Page 1 of 2 12 LastLast
Results 1 to 15 of 26
  1. #1
    5 Star Lounger
    Join Date
    Jan 2002
    Location
    Midlothian, Virginia, USA
    Posts
    875
    Thanks
    0
    Thanked 2 Times in 1 Post

    How to restore hijacked browser?

    My Internet Explorer got hijacked today! I was prompted to install a Java update and in the process I missed the extras that were sneeked in on me. Now my IE home page has been changed to something else and my search engine has been changed to Bing. I hope someone will be able to tell me how to get rid of this stuff. I've looked through the uninstall list but didn't find anything listed there.

    Thanks,
    Bill

  2. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Generic fix would consist of something like running Malwarebytes Anti-Malware then AdwCleaner, followed by Junkware Removal Tool: http://www.bleepingcomputer.com/down...curity/page/4/ and http://www.bleepingcomputer.com/down...curity/page/2/

    Save all the logs, they might be useful later.

  3. #3
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,797
    Thanks
    117
    Thanked 799 Times in 720 Posts
    Before you do all that:
    Set IE Home Page: http://windows.microsoft.com/en-us/i...-page#ie=ie-11

    Set IE Search Engine: http://windows.microsoft.com/en-us/w...#1TC=windows-7

    After that, you might still want to run the programs Satrow recommended to be sure you haven't picked up anything else.

    Jerry

  4. #4
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,643
    Thanks
    147
    Thanked 883 Times in 844 Posts
    I got a pop up like that yesterday which said an unknown program wants to change your search provider to Bing and I clicked on Disallow or something but went into Manage add-ons later and made Bing the default and removed Google.

    I also ran AdwCleaner afterwards and other than some Driver Updater which could have been something which sneaked in with IOBit Uninstaller, everything else was clean.

  5. #5
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,735
    Thanks
    95
    Thanked 128 Times in 125 Posts
    Do you want Bing or Google as default? Both can exist as search engines within IE. One can be default via IE's manage add-ons or something like that. I use FF 99% of the time here.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  6. #6
    5 Star Lounger
    Join Date
    Jan 2002
    Location
    Midlothian, Virginia, USA
    Posts
    875
    Thanks
    0
    Thanked 2 Times in 1 Post
    Quote Originally Posted by satrow View Post
    Generic fix would consist of something like running Malwarebytes Anti-Malware then AdwCleaner, followed by Junkware Removal Tool . . .
    I ran Malwarebytes and it found a bunch of PUPs but nothing more. I had it disable all the PUPs. Then I ran AdwCleaner and it listed a lot of things in the various categories. Is it safe to have AdwCleaner uninstall all those items? I would like to but I don't know what they do and if any are needed. I have not gone any further yet. I do have my default home page and search engine back.

    Thanks to all the others too who made suggestions.
    Bill

  7. #7
    WS Lounge VIP Browni's Avatar
    Join Date
    Dec 2009
    Location
    Rochdale, UK
    Posts
    1,653
    Thanks
    38
    Thanked 161 Times in 139 Posts
    Hi Bill,

    Do you have a system restore point prior to the hijack?

    It may be worthwhile restoring back to then and then using the tools suggested earlier in this thread.

  8. #8
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,643
    Thanks
    147
    Thanked 883 Times in 844 Posts
    Quote Originally Posted by BillWilson View Post
    I ran Malwarebytes and it found a bunch of PUPs but nothing more. I had it disable all the PUPs. Then I ran AdwCleaner and it listed a lot of things in the various categories. Is it safe to have AdwCleaner uninstall all those items? I would like to but I don't know what they do and if any are needed. I have not gone any further yet. I do have my default home page and search engine back.

    Thanks to all the others too who made suggestions.
    Bill
    Can you post the AdwCleaner report ?

  9. #9
    5 Star Lounger
    Join Date
    Jan 2002
    Location
    Midlothian, Virginia, USA
    Posts
    875
    Thanks
    0
    Thanked 2 Times in 1 Post
    Browni: I'l look for an earlier restore point.

