Solved Browser Hijacker still present after completing MalwareTips removal guide

Status
Not open for further replies.
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 
M

mupaco007

New Member
Thread author
Verified
Dec 16, 2014
28
Here are the FRST logs (still redirecting, by the way).
 

Attachments

  • Addition.txt
    31.6 KB · Views: 41
  • FRST.txt
    43.2 KB · Views: 46
M

mupaco007

New Member
Thread author
Verified
Dec 16, 2014
28
The AdwCleaner application is still in a "Not responding" state - should I end it in Task Manager? Also, any next steps I should take? We're still getting redirected to random sites when clicking on legit links on legit sites (including this forum).
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    974 bytes · Views: 41
M

mupaco007

New Member
Thread author
Verified
Dec 16, 2014
28
Here is the fixlog. Unfortunately, we're still getting redirected. Here is a screenshot of the Chrome history (the entries in the red bracket are ones that resulted from the redirect - it eventually ended on ask.com):

upload_2014-12-20_17-17-58.png
 

Attachments

  • Fixlog.txt
    2.8 KB · Views: 45
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.




adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner




FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 
M

mupaco007

New Member
Thread author
Verified
Dec 16, 2014
28
Here are the logs. After the AdwCleaner scan, the computer rebooted, and when I loaded Chrome to confirm the instructions for the FRST scan, I got redirected when I clicked on the link for this thread again, so it seems to still be an issue.
 

Attachments

  • MalwareBytes_log.txt
    1.4 KB · Views: 98
  • AdwCleaner[S1].txt
    1.4 KB · Views: 41
  • Addition.txt
    32.9 KB · Views: 33
  • FRST.txt
    42.8 KB · Views: 40
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    2.8 KB · Views: 56
M

mupaco007

New Member
Thread author
Verified
Dec 16, 2014
28
Here is the fixlog. I got redirected again when clicking on the link for this thread, so the battle continues...
 

Attachments

  • Fixlog.txt
    8.1 KB · Views: 44
M

mupaco007

New Member
Thread author
Verified
Dec 16, 2014
28
Done, but no luck. Got redirected clicking on the link to this thread again.
 
M

mupaco007

New Member
Thread author
Verified
Dec 16, 2014
28
Yes, I was just redirected using Internet Explorer as well (Chrome and IE are the only two browsers on the computer). If it helps, it seems like each browser has slightly different behavior. When the redirect happens in Chrome, it goes to "find-all-you-want.com" first, and then the second redirect site is "rd-direct.com" before landing on the random site. In IE, it looks like it goes to "xml.adventurefeeds.com" first, and then "sr03.hoistsearch.com" before landing on the random site.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
RogueKiller.png
Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on
    RogueKiller.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.
Please include the content of this logfile in your next reply.




FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 
M

mupaco007

New Member
Thread author
Verified
Dec 16, 2014
28
Here are the logs. Didn't check for redirect since nothing was removed. I left RogueKiller open in case you want me to click the "Delete" button for the next step.
 

Attachments

  • Addition.txt
    33 KB · Views: 38
  • FRST.txt
    40.9 KB · Views: 37
  • RKreport_SCN_12212014_120042.log
    2.1 KB · Views: 34
M

mupaco007

New Member
Thread author
Verified
Dec 16, 2014
28
When I click on a regular link (for example, the Malware Removal Assistance button on your forum)...
upload_2014-12-21_12-22-36.png

...the browser redirects to 2-4 different URLs before landing on the random site (in the case of this example, I ended up on www.reimageplus.com).
upload_2014-12-21_12-26-56.png

I was able to get a screenshot of the first redirect (as shown the in Chrome History above, it then went to 3 other "redirect" URLs before landing on reimageplus.com).
upload_2014-12-21_12-20-16.png
Again, this doesn't happen every time I click a link...only every 5-10 link clicks. When I type URLs directly into the browser, I've never been redirected, so I would imagine there is something tracking the mouse clicks.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware

Please re-run
51a46ae42d560-malwarebytes_anti_malware.png
Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 
M

mupaco007

New Member
Thread author
Verified
Dec 16, 2014
28
Here is the log....but no threats were found :-/
 

Attachments

  • MalwareBytes_log2.txt
    1 KB · Views: 45
Status
Not open for further replies.

Similar threads

S
    • Like
  • Locked
In need of browser hijacker virus removal, chrome extension "apps" version 3.3
Replies
2
Views
594
Windows Malware Removal Help & Support
nasdaq
nasdaq
nicolaasjan
    • Like
Serious Discussion Chromstera browser and malicious extensions
Replies
3
Views
672
General Security Discussions
nicolaasjan
nicolaasjan
mbs5380
  • Locked
Lingering malware after removal of Chromestera.
Replies
4
Views
625
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top