Page 1 of 2 12 LastLast
Results 1 to 15 of 26
  1. #1
    5 Star Lounger
    Join Date
    Jan 2002
    Location
    Midlothian, Virginia, USA
    Posts
    880
    Thanks
    0
    Thanked 2 Times in 1 Post

    How to restore hijacked browser?

    My Internet Explorer got hijacked today! I was prompted to install a Java update and in the process I missed the extras that were sneeked in on me. Now my IE home page has been changed to something else and my search engine has been changed to Bing. I hope someone will be able to tell me how to get rid of this stuff. I've looked through the uninstall list but didn't find anything listed there.

    Thanks,
    Bill

  2. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,629
    Thanks
    299
    Thanked 599 Times in 498 Posts
    Generic fix would consist of something like running Malwarebytes Anti-Malware then AdwCleaner, followed by Junkware Removal Tool: http://www.bleepingcomputer.com/down...curity/page/4/ and http://www.bleepingcomputer.com/down...curity/page/2/

    Save all the logs, they might be useful later.

  3. #3
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,862
    Thanks
    119
    Thanked 812 Times in 727 Posts
    Before you do all that:
    Set IE Home Page: http://windows.microsoft.com/en-us/i...-page#ie=ie-11

    Set IE Search Engine: http://windows.microsoft.com/en-us/w...#1TC=windows-7

    After that, you might still want to run the programs Satrow recommended to be sure you haven't picked up anything else.

    Jerry

  4. #4
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,966
    Thanks
    159
    Thanked 918 Times in 876 Posts
    I got a pop up like that yesterday which said an unknown program wants to change your search provider to Bing and I clicked on Disallow or something but went into Manage add-ons later and made Bing the default and removed Google.

    I also ran AdwCleaner afterwards and other than some Driver Updater which could have been something which sneaked in with IOBit Uninstaller, everything else was clean.

  5. #5
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,801
    Thanks
    101
    Thanked 134 Times in 131 Posts
    Do you want Bing or Google as default? Both can exist as search engines within IE. One can be default via IE's manage add-ons or something like that. I use FF 99% of the time here.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  6. #6
    5 Star Lounger
    Join Date
    Jan 2002
    Location
    Midlothian, Virginia, USA
    Posts
    880
    Thanks
    0
    Thanked 2 Times in 1 Post
    Quote Originally Posted by satrow View Post
    Generic fix would consist of something like running Malwarebytes Anti-Malware then AdwCleaner, followed by Junkware Removal Tool . . .
    I ran Malwarebytes and it found a bunch of PUPs but nothing more. I had it disable all the PUPs. Then I ran AdwCleaner and it listed a lot of things in the various categories. Is it safe to have AdwCleaner uninstall all those items? I would like to but I don't know what they do and if any are needed. I have not gone any further yet. I do have my default home page and search engine back.

    Thanks to all the others too who made suggestions.
    Bill

  7. #7
    WS Lounge VIP Browni's Avatar
    Join Date
    Dec 2009
    Location
    Rochdale, UK
    Posts
    1,719
    Thanks
    39
    Thanked 173 Times in 150 Posts
    Hi Bill,

    Do you have a system restore point prior to the hijack?

    It may be worthwhile restoring back to then and then using the tools suggested earlier in this thread.

  8. #8
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,966
    Thanks
    159
    Thanked 918 Times in 876 Posts
    Quote Originally Posted by BillWilson View Post
    I ran Malwarebytes and it found a bunch of PUPs but nothing more. I had it disable all the PUPs. Then I ran AdwCleaner and it listed a lot of things in the various categories. Is it safe to have AdwCleaner uninstall all those items? I would like to but I don't know what they do and if any are needed. I have not gone any further yet. I do have my default home page and search engine back.

    Thanks to all the others too who made suggestions.
    Bill
    Can you post the AdwCleaner report ?

  9. #9
    5 Star Lounger
    Join Date
    Jan 2002
    Location
    Midlothian, Virginia, USA
    Posts
    880
    Thanks
    0
    Thanked 2 Times in 1 Post
    Browni: I'l look for an earlier restore point.