    Sudo15: The AdwCleaner results are displayed on a form that has 6-8 tabs and some items are listed on several of those tabs so listing them here isn't very straight forward. I'll see if I can use copy and paste to retrieve each sub list and build a message here.

    Thanks to both of you.
    Bill

  10. #10
    5 Star Lounger
    Join Date
    Jan 2002
    Location
    Midlothian, Virginia, USA
    Posts
    875
    Thanks
    0
    Thanked 2 Times in 1 Post
    OK, copy and paste didn't work in the ADWCleaner window so I have taken a screen shot of the contents of each tab and pasted all of them in a Word document. I'll try to insert the document in this message or add it as an attached file.

    Thanks,
    Bill
    Attached Files Attached Files

  11. #11
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,143
    Thanks
    101
    Thanked 580 Times in 464 Posts
    Bill - Following a scan with AdwCleaner, the Logfile button will be enabled. Just click on this Logfile button to show the current logfile (and be able to save it).
    adwcleaner.png
    Click to enlarge

    Alternatively, after accepting AdwCleaner's recommendations (and following the usual automatic reboot), browse to (typically) C:\AdwCleaner\AdwCleaner[<random>].txt (where <random> is just that... a random 2-character string, e.g. S0 or R1, etc.)

    Hope this helps...
    Last edited by Rick Corbett; 2015-03-15 at 18:26.

  12. #12
    WS Lounge VIP Browni's Avatar
    Join Date
    Dec 2009
    Location
    Rochdale, UK
    Posts
    1,653
    Thanks
    38
    Thanked 161 Times in 139 Posts
    Bill,

    ADW lists a lot of things I wouldn't install on an enemies PC! I suggest letting it fix things. (After a backup of course!)

    Was that after a system restore?
    Last edited by Browni; 2015-03-15 at 18:57. Reason: BACKUP BACKUP BACKUP!

  13. #13
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,643
    Thanks
    147
    Thanked 883 Times in 844 Posts
    As Rick has said, we'll need to see the LogFile as that is what it will delete should you hit the Clean button.

    Of those in the lower pane that you have posted - have you installed that Drive Cure program from ParetoLogic ?

    Sometimes you can end with these type of programs bundled with other downloads, which is why it has snagged it.

    If it is a legit install then uncheck those two boxes.

    I don't think anyone uses Yahoo, unless it was your choice so you can leave those checked if you want rid of them.

    I'm always suspicious of Coupons - if they are unknown to you then leave those checked as well.

    The Reimage is probably a legit file so if you recognise it as genuine then uncheck that box.

    Some people intentionally install Download Managers, but more often than not, some download sites include them as a must to download a particular program.

    When I come across those sites I look for another source, so if you haven't intentionally installed that - leave it checked for removal.

    I don't know what that Favourites\Search is.

    In its actual kill list there may be what I call mini programs - I think it was Fanspeed (or something) that I had installed and it snagged that in its all or nothing list so I just let it go, but make a note if it lists anything you would prefer to keep and then you will need to reinstall after Cleaning.
    Last edited by Sudo15; 2015-03-15 at 19:51.

  14. #14
    5 Star Lounger
    Join Date
    Jan 2002
    Location
    Midlothian, Virginia, USA
    Posts
    875
    Thanks
    0
    Thanked 2 Times in 1 Post
    Quote Originally Posted by Rick Corbett View Post
    Bill - Following a scan with AdwCleaner, the Logfile button will be enabled. Just click on this Logfile button to show the current logfile (and be able to save it. . .
    You are right, that log file would be much easier for others to review. I'll attach it to this message.

    A couple of other messages have come in after yours and I'll concentrate on them after a little.

    Thanks,
    Bill
    Attached Files Attached Files

  15. #15
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,643
    Thanks
    147
    Thanked 883 Times in 844 Posts
    Unchecking any of those items in the lower pane will edit its kill list in the Log File, but you do have some in the list that you don't want such as Conduit, trovi and it's either Softonic or Uniblue that will be responsible for that Download Manager.

    I tend to trust AdwCleaner for any other items I don't recognise such as those Keys, but creating a restore point and then running AdwCleaner again will give you a fall back should anything not work as it should after the reboot.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •