Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Google Hijack Malware - Windows 7
15January2011

Posted on 01/15/2011 7:52:33 AM PST by Lando Lincoln

My computer is infected with malware that hijacks Google. I have swept with Webroot and Avast! No luck. Help?

I prefer not to get into the registry - I lack the skills.

I will be out for awhile, so thanks to all in advance.


TOPICS: Computers/Internet
KEYWORDS: antivirus; firewall; getamac; hijack; infection; malware; spyware; trylinux; virus; virusfix; windows
Thanks.
1 posted on 01/15/2011 7:52:34 AM PST by Lando Lincoln
[ Post Reply | Private Reply | View Replies]

To: Lando Lincoln

try malwarebytes


2 posted on 01/15/2011 7:56:17 AM PST by silverleaf (All that is necessary for evil to succeed, is that good men do nothing)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lando Lincoln

Download a Malware program from Malwarebytes.com. My computer tech told me about this site. There is a free version and it works great!


3 posted on 01/15/2011 7:56:48 AM PST by KalaSamy
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lando Lincoln

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;1

I had great success with Malwarebytes when I had a similar issue.


4 posted on 01/15/2011 7:58:07 AM PST by hc87
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lando Lincoln

I’ve already said it on another thread:

99% of the time, people get viruses, trojans and malware because they were viewing porno online, or trying to get something free (software, music, video) that they would otherwise normally pay for, or open up attachments and links in an email without examining the headers.

Trying to clean up your system is pointless if you don’t fix some habits to begin with.

=8-)


5 posted on 01/15/2011 7:58:58 AM PST by =8 mrrabbit 8=
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lando Lincoln

Extremely hard to get rid of once that happens. I scoured the web for any possible remedy for the Google hijack virus but usually ended up reinstalling Windows. When it started happening too frequently I gave up windows altogether and moved to Ubuntu-Linux(free).. and have never looked back since. Linux (and Mac) are rock solid and virus proof.

A workaround is to disable javascript in your browser. (Edit—>preferences->.... )


6 posted on 01/15/2011 7:59:50 AM PST by libh8er
[ Post Reply | Private Reply | To 1 | View Replies]

To: =8 mrrabbit 8=

Actually watching porno is safe if you are on a non-windows OS. Windows is just a flawed operating system.


7 posted on 01/15/2011 8:02:19 AM PST by libh8er
[ Post Reply | Private Reply | To 5 | View Replies]

To: hc87
Agreed, but sometimes that one doesn’t work. Use Combofix only if nothing else solves the problem;

http://www.combofix.org/download.php

8 posted on 01/15/2011 8:03:45 AM PST by Hillarys Gate Cult
[ Post Reply | Private Reply | To 4 | View Replies]

To: libh8er

Remember, a lot of these maleware programs disable antivirus websites from appearing in your browser.


9 posted on 01/15/2011 8:04:56 AM PST by EQAndyBuzz ( Happy Freeping New Year)
[ Post Reply | Private Reply | To 7 | View Replies]

To: =8 mrrabbit 8=

I received it from an email that had an executable file. If you like, send me your email address and I will forward it to you.

Thanks for the judgment and indictment.


10 posted on 01/15/2011 8:08:50 AM PST by Lando Lincoln (The Democratic Party recriminations have begun.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: =8 mrrabbit 8=
99% of the time

While probably true, GOOGLE has been known to harbor trojans. Even reputable sites and reputable equipment (hard drives, etc) have occasionally been spreaders of malicious viruses and malware.



And many times, even harmless-appearing emails have viruses.


11 posted on 01/15/2011 8:12:58 AM PST by TomGuy
[ Post Reply | Private Reply | To 5 | View Replies]

To: Lando Lincoln

Uninstall everything but the operating system and a few trusted programs. Back it up - create a restore point.

Use the registry editor (regedit.exe). Look in HKEY_LOCAL_MACHINE in the SOFTWARE folder and in the HKEY_CURRENT_USER SOFTWARE folder. Delete any subfolder that is for software you uninstalled.

Look in the remaining subfolders and use Google to identify the entries. Keep it if it is for software you trust. Otherwise, delete it. You will eventually find a search engine hidden in the registry. Delete it. Create a restore point. Reboot.

If successful, test for the hijacker. If it is gone, reinstall all of the software you want.

It took me a weekend, but it saved me $100 Norton wanted to charge me for them to do it. I made alot of mistakes, including deleting a bunch of drivers. That’s OK because I found an installed updated drivers and my machine works much better.


12 posted on 01/15/2011 8:15:45 AM PST by frithguild (The Democrat Party Brand - Big Government protecting Entrenched Interests from Competition)
[ Post Reply | Private Reply | To 1 | View Replies]

To: frithguild

Actually I have Vista, so I am not sure this sledgehammer to kill a gnat method will work for Windows 7.


13 posted on 01/15/2011 8:17:01 AM PST by frithguild (The Democrat Party Brand - Big Government protecting Entrenched Interests from Competition)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Lando Lincoln

I advise you to proceed slowly and with caution.

I have had that same problem twice and have no idea where or how I picked up the virus.
I have never visited a porno site but have had innocent sounding sites redirect me to questionable sites a few times.

In efforts to eliminate the virus I followed much of the advice I could find on Google searches, Free Republic threads, etc. None of the recommended actions worked and some made the problem worse or introduced other problems.
This includes Malwarebytes, AVG and other popular recommendations. They often remove or recommend removal of certain files but the action did not kill the virus and often affected other features that worked fine before.

Both times I ended up having to completely reload the operating system from the factory disk that came with my PC.

An acquaintance had the same problem and took it to a computer shop where they cured the problem for $75 without having to reload the OS.

I now use the latest version of Microsoft Essentials and Zone Alarm and I do not leave the PC on line when I am not actively using it.

Good Luck!


14 posted on 01/15/2011 8:20:04 AM PST by Iron Munro (When a society loses its memory, it descends inevitably into dementia - Mark Steyn)
[ Post Reply | Private Reply | To 1 | View Replies]

To: libh8er
A system restore might work.

I rely on a program formerly called CloneGenius (now Backup Data Kit). It has saved me several times. It makes image files of the OS partition. Since I keep most of my data on a separate drive, I only have to worry about any programs I installed since the last CloneGenius backup.

Since external drives are relatively cheap, there are no excuses for not using some kind of imaging software to backup the OS system. A few $$ invested in backups can save $$ and time later.
15 posted on 01/15/2011 8:21:05 AM PST by TomGuy
[ Post Reply | Private Reply | To 6 | View Replies]

To: =8 mrrabbit 8=

I make a living fixing people’s computers and they all say the same thing, “I don’t go to those sites” and everytime I find the cookies that show they do. I keep telling them there is no such thing as free stuff on the internet. If it’s “Free” it’s a trojan, virus or adware. But hey, I cleared $36K on computer repair alone last year so “Long Live Internet Porn!”


16 posted on 01/15/2011 8:25:04 AM PST by txroadkill ( It's Sarah Palin's fault I don't have a tagline)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Lando Lincoln

Here ya go:

(1) On a NON-INFECTED PC, download Malwarebytes AND Hitman Pro 3.5 (both free) and put them on a CD/DVD.

(1.1) ESSENTIAL SUB-STEP — recent malware BLOCKS the installation of anti-malware programs, so you must rename the executables for the install to some other name. IOW, if you download “Malwarebytesinstall.exe” YOU MUST rename it to “Somethinselse.exe” for both Malwarebytes AND hitmanpro. IFNOT, the malware will likley BLOCK your attempt.

(2) Boot your INFECTED PC in safe mode with network access
(3) install both Malwarebytes and Hitman Pro on the infected PC from the CD you just made. LET THEM UPDATE their databases.
(4) reboot your INFECTED PC in safe mode, *no network*
(5) run deep scans with both, at least twice, especially until it/they detects no more proxy servers.
(6) reboot your INFECTED PC (now cleanER) in safe mode with network and run scans again with both.
(7) reboot your PC in NORMAL mode.
(8) Launch MS Internet Explorer and google “download security essentials” and download, install, update it. MS actually put out a good piece of code here. The is a FREE AV and malware offering from MS that’ll find java explouts that Avast, Malware etc miss.
(9) do a DEEP scan with MS Security Essentials.
(10) reboot your PC in NORMAL mode
(11) rescan with all three.
(12) suggestion — set up Malwarebytes and Hitman to run on startup for a week or so.
(13) suggestion — download Registry Mechanic and use it to CLEAN your registry and also temp files etc etc.

Expect the above process to take several hours, and frequent attention. Have beer and chips (or your choice) available.


17 posted on 01/15/2011 8:25:24 AM PST by Blueflag (Res ipsa loquitur)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lando Lincoln

My daughter got this from a very professional-looking spoof “ad” for Antivirus8 that she clicked on.

Took me two days to get her PC cleaned up.

Porn not involved.


18 posted on 01/15/2011 8:27:07 AM PST by Blueflag (Res ipsa loquitur)
[ Post Reply | Private Reply | To 10 | View Replies]

To: =8 mrrabbit 8=
"99% of the time, people get viruses, trojans and malware because they were viewing porno online, or trying to get something free (software, music, video) that they would otherwise normally pay for, or open up attachments and links in an email without examining the headers."

Ahhh...the voice of experience speaks....
19 posted on 01/15/2011 8:28:07 AM PST by FrankR (The Evil Are Powerless If The Good Are Unafraid! - R. Reagan)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Lando Lincoln
Microsoft Windows Malicious Software Removal Tool. You most likely already have it. Simply Run MRT. The quick scan takes minutes, the full scan hours.
20 posted on 01/15/2011 8:28:44 AM PST by decimon
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lando Lincoln

Just do a system restore to a date prior to when the infection happened. Don’t install any new anti-malware programs or uninstall programs, etc. The system restore will get you back to where you were - good as new.


21 posted on 01/15/2011 8:29:23 AM PST by vbmoneyspender
[ Post Reply | Private Reply | To 1 | View Replies]

To: vbmoneyspender

Recent malware is good enough to stop restore points from working.

Plus these new ones hide out in temp folders and reappear even AFTER a system restore.

Ya gotta kill ‘em where they live ;-)


22 posted on 01/15/2011 8:31:31 AM PST by Blueflag (Res ipsa loquitur)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Lando Lincoln

Try this Microsoft program...
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
....Worked for me.
I tried Malwarebytes,Spy-Bot. And I use AVG. And they did not find it.


23 posted on 01/15/2011 8:33:07 AM PST by B-52 Vet
[ Post Reply | Private Reply | To 1 | View Replies]

To: libh8er

“Linux (and Mac) are rock solid and virus proof.”

They’re virus proof?


24 posted on 01/15/2011 8:33:14 AM PST by Magic Fingers
[ Post Reply | Private Reply | To 6 | View Replies]

To: Lando Lincoln; Blueflag

I’d try the system restore first - before loading any new programs or unloading any old ones. If it doesn’t work - then go to the triple-bypass surgery.


25 posted on 01/15/2011 8:36:05 AM PST by vbmoneyspender
[ Post Reply | Private Reply | To 22 | View Replies]

To: libh8er
Actually, listening to Trolls pimping Linux or Mac and making outlandish bullshit claims that they are completely “safe and unable to get viruses.” is where helpful “advice” becomes a liability.

Either help this FReeper fix the problem, or shut the hell up. It is not at all difficult to go into the registry to fix this problem. Some laptops come with a loaded Trojan that keeps defaulting the browser to the unwanted engine.

So far as claiming that Mac, Lin-sux, (Linux) etc. don't do this is not at all true. It happens to them also. There is no such thing as a perfectly secure OS.

26 posted on 01/15/2011 8:41:45 AM PST by PSYCHO-FREEP ( Give me Liberty, or give me an M-24A2! (Cause I'm a nutcase....))
[ Post Reply | Private Reply | To 7 | View Replies]

To: Blueflag
Good advice!

I went to Security Essentials 6 months ago and absolutely LOVE it! It is by far the very best out there. McAfee and Norton are ripoffs and don't do half of what SE does. And SE is completely free. For the advanced professional version, the service is outstanding and the protection is amazing.

It was designed and created just for Windows. AND IT WORKS!

27 posted on 01/15/2011 8:48:07 AM PST by PSYCHO-FREEP ( Give me Liberty, or give me an M-24A2! (Cause I'm a nutcase....))
[ Post Reply | Private Reply | To 17 | View Replies]

To: Magic Fingers

Almost. Unlike windows, nothing can be installed unless you give explicit permission.


28 posted on 01/15/2011 8:51:53 AM PST by libh8er
[ Post Reply | Private Reply | To 24 | View Replies]

To: =8 mrrabbit 8=
You are right. I never get any spyware, viruses, trogans, or worms. How? Safe practices that all users should know.
29 posted on 01/15/2011 9:27:14 AM PST by Lysander (Don't stand where I told you to stand. Stand where I told you to stand.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Lando Lincoln

You may have a version of what is called “SmitFraud”. There are many variant of this and it can be removed by following these steps:

1. Download smitfraudfix here: http://siri.geekstogo.com/SmitfraudFix.php use one of the mirrors. Download it on your computer or a friends.

2. Turn off your system restore. Many times, system restoration files will hide other installations of the malicious software.

3. Boot into safe mode WITHOUT NETWORKING and install the smitfraudfix.

4. Run smitfraudfix. When it completes, it will perform a disk clean up.

5. When it is done, restart the computer in normal mode. You may notice that your desktop background is gone, that is normal. Check and see if you are able to browse the web without problem. If so, then turn your system restoration back on.


30 posted on 01/15/2011 9:27:19 AM PST by Mr. Jazzy (God bless the United States of America and protect her from the enemies of freedom.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lando Lincoln
Here's a set of instructions that might help.

Remove Virus Which Redirects to go.google.com | go.google.com Redirect Virus Removal tool for Windows

Once you get cleaned up a FReeper made a good recommendation IMHO. Use a tool like Clonezilla to create an image of your system drive and save it on an external partition that stores images only. If you make sure you save your docs, favorites, etc. somewhere other than your system drive and run into trouble..pop in your Clonezilla CD and your good as new in a half hour or less.

31 posted on 01/15/2011 9:45:14 AM PST by Chunga85 ("Foreclosure Fraud", TARP, "Mortgage Crisis", Bailout)
[ Post Reply | Private Reply | To 1 | View Replies]

To: libh8er
Windows is just a flawed operating system.

That is not true.

Windows is a flawless virus.


Frowning takes 68 muscles.
Smiling takes 6.
Pulling this trigger takes 2.
I'm lazy.

32 posted on 01/15/2011 9:53:27 AM PST by The Comedian (Sarah Palin: America's last, best hope.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Lando Lincoln

Also, make sure you have the latest version of Java installed and the old versions are removed.

Use JavaRa for that. Excellent program.


33 posted on 01/15/2011 10:29:10 AM PST by Mr. Jazzy (God bless the United States of America and protect her from the enemies of freedom.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: The Comedian
Windows is a flawless virus.

I stand corrected !

34 posted on 01/15/2011 10:43:48 AM PST by libh8er
[ Post Reply | Private Reply | To 32 | View Replies]

To: PSYCHO-FREEP

Thanks P-F. And thanks to all. Avast! worked and cleaned it up. It took a boot scan on start-up. And it was the free version...

Here is the site:

http://www.avast.com/index


35 posted on 01/15/2011 12:15:59 PM PST by Lando Lincoln (The Democratic Party recriminations have begun.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Lando Lincoln
I also highly recommend that you go to msn.com and get the free version of Security Essentials and if you don't have the other firewall program, get that also.

Avast is a good program, but SE is by far better. I have had some minor problems using Avast in the past. They do not cover everything as thoroughly as Microsoft.

36 posted on 01/15/2011 12:25:01 PM PST by PSYCHO-FREEP ( Give me Liberty, or give me an M-24A2! (Cause I'm a nutcase....))
[ Post Reply | Private Reply | To 35 | View Replies]

To: PSYCHO-FREEP

If you have a desktop PC, Rollback RX will work wonders. You can always go back in time to the state Windows last worked right. And when you do, just delete the infected snapshot.

Voila!


37 posted on 01/15/2011 9:59:11 PM PST by goldstategop (In Memory Of A Dearly Beloved Friend Who Lives In My Heart Forever)
[ Post Reply | Private Reply | To 36 | View Replies]

To: =8 mrrabbit 8=

Wow, you are a complete a$$. I’m sure I’m not the first person to tell you that.


38 posted on 03/25/2011 6:11:23 PM PDT by Professional
[ Post Reply | Private Reply | To 5 | View Replies]

To: txroadkill

Exactly... You folks involved with the “fixing”, if you’re not involved with the viruses themselves, I have noticed that you advertise on the websites the hijacked browser takes you to. I notice that these phoney websites pop up, when you enter key words of the problems you are having. Nice biz you’re in...


39 posted on 03/25/2011 6:15:17 PM PDT by Professional
[ Post Reply | Private Reply | To 16 | View Replies]

To: Magic Fingers

More or less the thing about Linux that makes it secure you cannot make any changes to your system unless you are Root in other words you have to be administrator to make changes to your OS.
The other thing is you can have different partitions for Home,Root, Boot or any other variant having your Home directory on a separate partition means you can completely reinstall your system and not touch your personal files.
Linux is nothing like it used to be it is much like windows as most functions are just point and click, you can also run a dual boot system say windows an ubuntu use ubuntu to surf the net an windows for other things! Go here to read up on Linux also you can download a distro and try it out without installing!!

http://distrowatch.com/

If you ran Linux for awhile I promise you you would find yourself booting into windows less often.


40 posted on 03/25/2011 6:39:47 PM PDT by Lees Swrd ("Arms discourage and keep the invader and plunderer in awe and preserve order in the world as well")
[ Post Reply | Private Reply | To 24 | View Replies]

To: Professional

Wow...this thread is still alive...great!

1. Very true that no one OS is 100% virus/trojan/worm safe. Even with so-called “bullet-proof” OSes the end user or sysadmin is and always will be the weak point.

2. Been working in the IT business for over 2 decades - porno, free stuff (warez), and failure to filter unsolicited emails and opening email attachments is the cause 99% of the time.

3. “My social network account got hacked” or my “eBay account got hacked!” isn’t really a hack. Number one cause is lazy people opening up what looks like a Facebook URL or eBay URL in an email instead of browsing directly to the sites themselves. In doing so - they literally give their username and password away to the phony site they end up at.

4. In my work, I actually give breaks rate and hours-wise to customers who follow my recommendations...I appreciate customers who do so. I don’t for those who just refuse to listen...I’m not in the IT business to be an electronic janitor. You never get paid enough to do it...ever. Even at 250.00/hr it’s just not enough.

As noted by another poster - ComboFix is something to use as a last resort...

=8-)


41 posted on 03/25/2011 9:14:12 PM PDT by =8 mrrabbit 8=
[ Post Reply | Private Reply | To 38 | View Replies]

To: =8 mrrabbit 8=

If it’s 99%, then shut up.

I got my malware or whatever it is, from doing google searches on the Japan quake.

If you’re not going to be of service on a thread like this, then leave folks alone.

Computer issues can impact people’s livelihood, and chew up hours at a frustrating rate.

Again, nobody appreciates a pompous a$$, and you wouldn’t appreciate a smart alec plumber, car repairman, roof doctor, or whatever if it was you in need.

Right now, I got something that is hijacking the browser, and it refuses to allow me to connect to windows update, or an update on msft security essentials. I have two computers to work with, so I download stuff from the clean one.

I’ve been on MSFT toll free help desk, and even their back up security scan using remote assistance can’t seem to find this devil.


42 posted on 03/25/2011 9:42:04 PM PDT by Professional
[ Post Reply | Private Reply | To 41 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson