Questions

Hijacked?

+
0 Votes
Locked

Hijacked?

cruffin
Suddenly any link I click on takes me to ads page or coupons or anything other than what I expected. Also, cannot run HiJackThis or S&D or IE7 executables. Looks like I have some nastiness embedded but can't find it or a way to find it. Help?
  • +
    0 Votes
    ---TK---

    jumping into "safemode" and running the scans.

    +
    0 Votes
    bincarnato

    From another PC, download malwarebytes to a thumb drive from here: http://tinyurl.com/nlrvz4

    Then rename the file extension from the .exe to .com
    Go to hijacked PC and run the .com just like you would the .exe.

    Once install has finished, browse tot he folder c:\program files\malwarebytes and copy the mbam.exe and paste it in the same folder. Then rename the .exe extension to .com on the copy of mbam.exe. Double-click the .com file. Tell it to do a quick scan and then remove all found items. Reboot the machine if it asks you to in order to finish removal of anything it has found. Once that has finished, try anything that was broke before to see if resolved. If not, executables may run now and run Malwarebytes again from start menu and tell it to update and run quick scan again and etc like above. Test again.

    If still getting browser redirects, run ComboFix from here: http://tinyurl.com/2yct9u
    The links to download are about half way down the page. I use the bleepingcomputer one.

    Rename the .exe extension on the downloaded file to .com and then copy to hijacked PC. Double-click the .com and sit back and let it do it's thing. Test after done.

    If still havng issues, gets more complicated. Post back the Malwarebytes log and we can get an idea of what ails your machine.

    (Edited because TinyURL didn't like link directly to ComboFix download.)

    +
    0 Votes
    dixon

    ...and I would add running Rootkit Revealer:
    www.microsoft.com/technet/sysinternals/utilities/RootKitRevealer.html

    So much of the stuff like you're describing includes a rootkit component these days. You seemingly remove every detectable problem, using every AV tool out there, and it somehow returns.

    But, a word of caution: take time to research the scan's results. RR routinely reports what can only be called 'false positives', such as the creepy sounding 'secrets' entry, which is Microsoft.

    +
    0 Votes
    bincarnato

    I have found that S & D has become bloated and a scan takes entirely too long. In most cases, Malwarebytes has been as effective at removing all of the crapware as S&D is/was, in a fraction of the time.

    +
    0 Votes
    ThumbsUp2

    I have found that having multiple tools doesn't hurt one little bit.

    You can run MalWareBytes in Safe Mode, multiple times, until it reports a clean system. Yet, S&D will find something after that, as does any of the anti-virus scanners.

    In today's world, running multiple tools stands a better chance of getting it all than trusting just one application.

    +
    0 Votes
    bincarnato

    If I have system that is esentially unusable because all of the crapware on there, I run Malwarebytes first because it takes a fraction of the time to remove the crapware that S&D takes. I was just pointing that out to the poster. S&D used to be the same way, scans didn't take an hour to run. Now, it takes forever for it to run. I have a client that does most IT things in-house and one of the things the doctor/owner had one person doing was making sure a scan is run daily with S&D on all 7-8 PCs. They have an AV suite installed on every machine in the building already. The person who had to run these scans every day asked me about it and I said that I had another peice of software that would do the same thing in a fraction of the time. I showed them Malwarebytes and then said that they shoudl show the doctor it when he was in. Anyway, folks couldn't use thier machines for ~1hr in the morning because they were running a S&D scan and I couldn't convince the doctor that running a scan daily wasn't really needed and he pays the bills and signs the checks, so at least the scan times dramatically dropped.

    +
    0 Votes
    Snuffy09

    you cant set a time for Malwarebytes to run (free) S&D can be set to scan daily at whatever time you want. you can also have it update daily. without paying for malwarebytes you cant do this.

    +
    0 Votes
    Snuffy09

    download/install superantispyware, update then, run in safemode (scan while disconnected from internet)

  • +
    0 Votes
    ---TK---

    jumping into "safemode" and running the scans.

    +
    0 Votes
    bincarnato

    From another PC, download malwarebytes to a thumb drive from here: http://tinyurl.com/nlrvz4

    Then rename the file extension from the .exe to .com
    Go to hijacked PC and run the .com just like you would the .exe.

    Once install has finished, browse tot he folder c:\program files\malwarebytes and copy the mbam.exe and paste it in the same folder. Then rename the .exe extension to .com on the copy of mbam.exe. Double-click the .com file. Tell it to do a quick scan and then remove all found items. Reboot the machine if it asks you to in order to finish removal of anything it has found. Once that has finished, try anything that was broke before to see if resolved. If not, executables may run now and run Malwarebytes again from start menu and tell it to update and run quick scan again and etc like above. Test again.

    If still getting browser redirects, run ComboFix from here: http://tinyurl.com/2yct9u
    The links to download are about half way down the page. I use the bleepingcomputer one.

    Rename the .exe extension on the downloaded file to .com and then copy to hijacked PC. Double-click the .com and sit back and let it do it's thing. Test after done.

    If still havng issues, gets more complicated. Post back the Malwarebytes log and we can get an idea of what ails your machine.

    (Edited because TinyURL didn't like link directly to ComboFix download.)

    +
    0 Votes
    dixon

    ...and I would add running Rootkit Revealer:
    www.microsoft.com/technet/sysinternals/utilities/RootKitRevealer.html

    So much of the stuff like you're describing includes a rootkit component these days. You seemingly remove every detectable problem, using every AV tool out there, and it somehow returns.

    But, a word of caution: take time to research the scan's results. RR routinely reports what can only be called 'false positives', such as the creepy sounding 'secrets' entry, which is Microsoft.

    +
    0 Votes
    bincarnato

    I have found that S & D has become bloated and a scan takes entirely too long. In most cases, Malwarebytes has been as effective at removing all of the crapware as S&D is/was, in a fraction of the time.

    +
    0 Votes
    ThumbsUp2

    I have found that having multiple tools doesn't hurt one little bit.

    You can run MalWareBytes in Safe Mode, multiple times, until it reports a clean system. Yet, S&D will find something after that, as does any of the anti-virus scanners.

    In today's world, running multiple tools stands a better chance of getting it all than trusting just one application.

    +
    0 Votes
    bincarnato

    If I have system that is esentially unusable because all of the crapware on there, I run Malwarebytes first because it takes a fraction of the time to remove the crapware that S&D takes. I was just pointing that out to the poster. S&D used to be the same way, scans didn't take an hour to run. Now, it takes forever for it to run. I have a client that does most IT things in-house and one of the things the doctor/owner had one person doing was making sure a scan is run daily with S&D on all 7-8 PCs. They have an AV suite installed on every machine in the building already. The person who had to run these scans every day asked me about it and I said that I had another peice of software that would do the same thing in a fraction of the time. I showed them Malwarebytes and then said that they shoudl show the doctor it when he was in. Anyway, folks couldn't use thier machines for ~1hr in the morning because they were running a S&D scan and I couldn't convince the doctor that running a scan daily wasn't really needed and he pays the bills and signs the checks, so at least the scan times dramatically dropped.

    +
    0 Votes
    Snuffy09

    you cant set a time for Malwarebytes to run (free) S&D can be set to scan daily at whatever time you want. you can also have it update daily. without paying for malwarebytes you cant do this.

    +
    0 Votes
    Snuffy09

    download/install superantispyware, update then, run in safemode (scan while disconnected from internet)