Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Lounger
    Join Date
    May 2011
    Posts
    40
    Thanks
    2
    Thanked 1 Time in 1 Post

    removing searchlf.com malware

    My father-in-law's Windows 8.1 laptop somehow got infected with "searchlf.com," which has hijacked Firefox. Resetting FF's search engine and home page didn't help. It doesn't appear in Programs and Features. I ran Malwarebytes and Superantispyware, but neither found it. When I search it, a number of sites come up claiming to remove it, but I can't tell if any of them are trustworthy. Recommendations?
    Thanks!

  2. #2
    Lounger
    Join Date
    May 2011
    Posts
    40
    Thanks
    2
    Thanked 1 Time in 1 Post
    Meant to add: I tried a Restore Point. There was only one available and it failed.

  3. #3
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,147
    Thanks
    31
    Thanked 302 Times in 263 Posts
    Download and run AdwCleaner from: https://toolslib.net/downloads/viewd.../1-adwcleaner/

    Then download and run JunkwareRemovalTool from: http://www.bleepingcomputer.com/down...-removal-tool/

    Let us know how you get on.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  4. #4
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,602
    Thanks
    147
    Thanked 847 Times in 809 Posts
    Quote Originally Posted by greenbergman View Post
    Meant to add: I tried a Restore Point. There was only one available and it failed.
    For info - when a restore point reports as unsuccessful, try it again in Safe Mode as it is most likely that your antivirus program is interfering.

  5. #5
    Lounger
    Join Date
    May 2011
    Posts
    40
    Thanks
    2
    Thanked 1 Time in 1 Post
    Thank you Coochin. No luck, though. The Windows Removal Tool (the link is wrong, but I found it) indicated that it had removed searchlf, but FF is still opening with a site starting with undefined.com. (It had started doing that earlier instead of searchlf.com.)

  6. #6
    Lounger
    Join Date
    May 2011
    Posts
    40
    Thanks
    2
    Thanked 1 Time in 1 Post
    Thank you Sudo15. I ran into a problem: we have his PIN for opening Windows, but he can't find his "real" password so I couldn't start in Safe Mode. Any idea how to find that password?

    I tried instead stopping McAfee, but got the same error, even when selecting an earlier Restore Point. I'm thinking that my next step is to uninstall McAfee and try again.

  7. #7
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,602
    Thanks
    147
    Thanked 847 Times in 809 Posts
    See if Avast Browser Cleanup finds anything. https://www.avast.com/en-gb/browser-cleanup

    That once found something for me that both AdwCleaner and JRT missed.

    If that doesn't sort it, it may have left something in the Hosts file which you can reset, but it isn't as straight forward in Win 8.1 as being able to use the MS Fixit for Win 7.

    https://support.microsoft.com/en-gb/kb/972034

    Sorry - can't help you with the password problem, although there are password recovery programs out there which I have no experience of.

  8. #8
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,792
    Thanks
    116
    Thanked 798 Times in 719 Posts
    F is still opening with a site starting with undefined.com. (It had started doing that earlier instead of searchlf.com.)
    Did you try changing your home page via clicking on the three bar icon at the upper right hand corner and clicking on options?

    Also verify that a proxy server hasn't been set:
    Control Panel > Internet Options > Connections tab > lan settings button. "use a proxy server....." should be unchecked.

    Jerry

  9. #9
    Lounger
    Join Date
    May 2011
    Posts
    40
    Thanks
    2
    Thanked 1 Time in 1 Post
    Hi Sudo15. I really appreciate your help and suggestions. Unfortunately, neither Avast Browser Cleanup or replacing the Hosts file helped.

    This has become really frustrating. (Not a reflection on you!) I finally managed to get a Restore Point to work, but Firefox STILL opened with http://undefined?uid.... (The Restore Point date was before the problem arose.)
    I've run Malwarebytes, CCleaner, SuperAntiSpyware, AdwCleaner and Junkware Removal Tool. I don't see anything suspect in Task Manager.

    What else can I do???

  10. #10
    Lounger
    Join Date
    May 2011
    Posts
    40
    Thanks
    2
    Thanked 1 Time in 1 Post
    Another thought: upgrading to Windows 10 wouldn't help, would it? Might it overwrite anything causing this issue?

  11. #11
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,602
    Thanks
    147
    Thanked 847 Times in 809 Posts
    When you ran MBAM did you first go into Settings/Detection and Protection so that it treated PuPs and PuMs as malware?

    Does this only affect FF and does IE work as it should ?

    Not sure if the Anvi Browser Repair Tool will be able to do anything for it, but click on the FF icon in the left pane and you will see what you can select for it to fix.

    http://www.anvisoft.com/browser-repair-tool.html

    Failing that, perhaps an uninstall/reinstall of FF would help.

    EDIT - I think when you upgrade to Win 10 you take your problems with you when they aren't OS related.

  12. The Following User Says Thank You to Sudo15 For This Useful Post:

    greenbergman (2016-01-25)

  13. #12
    Lounger
    Join Date
    May 2011
    Posts
    40
    Thanks
    2
    Thanked 1 Time in 1 Post
    Hi jwitalka. Yes, I've tried multiple times to reset the homepage via Options. Each time, it works once and then reverts to that "undefined" site. And I went to the LAN settings as you suggested, but the proxy server button was unchecked.

  14. #13
    Lounger
    Join Date
    May 2011
    Posts
    40
    Thanks
    2
    Thanked 1 Time in 1 Post
    Jeez, this thing is stubborn. Anvi didn't do it (though it said it fixed 7 FF problems). Nor did a reinstall of FF do the trick.

  15. #14
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,147
    Thanks
    31
    Thanked 302 Times in 263 Posts
    Quote Originally Posted by greenbergman View Post
    ...I've tried multiple times to reset the homepage via Options. Each time, it works once and then reverts to that "undefined" site...
    Quote Originally Posted by greenbergman View Post
    Jeez, this thing is stubborn...
    That behaviour suggests rootkit virus activity. You could ask for help on the bleepingcomputer.com website.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  16. The Following User Says Thank You to Coochin For This Useful Post:

    greenbergman (2016-01-25)

  17. #15
    Lounger
    Join Date
    May 2011
    Posts
    40
    Thanks
    2
    Thanked 1 Time in 1 Post
    Coochin, you solved it!! I went to bleepingcomputer.com and searched "undefined." Found a post on the exact topic. It had a looong series of steps that didn't work for the poster. But at the end, one suggestion was Refreshing Firefox, and that ridiculously simple step did the trick. <banging hand against head> I have no idea why uninstalling and reinstalling FF didn't do the same thing....

    Thank you everyone.

  18. The Following User Says Thank You to greenbergman For This Useful Post:

    Fascist Nation (2016-04-21)

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •