Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Search hijacker

1 view
Skip to first unread message

Lil' Abner

unread,
Nov 19, 2009, 9:59:27 AM11/19/09
to
I just got done cleaning up a computer that had one of the rogue
antimalware apps. This one was named "Control Center". After finally
figuring out a way to get around it in Safe Mode (it came up there too) I
was able to get rid of it with Malwarebytes. I went back in Normal mode and
ran it again. Also ran Superantispyware and am getting a clean bill of
health from both.

Antivirus is the free version of Avast.

I no sooner opened Firefox that up popped a notice, "Your computer is still
infected". Helluva time getting rid of that. Finally killed Firefox in Task
Manager and it went away.

Installed HiJack This and got rid of a lot of suspicious looking crap. That
took care of the pop ups, but still every time I Google for something, the
google links are getting redirected to all kinds of weird places. I
installed the MVPS hosts file and notice that it blocks almost all the
sites that I am being directed to.

I then ran ComboFix. Although it creates a log a mile long, I really don't
think it found anything and the hijack problem still persists.

So what is good for getting rid of browser hijackers?

--
--- Everybody has a right to my opinion. ---

siljaline

unread,
Nov 19, 2009, 10:22:38 AM11/19/09
to

This is a new Rogue, removal guide here :
<http://www.bleepingcomputer.com/virus-removal/remove-control-center>

Silj

--
"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

Lil' Abner

unread,
Nov 19, 2009, 10:56:05 AM11/19/09
to
"siljaline" <sp...@uce.gov> wrote in news:he3nrb$5qs$1...@news.eternal-
september.org:

Instructions for running Malwarebytes.
As mentioned above, that was the first thing I ran.

siljaline

unread,
Nov 19, 2009, 11:05:27 AM11/19/09
to
Lil' Abner wrote:
> Instructions for running Malwarebytes.
> As mentioned above, that was the first thing I ran.

Noted, best bet is to post an HJT Log to your Forum of choice that supports HJT Logs.
As you already know you need to go this route or format and reinstall *but* since this is
a new known Rogue there is a possibility of recovery from the situation.

Good luck !

Buffalo

unread,
Nov 19, 2009, 1:35:47 PM11/19/09
to

Lil' Abner wrote:
>
>
> Instructions for running Malwarebytes.
> As mentioned above, that was the first thing I ran.

Just curious if you had the latest def update and the latest version (1.41)
of MBAM?
Buffalo


Lil' Abner

unread,
Nov 19, 2009, 5:49:54 PM11/19/09
to
"Buffalo" <Er...@nada.com.invalid> wrote in
news:he43a9$hmj$1...@news.eternal-september.org:

I installed mbam and updated it just before I ran it, so probably so.
I didn't really look at the version number.
A note of interest. I haven't used Adaware forever but I decided to
download it and try it. It didn't find much of anything but it did find a
bunch of entries in the HOSTS file it didn't like:
engine.awaps.net(127.0.0.1) @ 273
ads2.expatica.com(127.0.0.1) @ 707
www.hit-counter-download.com(127.0.0.1) @ 916
dl.jiangmin.com(127.0.0.1) @ 1069
ads.mcafee.com(127.0.0.1) @ 1229
directads.mcafee.com(127.0.0.1) @ 1230
vvww-avast.com(127.0.0.1) @ 5891
om.symantec.com(127.0.0.1) @ 10513
a.answers.com(127.0.0.1) @ 10897
microsoft.com.org(127.0.0.1) @ 12874
www.www.microsoft.com.org(127.0.0.1) @ 12875
wdcs.trendmicro.com(127.0.0.1) @ 15052

Those were all in the latest MVPS hosts file I just installed.

I am presently running AVG antispyware on it.

JD

unread,
Nov 19, 2009, 7:09:51 PM11/19/09
to

Did you try a-squared Free:

http://www.emsisoft.com/en/software/free/

or HiJackFree:

http://www.hijackfree.com/en/

--
JD..

Buffalo

unread,
Nov 19, 2009, 7:19:46 PM11/19/09
to

Lil' Abner wrote:
> "Buffalo" <Er...@nada.com.invalid> wrote in
> news:he43a9$hmj$1...@news.eternal-september.org:
>
>>
>>
>> Lil' Abner wrote:
>>>
>>>
>>> Instructions for running Malwarebytes.
>>> As mentioned above, that was the first thing I ran.
>>
>> Just curious if you had the latest def update and the latest version
>> (1.41) of MBAM?
>> Buffalo
>
> I installed mbam and updated it just before I ran it, so probably so.
> I didn't really look at the version number.

[snip]

Thanks for the reply.
Buiffalo


FromTheRafters

unread,
Nov 19, 2009, 7:39:17 PM11/19/09
to
Have you checked for a rootkit?

Also, combofix sometimes works.

"Lil' Abner" <blv...@dogpatch.com> wrote in message
news:Xns9CC8AB37F6A91butter@wefb973cbe498...

Dustin Cook

unread,
Nov 19, 2009, 7:52:21 PM11/19/09
to
"Lil' Abner" <blv...@dogpatch.com> wrote in
news:Xns9CC8650F4632Fbutter@wefb973cbe498:

> Instructions for running Malwarebytes.
> As mentioned above, that was the first thing I ran.

Hi there. You might try our forums for assistance. If you have something
new, we can deal with it. :)
http://www.malwarebytes.org/forums/

--
Dustin Cook [Malware Researcher]
MalwareBytes - http://www.malwarebytes.org
BugHunter - http://bughunter.it-mate.co.uk

0 new messages