Can't get rid of Browser Hijacker . Need help

Leha

Leha

ooseepoosee
Joined
Jun 24, 2003
Messages
2,456
Location
Israel,Bat-Yam.
Hi . Since I've installed fast internet at home , I've learned how to protect myself of irritating malicious S**t that overwhelm the web . But there is one problem I can't solve , may be one of you can help .

Problem description : I have file somwhere in my PC which installs browser hijacker ( redirects my start page to porn search site :mad: ) every time I restart . I run Ad-aware , this great software finds 3 registry entries containing this bastard and cleans them , but it doesn't find source . McAfee antivirus doesn't find it either . Spybot doesn't find it . All of the above programs are constantly updated .
May be someone knows other anty-spy-ad-ware that can help ?

Thanks in advance .

Happy New Year .
 
Turner , I will try it , thanks ( although , as far as I know , Ad-aware + Spybot are the best )

Ainwood , i tried everything you mentioned ( with updated software ) , and I do have firewall . BTW , if I permit eMule to connect to my PC , can other file ( trojan for one ) use eMule like "train" ?
 
It is technically possible that a trojan can find a common program and decide to use that to back-door through a firewall. I think it would have to be some pretty nifty code tho.

I do know that pcpitstop will tell you if you have a virus. It might tell you if you have a trojan. . . but I don't recall that from their site. Could be, tho.

Good luck. . . one sure way to get rid of it is to reformat your drive. But that's pretty drastic. . .hope you don't end up having to do that.

Never heard of emule. . . what is that?

Edit: From the pcpitstop main page:

Run PC Pitstop's full test suite now! Here's what we check:

* Disk Fragmentation Analysis
* System Resource Analysis
* Device Driver Analysis
* CPU Benchmark Test
* Video Benchmark Test
* Memory Benchmark Test
* Detailed System Inventory
* Spyware Check
* In-Memory Virus Check
* Internet Download Performance
* Internet Upload Performance
* Internet Ping Test
* Internet Security Test

So they do virus checks, but not trojans. Not sure where you could go to check that.

Where's Jeritain when you need him? He'd know this. . . .
 
Originally posted by Turner_727

Good luck. . . one sure way to get rid of it is to reformat your drive. But that's pretty drastic. . .hope you don't end up having to do that.
Click to expand...

:nono: No way . I'd better live with this porno-madness :)

eMule is sharing software . Like kazaa with some differences .
 
A collegue of mine had something similar once at his work PC. :lol:
Anyway, I fixed it like this:
- I used Microsoft system info to check all active tasks and looked what suspicious programs were running
- I checked whether or not the suspicious programs were true bad boys or just programs that should be on the PC (you can do this by using google, you will get links to sites that will show you how to delete the bad stuff too!)
- CTRL-ALT-DEL to show all the running processes and terminate that program that you suspect is the cause of your problem.
- Use the search function to find that program and delete it.

Hope this helps.
 
msinfo32, when ran from the Start/Run command, will also give you the location of the programs that are running. Location being the spot on the hard drive. After loading it, go to Software Environment/Running Tasks, and it will display this information. Of course, you can't exit out of the program here, but it tells you what's running, and where on the hard drive it is.

Don't know why I didn't think of that earlier. Zwelgje reminded me with his post.
 
Originally posted by Zwelgje
A collegue of mine had something similar once at his work PC. :lol:
Anyway, I fixed it like this:
- I used Microsoft system info to check all active tasks and looked what suspicious programs were running
- I checked whether or not the suspicious programs were true bad boys or just programs that should be on the PC (you can do this by using google, you will get links to sites that will show you how to delete the bad stuff too!)
- CTRL-ALT-DEL to show all the running processes and terminate that program that you suspect is the cause of your problem.
- Use the search function to find that program and delete it.

Hope this helps.
Click to expand...


That is what PCPitstop will do for you. Their scan will show all programs running and what are they for.

MY opinion: install Google Toolbar or install Mozilla Firebird when you look porn sites :)
 
Originally posted by Comraddict



That is what PCPitstop will do for you. Their scan will show all programs running and what are they for.

MY opinion: install Google Toolbar or install Mozilla Firebird when you look porn sites :)
Click to expand...

I got this hijacker not from a porn site . It was kazaa .( of course that doesn't mean I never visited porn-site ;) )
 
Originally posted by Turner_727
msinfo32, when ran from the Start/Run command, will also give you the location of the programs that are running. Location being the spot on the hard drive. After loading it, go to Software Environment/Running Tasks, and it will display this information. Of course, you can't exit out of the program here, but it tells you what's running, and where on the hard drive it is.

Don't know why I didn't think of that earlier. Zwelgje reminded me with his post.
Click to expand...

Ran PCPitstop . It said my PC is clean :(

Well , there's only one option left . I will clean PC with ad-aware after each restart .
 
go to www.trendmicro.com, and from there go to personal, and do a free scan, because I was having the same problem you are having, and it found a virus called java.byteverify, and when I got rid of it, everthing was fine.
 
Originally posted by blackhalo15
go to www.trendmicro.com, and from there go to personal, and do a free scan, because I was having the same problem you are having, and it found a virus called java.byteverify, and when I got rid of it, everthing was fine.
Click to expand...

Hey !! THANKS !!! Fantastic ! Unbelievable !

Updated McAfee couldn't find this sucka .

Guys if anyone has the same problem , go to trendmicro .
I had malicious browser redirector REG_WINSHOW.A
It was stored in C:\WINDOWS\sys.reg
I deleted file and , voila .. PC is clean after restart .

Thanks , blackhalo :goodjob: :goodjob:
 
Originally posted by Turner_727
It is technically possible that a trojan can find a common program and decide to use that to back-door through a firewall. I think it would have to be some pretty nifty code tho.
Click to expand...

This is why ZoneAlarm is useful. It finds a program's MD5 signature and if the MD5 signature has changed (trojan trying to pass itself off as a legit program or upgrades) when trying to access the Internet, ZA warns you.
 
After manually deleting nasty files, one should reboot and immediately run a registry checker/cleaner. This will identify otherwise buried registry entries made by the nasty, because they now refer to nothing. Remove them.
 
You must log in or register to reply here.

Similar threads

Krajzen
A LONG subjective but orderly list of non - bug improvements and suggestions
Replies
16
Views
3K
CoconutTank
CoconutTank
P
Plight - expanded & corrected help texts for Master of Magic
2
Replies
33
Views
21K
vmxa
vmxa
ainwood
  • Sticky
- CFC Full Rules -
3 4 5
Replies
92
Views
606K
leif erikson
leif erikson
Thunderfall
  • Locked
List of Useful & Free Software Programs
20 21 22
Replies
433
Views
75K
aimeeandbeatles
aimeeandbeatles
Jeratain
Spyware and Spam: How to Get Rid of It
2 3 4
Replies
65
Views
6K
hbdragon88
hbdragon88
Back
Top Bottom