    Sudo15: The AdwCleaner results are displayed on a form that has 6-8 tabs and some items are listed on several of those tabs so listing them here isn't very straight forward. I'll see if I can use copy and paste to retrieve each sub list and build a message here.

    Thanks to both of you.
    Bill

  10. #10
    5 Star Lounger
    Join Date
    Jan 2002
    Location
    Midlothian, Virginia, USA
    Posts
    880
    Thanks
    0
    Thanked 2 Times in 1 Post
    OK, copy and paste didn't work in the ADWCleaner window so I have taken a screen shot of the contents of each tab and pasted all of them in a Word document. I'll try to insert the document in this message or add it as an attached file.

    Thanks,
    Bill
    Attached Files Attached Files

  11. #11
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,371
    Thanks
    110
    Thanked 641 Times in 515 Posts
    Bill - Following a scan with AdwCleaner, the Logfile button will be enabled. Just click on this Logfile button to show the current logfile (and be able to save it).
    adwcleaner.png
    Click to enlarge

    Alternatively, after accepting AdwCleaner's recommendations (and following the usual automatic reboot), browse to (typically) C:\AdwCleaner\AdwCleaner[<random>].txt (where <random> is just that... a random 2-character string, e.g. S0 or R1, etc.)

    Hope this helps...
    Last edited by Rick Corbett; 2015-03-15 at 18:26.

  12. #12
    WS Lounge VIP Browni's Avatar
    Join Date
    Dec 2009
    Location
    Rochdale, UK
    Posts
    1,719
    Thanks
    39
    Thanked 173 Times in 150 Posts
    Bill,

    ADW lists a lot of things I wouldn't install on an enemies PC! I suggest letting it fix things. (After a backup of course!)

    Was that after a system restore?
    Last edited by Browni; 2015-03-15 at 18:57. Reason: BACKUP BACKUP BACKUP!

  13. #13
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,966
    Thanks
    159
    Thanked 918 Times in 876 Posts
    As Rick has said, we'll need to see the LogFile as that is what it will delete should you hit the Clean button.

    Of those in the lower pane that you have posted - have you installed that Drive Cure program from ParetoLogic ?

    Sometimes you can end with these type of programs bundled with other downloads, which is why it has snagged it.

    If it is a legit install then uncheck those two boxes.

    I don't think anyone uses Yahoo, unless it was your choice so you can leave those checked if you want rid of them.

    I'm always suspicious of Coupons - if they are unknown to you then leave those checked as well.

    The Reimage is probably a legit file so if you recognise it as genuine then uncheck that box.

    Some people intentionally install Download Managers, but more often than not, some download sites include them as a must to download a particular program.

    When I come across those sites I look for another source, so if you haven't intentionally installed that - leave it checked for removal.

    I don't know what that Favourites\Search is.

    In its actual kill list there may be what I call mini programs - I think it was Fanspeed (or something) that I had installed and it snagged that in its all or nothing list so I just let it go, but make a note if it lists anything you would prefer to keep and then you will need to reinstall after Cleaning.
    Last edited by Sudo15; 2015-03-15 at 19:51.

  14. #14
    5 Star Lounger
    Join Date
    Jan 2002
    Location
    Midlothian, Virginia, USA
    Posts
    880
    Thanks
    0
    Thanked 2 Times in 1 Post
    Quote Originally Posted by Rick Corbett View Post
    Bill - Following a scan with AdwCleaner, the Logfile button will be enabled. Just click on this Logfile button to show the current logfile (and be able to save it. . .
    You are right, that log file would be much easier for others to review. I'll attach it to this message.

    A couple of other messages have come in after yours and I'll concentrate on them after a little.

    Thanks,
    Bill
    Attached Files Attached Files

  15. #15
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,966
    Thanks
    159
    Thanked 918 Times in 876 Posts
    Unchecking any of those items in the lower pane will edit its kill list in the Log File, but you do have some in the list that you don't want such as Conduit, trovi and it's either Softonic or Uniblue that will be responsible for that Download Manager.

    I tend to trust AdwCleaner for any other items I don't recognise such as those Keys, but creating a restore point and then running AdwCleaner again will give you a fall back should anything not work as it should after the reboot.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •