Google Hijack Malware - Windows 7

15January2011

[Lando Lincoln]

My computer is infected with malware that hijacks Google. I have swept with Webroot and Avast! No luck. Help?

I prefer not to get into the registry - I lack the skills.

I will be out for awhile, so thanks to all in advance.

[Lando Lincoln]

Thanks.

[silverleaf]

try malwarebytes

[KalaSamy]

Download a Malware program from Malwarebytes.com. My computer tech told me about this site. There is a free version and it works great!

[hc87]

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;1

I had great success with Malwarebytes when I had a similar issue.

[=8 mrrabbit 8=]

I’ve already said it on another thread:

99% of the time, people get viruses, trojans and malware because they were viewing porno online, or trying to get something free (software, music, video) that they would otherwise normally pay for, or open up attachments and links in an email without examining the headers.

Trying to clean up your system is pointless if you don’t fix some habits to begin with.

=8-)

[libh8er]

Extremely hard to get rid of once that happens. I scoured the web for any possible remedy for the Google hijack virus but usually ended up reinstalling Windows. When it started happening too frequently I gave up windows altogether and moved to Ubuntu-Linux(free).. and have never looked back since. Linux (and Mac) are rock solid and virus proof.

A workaround is to disable javascript in your browser. (Edit—>preferences->.... )

[libh8er]

Actually watching porno is safe if you are on a non-windows OS. Windows is just a flawed operating system.

[Hillarys Gate Cult]

Agreed, but sometimes that one doesn’t work. Use Combofix only if nothing else solves the problem;

http://www.combofix.org/download.php

[EQAndyBuzz]

Remember, a lot of these maleware programs disable antivirus websites from appearing in your browser.

[Lando Lincoln]

I received it from an email that had an executable file. If you like, send me your email address and I will forward it to you.

Thanks for the judgment and indictment.

[TomGuy]

99% of the time

While probably true, GOOGLE has been known to harbor trojans. Even reputable sites and reputable equipment (hard drives, etc) have occasionally been spreaders of malicious viruses and malware.



And many times, even harmless-appearing emails have viruses.

[frithguild]

Uninstall everything but the operating system and a few trusted programs. Back it up - create a restore point.

Use the registry editor (regedit.exe). Look in HKEY_LOCAL_MACHINE in the SOFTWARE folder and in the HKEY_CURRENT_USER SOFTWARE folder. Delete any subfolder that is for software you uninstalled.

Look in the remaining subfolders and use Google to identify the entries. Keep it if it is for software you trust. Otherwise, delete it. You will eventually find a search engine hidden in the registry. Delete it. Create a restore point. Reboot.

If successful, test for the hijacker. If it is gone, reinstall all of the software you want.

It took me a weekend, but it saved me $100 Norton wanted to charge me for them to do it. I made alot of mistakes, including deleting a bunch of drivers. That’s OK because I found an installed updated drivers and my machine works much better.

[frithguild]

Actually I have Vista, so I am not sure this sledgehammer to kill a gnat method will work for Windows 7.

[Iron Munro]

I advise you to proceed slowly and with caution.

I have had that same problem twice and have no idea where or how I picked up the virus.
I have never visited a porno site but have had innocent sounding sites redirect me to questionable sites a few times.

In efforts to eliminate the virus I followed much of the advice I could find on Google searches, Free Republic threads, etc. None of the recommended actions worked and some made the problem worse or introduced other problems.
This includes Malwarebytes, AVG and other popular recommendations. They often remove or recommend removal of certain files but the action did not kill the virus and often affected other features that worked fine before.

Both times I ended up having to completely reload the operating system from the factory disk that came with my PC.

An acquaintance had the same problem and took it to a computer shop where they cured the problem for $75 without having to reload the OS.

I now use the latest version of Microsoft Essentials and Zone Alarm and I do not leave the PC on line when I am not actively using it.

Good Luck!

[TomGuy]

A system restore might work.

I rely on a program formerly called CloneGenius (now Backup Data Kit). It has saved me several times. It makes image files of the OS partition. Since I keep most of my data on a separate drive, I only have to worry about any programs I installed since the last CloneGenius backup.

Since external drives are relatively cheap, there are no excuses for not using some kind of imaging software to backup the OS system. A few $$ invested in backups can save $$ and time later.

[txroadkill]

I make a living fixing people’s computers and they all say the same thing, “I don’t go to those sites” and everytime I find the cookies that show they do. I keep telling them there is no such thing as free stuff on the internet. If it’s “Free” it’s a trojan, virus or adware. But hey, I cleared $36K on computer repair alone last year so “Long Live Internet Porn!”

[Blueflag]

Here ya go:

(1) On a NON-INFECTED PC, download Malwarebytes AND Hitman Pro 3.5 (both free) and put them on a CD/DVD.

(1.1) ESSENTIAL SUB-STEP — recent malware BLOCKS the installation of anti-malware programs, so you must rename the executables for the install to some other name. IOW, if you download “Malwarebytesinstall.exe” YOU MUST rename it to “Somethinselse.exe” for both Malwarebytes AND hitmanpro. IFNOT, the malware will likley BLOCK your attempt.

(2) Boot your INFECTED PC in safe mode with network access
(3) install both Malwarebytes and Hitman Pro on the infected PC from the CD you just made. LET THEM UPDATE their databases.
(4) reboot your INFECTED PC in safe mode, *no network*
(5) run deep scans with both, at least twice, especially until it/they detects no more proxy servers.
(6) reboot your INFECTED PC (now cleanER) in safe mode with network and run scans again with both.
(7) reboot your PC in NORMAL mode.
(8) Launch MS Internet Explorer and google “download security essentials” and download, install, update it. MS actually put out a good piece of code here. The is a FREE AV and malware offering from MS that’ll find java explouts that Avast, Malware etc miss.
(9) do a DEEP scan with MS Security Essentials.
(10) reboot your PC in NORMAL mode
(11) rescan with all three.
(12) suggestion — set up Malwarebytes and Hitman to run on startup for a week or so.
(13) suggestion — download Registry Mechanic and use it to CLEAN your registry and also temp files etc etc.

Expect the above process to take several hours, and frequent attention. Have beer and chips (or your choice) available.

[Blueflag]

My daughter got this from a very professional-looking spoof “ad” for Antivirus8 that she clicked on.

Took me two days to get her PC cleaned up.

Porn not involved.

[FrankR]

"99% of the time, people get viruses, trojans and malware because they were viewing porno online, or trying to get something free (software, music, video) that they would otherwise normally pay for, or open up attachments and links in an email without examining the headers."

Ahhh...the voice of experience speaks....

[decimon]

Microsoft Windows Malicious Software Removal Tool. You most likely already have it. Simply Run MRT. The quick scan takes minutes, the full scan hours.