Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[xmorg]

I got a guy who calls me to his house from time to time and fix his computer.  I have seen this before and ive tried to fix it with every tool I know to use but i can seem to figure it out.  Maybe someone could point me in the right direction.

What happens is if you do a search up in the top right hand corner, say in bing or google, your search results get "hijacked".  Lets say if you search for ms security essentials, you are taken to a search results page that looks like you ar being sent to microsoft but when you click on the link, you are taken to one of many different "shady" virus/malware scanners that do noting but report taht you have a virus and wont let you use your computer until you pay them(malware/extortionware)

Even after you clean the computer with mwb, or msse, you still get that hijacking of the search results.  What is this hijacking called, and how is it fixed?  If im using hijackthis is it something i can see?

[ScriptWolf]

I'm may not be the best in trying to help with this but I'm going to say

Delete and reinstall the browser ? It might be tied to that.

Dive into the regestry and try find the bugger there, search google try and find its name and then find out where it's tied it's self there.

To to the last back up this guy made ( pray he made one )

Last resort tell him to save his most valued say goodbye format the harddrive and reinstall the operating system

As I said someone might have a better reply but this is my 2 cents keep me informed I'm interested in how this pans out

[xmorg]

Yea, those are definitely solutions to me, but not to an 80 year old guy who puts a picture of a girl working out in a certain position in his carefully arranged "My Documents" folder so that he knows where his most important files are.  Any kind of sorting of this folder is an absolute catastrophe for him, and so it would be more trouble than its worth to clean it out and start over.  Basically totally pc illiterate, and approaches it so methodically that i would have to do more than reinstall, i would have to recreate his entire environment down to even icon positions.

This is a continuing problem i'm noticing in people who have gotten malware, and im just wondering how it works and if there is a way to fix it without a cpu genocide.  Reinstalling Firefox is easy, but Reinstalling IE is pointless and kinda never really solves these kinds of problems, probably because you can go up and down versions but not really get rid of it.

[eerr]

Download Windows Defender?

Free antivirus.

[Telgin]

I'm guessing this guy has 13 browser toolbars too, but if not you can try disabling all of IE's browser extensions.  It's in the advanced section of IE's options somewhere.

With I believe IE 8, and for sure IE 9, you can selectively disable Browser Helper Objects (BHOs), and it's possible this is how the malware is affecting the browser.  Disabling it if it's in that list might help.  Don't remember off hand how to do it, but Google should help.

[neotemplar]

In the past I would manually hunt down and kill the registry files of such a thing.  I DO NOT recommend you do this, if you screw up you might break everything.  But registry kills do work on these,

[Tellemurius]

HijackThis is a scan for all of your processes running in the computer and checks to see if any malicious code is running. Browser hijacking is done by either registry rewrites or a infected activex objects were dumped on the computer. Boot it into Safe mode and run http://www.superantispyware.com/, their software is amazing on nailing the security hijack executions and the browser hijacks.

Make sure to reset IE after you are done.
IF you still have issues check the Hosts file and any Proxy setttings if they been changed.

[Bauglir]

You may also want to investigate the modem's preferred DNS servers if all else fails. It's kind of an unlikely chance, but I know that in one case, I encountered a router that had gotten hijacked to direct searches through a server somewhere in the Ukraine that inserted some pretty bizarre ads every second time you clicked a search result link. No fucking clue how that happened, though.

[nenjin]

HijackThis is a scan for all of your processes running in the computer and checks to see if any malicious code is running. Browser hijacking is done by either registry rewrites or a infected activex objects were dumped on the computer. Boot it into Safe mode and run http://www.superantispyware.com/, their software is amazing on nailing the security hijack executions and the browser hijacks.

Make sure to reset IE after you are done.
IF you still have issues check the Hosts file and any Proxy setttings if they been changed.

I second HiJackThis. From my experience, browser hijacking is often done through BHOs (Browser Helper Objects.) HiJackThis can identify those when you scan running processes, and help you delete them. Like Telle said, it's best to do this in safemode so those modules aren't active and can be removed.

[ed boy]

From the sounds of it, you're experiencing something that I had a lot of trouble with a while ago (I made a thread about it here). I ended up using a tool called gooredfix to fix it.

[themagicdwarf]

I'm thinking a dedicated network firewall is the solution to keeping this crap out. I wouldn't mind the extra hardware in my space if it worked.

Anti-malware software just doesn't seem to cut it on residential lines, especially. I never noticed stuff like this on the campus lines.

[Tellemurius]

I'm thinking a dedicated network firewall is the solution to keeping this crap out. I wouldn't mind the extra hardware in my space if it worked.

Anti-malware software just doesn't seem to cut it on residential lines, especially. I never noticed stuff like this on the campus lines.

You willing to drop 200 bucks for a hard firewall and set it up for your network? good luck with that

[Zangi]

That stuff is totally avoidable. 
Browser Hijacking and stuff tends to occur when you or some doucheloved one with access to the CPU go on a random porn binge while unprotected... or bypassing said protection...  even with said protection, it can fail.

Though, if you use firefox, go with the no-script add-on...  and ad blocker too.  It can help.

(I've generally ended up reinstalling windows for these occasions.  Massive pain to root out the cause when I do so though.)