We have been asked to clean up an infected Dell Inspiron laptop. We've run Malwarebytes, SpyBot and Trend Micro's online House Call scanner. Malwarebytes came up with some items which it removed. Spybot came up with 100 items which it "fixed".
However, there is still a browser (IE8) hijacker that periodically redirects from a requested site (e.g. cnn.com) to various garbage sites.
I've installed Hijack This and have a log but I'm frankly not sure what to do with it. Would someone please point me in the direction of a reliable forum on which I can post my Hijack This results, have them analyzed and receive some direction as to which items to remove.
Thanks, in advance.
How to get rid of browser hijacker
-
- 3StarLounger
- Posts: 390
- Joined: 26 Jan 2010, 16:02
- Location: Las Vegas, NV
How to get rid of browser hijacker
Carol W.
-
- Administrator
- Posts: 79365
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: How to get rid of browser hijacker
There are sites where you can paste your HijackThis log and have it analyzed automatically:
HijackThis Logfileauswertung (don't worry, the site itself is in English)
HiJackThis! Log auto analyzer V2
The Malwarebytes Forum has a forum dedicated to HijackThis logs.
HijackThis Logfileauswertung (don't worry, the site itself is in English)
HiJackThis! Log auto analyzer V2
The Malwarebytes Forum has a forum dedicated to HijackThis logs.
Best wishes,
Hans
Hans
-
- 3StarLounger
- Posts: 390
- Joined: 26 Jan 2010, 16:02
- Location: Las Vegas, NV
Re: How to get rid of browser hijacker
Hans,
I pasted my log into both sites you recommended and deleted a total of 5 items identified on both sites. The redirecting issue seems to be corrected. I say "seems" because it was very sporadic.
We did have another interesting problem and that was that IE8 was unable to reach Windows Update. Did some Googling and found that rootkits (Note to self: look up difference between rootkit and other malware) can cause this behavior. One post suggested using Combo Fix. It did the trick and now the machine has access to Windows Update.
What I don't understand is how this machine, which was supposedly protected by the full McAfee suite, became so infected. It just blows my mind.
Thanks, as always.
I pasted my log into both sites you recommended and deleted a total of 5 items identified on both sites. The redirecting issue seems to be corrected. I say "seems" because it was very sporadic.
We did have another interesting problem and that was that IE8 was unable to reach Windows Update. Did some Googling and found that rootkits (Note to self: look up difference between rootkit and other malware) can cause this behavior. One post suggested using Combo Fix. It did the trick and now the machine has access to Windows Update.
What I don't understand is how this machine, which was supposedly protected by the full McAfee suite, became so infected. It just blows my mind.
Thanks, as always.
Carol W.
-
- Administrator
- Posts: 79365
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: How to get rid of browser hijacker
Rootkits are very devious - it's software that modifies the operating system in such a way that the file system cannot "see" it, and hence standard anti-malware programs cannot detect it. Most advanced anti-virus programs (including McAfee) now provide some protection against rootkits, but if the user deliberately or accidentally allows an external program to modify the system, it's hard to stop them.
See Rootkit on Wikipedia for an explanation of what a rootkit is/does.
ComboFix is a very powerful "cleaner" that can be used as a last resort if standard anti-malware programs fail. In normal circumstances it's overkill - it may "clean" too much.
See Rootkit on Wikipedia for an explanation of what a rootkit is/does.
ComboFix is a very powerful "cleaner" that can be used as a last resort if standard anti-malware programs fail. In normal circumstances it's overkill - it may "clean" too much.
Best wishes,
Hans
Hans
-
- 3StarLounger
- Posts: 390
- Joined: 26 Jan 2010, 16:02
- Location: Las Vegas, NV
-
- 3StarLounger
- Posts: 390
- Joined: 26 Jan 2010, 16:02
- Location: Las Vegas, NV
Re: How to get rid of browser hijacker
Update - Once we were able to get to Windows Update, the activex add-on required by IE8 crashed repeatedly. More Googling revealed that the check box in IE | Tools | Internet Options | Advanced tab labeled "Enable memory protection to help mitigate online attacks" needed to be unchecked in order to install the activex add-on. Once the activex add-on was installed, we were able to recheck the option and still have Windows Update work properly.
Apparently it only needed to be unchecked to install the activex add-on. This is a Win XP SP3 machine.
Apparently it only needed to be unchecked to install the activex add-on. This is a Win XP SP3 machine.
Last edited by Carol W. on 17 Sep 2010, 13:51, edited 1 time in total.
Carol W.
-
- Administrator
- Posts: 79365
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: How to get rid of browser hijacker
Thanks, that detail might help someone else in a similar situation.
Best wishes,
Hans
Hans