Skip to comments.Google Hijack Malware - Windows 7
Posted on 01/15/2011 7:52:33 AM PST by Lando Lincoln
My computer is infected with malware that hijacks Google. I have swept with Webroot and Avast! No luck. Help?
I prefer not to get into the registry - I lack the skills.
I will be out for awhile, so thanks to all in advance.
Download a Malware program from Malwarebytes.com. My computer tech told me about this site. There is a free version and it works great!
I had great success with Malwarebytes when I had a similar issue.
I’ve already said it on another thread:
99% of the time, people get viruses, trojans and malware because they were viewing porno online, or trying to get something free (software, music, video) that they would otherwise normally pay for, or open up attachments and links in an email without examining the headers.
Trying to clean up your system is pointless if you don’t fix some habits to begin with.
Extremely hard to get rid of once that happens. I scoured the web for any possible remedy for the Google hijack virus but usually ended up reinstalling Windows. When it started happening too frequently I gave up windows altogether and moved to Ubuntu-Linux(free).. and have never looked back since. Linux (and Mac) are rock solid and virus proof.
Actually watching porno is safe if you are on a non-windows OS. Windows is just a flawed operating system.
Remember, a lot of these maleware programs disable antivirus websites from appearing in your browser.
I received it from an email that had an executable file. If you like, send me your email address and I will forward it to you.
Thanks for the judgment and indictment.
Uninstall everything but the operating system and a few trusted programs. Back it up - create a restore point.
Use the registry editor (regedit.exe). Look in HKEY_LOCAL_MACHINE in the SOFTWARE folder and in the HKEY_CURRENT_USER SOFTWARE folder. Delete any subfolder that is for software you uninstalled.
Look in the remaining subfolders and use Google to identify the entries. Keep it if it is for software you trust. Otherwise, delete it. You will eventually find a search engine hidden in the registry. Delete it. Create a restore point. Reboot.
If successful, test for the hijacker. If it is gone, reinstall all of the software you want.
It took me a weekend, but it saved me $100 Norton wanted to charge me for them to do it. I made alot of mistakes, including deleting a bunch of drivers. That’s OK because I found an installed updated drivers and my machine works much better.
Actually I have Vista, so I am not sure this sledgehammer to kill a gnat method will work for Windows 7.
I advise you to proceed slowly and with caution.
I have had that same problem twice and have no idea where or how I picked up the virus.
I have never visited a porno site but have had innocent sounding sites redirect me to questionable sites a few times.
In efforts to eliminate the virus I followed much of the advice I could find on Google searches, Free Republic threads, etc. None of the recommended actions worked and some made the problem worse or introduced other problems.
This includes Malwarebytes, AVG and other popular recommendations. They often remove or recommend removal of certain files but the action did not kill the virus and often affected other features that worked fine before.
Both times I ended up having to completely reload the operating system from the factory disk that came with my PC.
An acquaintance had the same problem and took it to a computer shop where they cured the problem for $75 without having to reload the OS.
I now use the latest version of Microsoft Essentials and Zone Alarm and I do not leave the PC on line when I am not actively using it.
I make a living fixing people’s computers and they all say the same thing, “I don’t go to those sites” and everytime I find the cookies that show they do. I keep telling them there is no such thing as free stuff on the internet. If it’s “Free” it’s a trojan, virus or adware. But hey, I cleared $36K on computer repair alone last year so “Long Live Internet Porn!”
Here ya go:
(1) On a NON-INFECTED PC, download Malwarebytes AND Hitman Pro 3.5 (both free) and put them on a CD/DVD.
(1.1) ESSENTIAL SUB-STEP — recent malware BLOCKS the installation of anti-malware programs, so you must rename the executables for the install to some other name. IOW, if you download “Malwarebytesinstall.exe” YOU MUST rename it to “Somethinselse.exe” for both Malwarebytes AND hitmanpro. IFNOT, the malware will likley BLOCK your attempt.
(2) Boot your INFECTED PC in safe mode with network access
(3) install both Malwarebytes and Hitman Pro on the infected PC from the CD you just made. LET THEM UPDATE their databases.
(4) reboot your INFECTED PC in safe mode, *no network*
(5) run deep scans with both, at least twice, especially until it/they detects no more proxy servers.
(6) reboot your INFECTED PC (now cleanER) in safe mode with network and run scans again with both.
(7) reboot your PC in NORMAL mode.
(8) Launch MS Internet Explorer and google “download security essentials” and download, install, update it. MS actually put out a good piece of code here. The is a FREE AV and malware offering from MS that’ll find java explouts that Avast, Malware etc miss.
(9) do a DEEP scan with MS Security Essentials.
(10) reboot your PC in NORMAL mode
(11) rescan with all three.
(12) suggestion — set up Malwarebytes and Hitman to run on startup for a week or so.
(13) suggestion — download Registry Mechanic and use it to CLEAN your registry and also temp files etc etc.
Expect the above process to take several hours, and frequent attention. Have beer and chips (or your choice) available.
My daughter got this from a very professional-looking spoof “ad” for Antivirus8 that she clicked on.
Took me two days to get her PC cleaned up.
Porn not involved.
Just do a system restore to a date prior to when the infection happened. Don’t install any new anti-malware programs or uninstall programs, etc. The system restore will get you back to where you were - good as new.
Recent malware is good enough to stop restore points from working.
Plus these new ones hide out in temp folders and reappear even AFTER a system restore.
Ya gotta kill ‘em where they live ;-)
Try this Microsoft program...
....Worked for me.
I tried Malwarebytes,Spy-Bot. And I use AVG. And they did not find it.
“Linux (and Mac) are rock solid and virus proof.”
They’re virus proof?
I’d try the system restore first - before loading any new programs or unloading any old ones. If it doesn’t work - then go to the triple-bypass surgery.
Either help this FReeper fix the problem, or shut the hell up. It is not at all difficult to go into the registry to fix this problem. Some laptops come with a loaded Trojan that keeps defaulting the browser to the unwanted engine.
So far as claiming that Mac, Lin-sux, (Linux) etc. don't do this is not at all true. It happens to them also. There is no such thing as a perfectly secure OS.
I went to Security Essentials 6 months ago and absolutely LOVE it! It is by far the very best out there. McAfee and Norton are ripoffs and don't do half of what SE does. And SE is completely free. For the advanced professional version, the service is outstanding and the protection is amazing.
It was designed and created just for Windows. AND IT WORKS!
Almost. Unlike windows, nothing can be installed unless you give explicit permission.
You may have a version of what is called “SmitFraud”. There are many variant of this and it can be removed by following these steps:
1. Download smitfraudfix here: http://siri.geekstogo.com/SmitfraudFix.php use one of the mirrors. Download it on your computer or a friends.
2. Turn off your system restore. Many times, system restoration files will hide other installations of the malicious software.
3. Boot into safe mode WITHOUT NETWORKING and install the smitfraudfix.
4. Run smitfraudfix. When it completes, it will perform a disk clean up.
5. When it is done, restart the computer in normal mode. You may notice that your desktop background is gone, that is normal. Check and see if you are able to browse the web without problem. If so, then turn your system restoration back on.
Once you get cleaned up a FReeper made a good recommendation IMHO. Use a tool like Clonezilla to create an image of your system drive and save it on an external partition that stores images only. If you make sure you save your docs, favorites, etc. somewhere other than your system drive and run into trouble..pop in your Clonezilla CD and your good as new in a half hour or less.
That is not true.
Windows is a flawless virus.
Also, make sure you have the latest version of Java installed and the old versions are removed.
Use JavaRa for that. Excellent program.
I stand corrected !
Thanks P-F. And thanks to all. Avast! worked and cleaned it up. It took a boot scan on start-up. And it was the free version...
Here is the site:
Avast is a good program, but SE is by far better. I have had some minor problems using Avast in the past. They do not cover everything as thoroughly as Microsoft.
If you have a desktop PC, Rollback RX will work wonders. You can always go back in time to the state Windows last worked right. And when you do, just delete the infected snapshot.
Wow, you are a complete a$$. I’m sure I’m not the first person to tell you that.
Exactly... You folks involved with the “fixing”, if you’re not involved with the viruses themselves, I have noticed that you advertise on the websites the hijacked browser takes you to. I notice that these phoney websites pop up, when you enter key words of the problems you are having. Nice biz you’re in...
More or less the thing about Linux that makes it secure you cannot make any changes to your system unless you are Root in other words you have to be administrator to make changes to your OS.
The other thing is you can have different partitions for Home,Root, Boot or any other variant having your Home directory on a separate partition means you can completely reinstall your system and not touch your personal files.
Linux is nothing like it used to be it is much like windows as most functions are just point and click, you can also run a dual boot system say windows an ubuntu use ubuntu to surf the net an windows for other things! Go here to read up on Linux also you can download a distro and try it out without installing!!
If you ran Linux for awhile I promise you you would find yourself booting into windows less often.
Wow...this thread is still alive...great!
1. Very true that no one OS is 100% virus/trojan/worm safe. Even with so-called “bullet-proof” OSes the end user or sysadmin is and always will be the weak point.
2. Been working in the IT business for over 2 decades - porno, free stuff (warez), and failure to filter unsolicited emails and opening email attachments is the cause 99% of the time.
3. “My social network account got hacked” or my “eBay account got hacked!” isn’t really a hack. Number one cause is lazy people opening up what looks like a Facebook URL or eBay URL in an email instead of browsing directly to the sites themselves. In doing so - they literally give their username and password away to the phony site they end up at.
4. In my work, I actually give breaks rate and hours-wise to customers who follow my recommendations...I appreciate customers who do so. I don’t for those who just refuse to listen...I’m not in the IT business to be an electronic janitor. You never get paid enough to do it...ever. Even at 250.00/hr it’s just not enough.
As noted by another poster - ComboFix is something to use as a last resort...
If it’s 99%, then shut up.
I got my malware or whatever it is, from doing google searches on the Japan quake.
If you’re not going to be of service on a thread like this, then leave folks alone.
Computer issues can impact people’s livelihood, and chew up hours at a frustrating rate.
Again, nobody appreciates a pompous a$$, and you wouldn’t appreciate a smart alec plumber, car repairman, roof doctor, or whatever if it was you in need.
Right now, I got something that is hijacking the browser, and it refuses to allow me to connect to windows update, or an update on msft security essentials. I have two computers to work with, so I download stuff from the clean one.
I’ve been on MSFT toll free help desk, and even their back up security scan using remote assistance can’t seem to find this devil.