. Post the logs and I'll check them tomorrow while pretending I'm coding at work. :)

Offline Crimzen

  • Full Member
  • ***
  • Posts: 612
  • Karma: 0
  • Gender: Male
  • Sending You Positive Energy!
    • Sleeping Awake
Re: I Have A Browser Hijack Problem :/
« Reply #6 on: January 17, 2012, 01:43:47 am »
I copied and pasted the log below, it wouldn't let me attach it. I also found this forum called: http://www.spywareinfoforum.com it seems really helpful as well. I joined up to learn more about protecting my PC. Thanks again Yas!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:56:08 PM, on 1/16/2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\MAGIX\Music_Maker_17_Premium_Download_Version\MusicMaker.exe
C:\firefox.exe
C:\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: (no name) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O15 - Trusted Zone: http://*.machinaesupremacy.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8646 bytes

Offline yas‮

  • The laziest one.
  • Sr. Member
  • ****
  • Posts: 1280
  • Karma: 36
  • Gender: Male
  • I believe in respawn.
    • Me on SoundCloud
Re: I Have A Browser Hijack Problem :/
« Reply #7 on: January 17, 2012, 09:50:48 am »
Nothing seems to be wrong here. Try disabling proxy settings within all of your browsers. They might copy settings from each other on install.

Offline Ark

  • Newbie
  • *
  • Posts: 81
  • Karma: 0
Re: I Have A Browser Hijack Problem :/
« Reply #8 on: January 17, 2012, 05:42:34 pm »
Do you have the program team viewer? Maybe i can see the problem myself and troubleshoot because i think i had the same problem before but that was on my last computer.
« Last Edit: January 17, 2012, 05:44:07 pm by Ark »
Don't go with the croud go against it

Offline evilcandybag

  • of Fire
  • Global Moderator
  • Machinae Prime
  • *****
  • Posts: 3152
  • Karma: 66
  • Gender: Male
  • Armoured Tanks of Mass Destruction
Re: I Have A Browser Hijack Problem :/
« Reply #9 on: January 18, 2012, 12:16:48 pm »
One thing I see is that you are using an outdated browser. I don't know what they changed between IE8 and IE9, but security would probably not have become worse.
"Actually, wooden stakes are for vampires. Wooden steaks are for vegetarians."

Hadou

  • Guest
Re: I Have A Browser Hijack Problem :/
« Reply #10 on: January 18, 2012, 07:13:27 pm »
One thing I see is that you are using an outdated browser. I don't know what they changed between IE8 and IE9, but security would probably not have become worse.

I uninstalled IE on my current computer so I couldn't really help on that front, but with Virus Checkers and stuff, Avast is a program that I find generally pretty good at picking up stuff. If I have problems with what I think may be a virus/trojan/potentiallyunwantedprogram etc. I normally use a combination of Avast's Full and Boottime Scans and MalwareBytes Anti Malware. Both great, free progmrams.

Offline yas‮

  • The laziest one.
  • Sr. Member
  • ****
  • Posts: 1280
  • Karma: 36
  • Gender: Male
  • I believe in respawn.
    • Me on SoundCloud
Re: I Have A Browser Hijack Problem :/
« Reply #11 on: January 18, 2012, 07:31:38 pm »
One thing I see is that you are using an outdated browser. I don't know what they changed between IE8 and IE9, but security would probably not have become worse.

I uninstalled IE on my current computer so I couldn't really help on that front, but with Virus Checkers and stuff, Avast is a program that I find generally pretty good at picking up stuff. If I have problems with what I think may be a virus/trojan/potentiallyunwantedprogram etc. I normally use a combination of Avast's Full and Boottime Scans and MalwareBytes Anti Malware. Both great, free progmrams.

As for Avast, it's always been - and still is - crap. Microsoft Security Essentials is probably the best free antivirus nowadays.

Hadou

  • Guest
Re: I Have A Browser Hijack Problem :/
« Reply #12 on: January 18, 2012, 10:10:56 pm »
One thing I see is that you are using an outdated browser. I don't know what they changed between IE8 and IE9, but security would probably not have become worse.

I uninstalled IE on my current computer so I couldn't really help on that front, but with Virus Checkers and stuff, Avast is a program that I find generally pretty good at picking up stuff. If I have problems with what I think may be a virus/trojan/potentiallyunwantedprogram etc. I normally use a combination of Avast's Full and Boottime Scans and MalwareBytes Anti Malware. Both great, free progmrams.

As for Avast, it's always been - and still is - crap. Microsoft Security Essentials is probably the best free antivirus nowadays.

o_O I like it... ;_;

Offline Ziza

  • Jr. Member
  • **
  • Posts: 229
  • Karma: 3
Re: I Have A Browser Hijack Problem :/
« Reply #13 on: January 19, 2012, 12:05:44 am »
But I'm afraid what he says is true :(

Hadou

  • Guest
Re: I Have A Browser Hijack Problem :/
« Reply #14 on: January 19, 2012, 12:13:11 am »
But I'm afraid what he says is true :(

*Everything Hadou Knows About The World Is Wrong*