XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Wed Apr 26, 2017 7:24 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 10 posts ] 
Author Message
 Post subject: Browser Hijacking
PostPosted: Mon Dec 15, 2014 3:45 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:10 pm
Posts: 3178
Location: Spain
Tomorrow I'm going to try and help who appears to have been swamped by malware/adware and who knows what else.

I was with her last week and she the webssearch browser hijacker strutting its stuff. I did what I could think of but it wouldn't go away before I ran out of time. I'll be back tomorrow and I'll try again but if anyone can give me some safe links to download free malware/adware scanners from it would be appreciated. When it comes to downloading PC stuff I never know which sites are legit or not. :badteeth: I don't want to make her problems worse by installing something worse than what she already has.

She can't even touch her desktop without ads popping up. It's a a sorry situation. For the last few weeks she had been complaining about how slow everything was.

I want to leave her some tools that she can run from time to time to keep things more or less under control.

Thanks in advance!

_________________
VILA: They missed us! Avon's gadget works!
BLAKE: [to Avon] Is something wrong?
AVON: It just occurred to me, that as the description of a highly sophisticated technological achievement, 'Avon's gadget works' seems to lack a certain style.


Top
 Profile  
 
 Post subject: Re: Browser Hijacking
PostPosted: Mon Dec 15, 2014 3:53 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14367
http://www.microsoft.com/en-us/download ... tails.aspx

http://malwaretips.com/blogs/remove-adware-popup-ads/

Don't download anything from CNET or it's other entities, like advertised here...

http://www.wikihow.com/Remove-Adware-Manually


Top
 Profile  
 
 Post subject: Re: Browser Hijacking
PostPosted: Mon Dec 15, 2014 4:07 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9180
Location: Caught between the moon and NYC
Normally I give Malwarebytes and Security Essentials good whacks at the system (run full, not quick, scans). After that I poke around and see if I can find any remaining traces and clear them out by hand - sometimes they leave entries in add/remove programs (programs and features in Vista+), other times they're in the Start folder and/or registry (start -> run -> msconfig to easily access them all), then there's browser plugins and explorer/activex extensions, etc. MBAR can catch and remove rootkits, though it's been in beta form for over a year - I half suspect it'll never leave beta so they can avoid getting sued by people whose systems have exploded.

Ideally you should have the system disconnected from the internet while the scans are running and while poking around, otherwise you could find yourself in a real time battle with the botnet master in control of the system, where he's kicking off installs of new viruses and malware as quickly as you're removing them, and most of the stuff he installs won't be detected for a couple weeks or longer.

There is a point of no return for infections. If it's been left snowballing for too long the infections will have built to the point where no combination of scanners will get them all, because someone will have put something on there that's currently undetectable. If you're really unlucky it's something that is unique to that system and will never get detected, in which case you have to back up all the user data and start over with a fresh copy of Windows. Normally though what you can do is basically shut the system down and let it sit for a couple weeks, leave it disconnected from the internet, power it on, install your AV(s), copy over fresh AV definitions via USB, then run full scans to clear it all out. By putting in that stretch of time you're increasing the chance that the strains have been submitted to AV companies, who build AV definitions to detect/remove the strains.

As far as preventing new infections once the system is clean, I normally rely on MSSE, Malwarebytes, and CryptoPrevent. I always use MBAM in a scan-only configuration, unchecking the "enable pro" option on the last window the installer pops up.


Top
 Profile  
 
 Post subject: Re: Browser Hijacking
PostPosted: Mon Dec 15, 2014 4:47 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:10 pm
Posts: 3178
Location: Spain
Thanks guys. I'm off to bed. I'll post back with my progress. I think tomorrow will be arduous!

_________________
VILA: They missed us! Avon's gadget works!
BLAKE: [to Avon] Is something wrong?
AVON: It just occurred to me, that as the description of a highly sophisticated technological achievement, 'Avon's gadget works' seems to lack a certain style.


Top
 Profile  
 
 Post subject: Re: Browser Hijacking
PostPosted: Tue Dec 16, 2014 5:30 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5807
Location: NYC
I'd give this a try first. By someone BD and I know well from ASC. From all reports, it appears to get the job done, at least for the adware--and that may be all this is.

http://www.adwaremedic.com/


Top
 Profile  
 
 Post subject: Re: Browser Hijacking
PostPosted: Tue Dec 16, 2014 1:46 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:10 pm
Posts: 3178
Location: Spain
After installing the Microsoft application it did a 20 minute basic scan but came up clean. Due to lack of time I decided to give Malwarebytes a go. I gad to leave but I left it running and had detected 224 objects.

I will be back tomorrow to see how things ended and will run the other stuff. Thanks for the adwaremedic tip wzzz.

I'm keeping my fingers crossed!

_________________
VILA: They missed us! Avon's gadget works!
BLAKE: [to Avon] Is something wrong?
AVON: It just occurred to me, that as the description of a highly sophisticated technological achievement, 'Avon's gadget works' seems to lack a certain style.


Top
 Profile  
 
 Post subject: Re: Browser Hijacking
PostPosted: Wed Dec 17, 2014 3:25 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:10 pm
Posts: 3178
Location: Spain
Went back today but found she had 140GB of photos that weren't backed up! :badteeth:

I started to copy it all over to an external drive but it hadn't finished when I had to leave. I'll be back next week to do what I wanted to do today.

_________________
VILA: They missed us! Avon's gadget works!
BLAKE: [to Avon] Is something wrong?
AVON: It just occurred to me, that as the description of a highly sophisticated technological achievement, 'Avon's gadget works' seems to lack a certain style.


Top
 Profile  
 
 Post subject: Re: Browser Hijacking
PostPosted: Thu Dec 18, 2014 2:11 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9180
Location: Caught between the moon and NYC
"These files are absolutely critical but I can't be bothered to take the time to back them up!"


Top
 Profile  
 
 Post subject: Re: Browser Hijacking
PostPosted: Thu Dec 18, 2014 2:47 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14367
Yeah... "They're in the computer, I can get another Hard Drive anytime." ! :P


Top
 Profile  
 
 Post subject: Re: Browser Hijacking
PostPosted: Thu Dec 18, 2014 4:02 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:10 pm
Posts: 3178
Location: Spain
I was going to take a risk and run the software anyway but when I saw the magnitude of photos that weren't backed up (on a Dell laptop that's more than fours years old) my sphincter clenched itself closed and I had to find an external to copy them over.

_________________
VILA: They missed us! Avon's gadget works!
BLAKE: [to Avon] Is something wrong?
AVON: It just occurred to me, that as the description of a highly sophisticated technological achievement, 'Avon's gadget works' seems to lack a certain style.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group