Solved Browser Hijacker still present after completing MalwareTips removal guide

[mupaco007]

So I uninstalled Chrome and also deleted the browsing data (I checked that box the first time as well):


However, last time, I installed Chrome again right away. This time, I haven't reinstalled Chrome, and I have not been able to get IE to redirect after clicking on several links on several different sites. It would be ideal if we could also use Chrome, though, as I feel it performs a lot better for many of the sites that we normally use. Should I reinstall Chrome to see if the redirect comes back for both browsers? Let me know what you think. Thank you for your help so far!

 

[TwinHeadedEagle]

Yes, try to install Chrome again. Try not to signs in into your profile.

 

[mupaco007]

I installed Chrome and skipped the step to sign into one of our profiles. I've clicked multiple links from multiple sites on both Chrome and IE, and we have have zero redirects (making progress!). Waiting for next steps.

 

[TwinHeadedEagle]

Try to log in now and report back.

 

[mupaco007]

I logged into our Chrome profile, and I clicked on several links in Chrome without redirecting. Then I switched to IE, and I was also able to click several links without issues, but eventually it did redirect in IE (redirected about 4 times starting with "find-all-you-want.com"). After that, I went back to Chrome, and then it only took a few link clicks to get it to redirect. Seems like it could be that profile.

 

[TwinHeadedEagle]

Probably, it happened it the past, they somehow infect the profile and it sync malware back. Try to clear sync data.

http://www.cnet.com/how-to/how-to-clear-google-chrome-sync-data/

 

[mupaco007]

So I cleared the sync data for both of the Google accounts that we use on this computer (I haven't turned it back on, either). I let it sit for a few hours as suggested on the CNET link you sent so that the sync data could get cleared out of all their servers. I just started going through some links in Chrome and I got redirected again. I then tried in IE and got redirected after a couple link clicks as well.

I'm assuming (hoping) we just need to do one more scan/clean with some of the anti-malware tools and then since the sync data is cleared we should be good to go? Let me know what you think - thanks!

 

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[mupaco007]

Here are the logs. After the computer rebooted, I opened Chrome to reply to this thread (to my knowledge, Google sync is still turned off) - and I got redirected.

 

[mupaco007]

Just checking - any updates? Thanks again for your help so far!

 

[TwinHeadedEagle]

Did you try to contact your ISP?

 

[mupaco007]

Just to close the loop on this thread, a few days after the last post, the redirects stopped. I still have Google sync off, so my guess is that it just took longer than normal for the sync data (and the browser hijacker) to clear.

This was a stubborn one - thank you TwinHeadedEagle for your patience and expertise!

 

[frustrated_mike]

Thanks for the update. I will be sure to try these steps.