# Hijacked internet searchs



## DangerMouse (Jul 17, 2008)

Hijacked.....how?

DM


----------



## chrisn (Dec 23, 2007)

Yea, what do you mean?


----------



## ole 66 (Apr 16, 2009)

When I try to do a search thru google, bing, or whoever, it will display the sights you could go to. As soon as you click one it gets redirected to a completely different list of search choices.


----------



## funfool (Oct 5, 2012)

You are infected, need more info on what you see, should be some common denominator to determine which malware it is.
Then are specific directions for each to remove it. We need to figure out which one it is to help.
So anything in your taskbar, or any info you see being offered would help to determine which bug it is.


----------



## gregzoll (Dec 25, 2006)

Majorgeeks.com and malwareteks.com have the info and tools to help clean your machine. Also some top experts that deal with this stuff all of the time are over there and can help you understand the process and tools results.


----------



## AndyGump (Sep 26, 2010)

You can use all of those programs and more to get rid of a virus, Trojan or what have you but in the end, I believe the best course of action is to format the hard-drive and re-install Windows.
Windows 7 if you can. Of course, you need to have a back-up of all your important data.

Andy.


----------



## chrisn (Dec 23, 2007)

http://windows.microsoft.com/en-US/windows/security-essentials-download


not defender but this one works for me on clearing up bad stuff


----------



## ole 66 (Apr 16, 2009)

Thanks everyone. For now I'm going to use my laptop until I free up some extra time to solve this, I'm going to try Majorgeeks.com and malwareteks.com.


----------



## DangerMouse (Jul 17, 2008)

emsisoft.com/it/software/free/
avast.com

DM


----------



## digitalplumber (Jul 8, 2011)

Boot to safe mode and rerun your security software. Delete all temp files and also files in preload folder.


----------



## Marty1Mc (Mar 19, 2011)

Easiest method is to go back to a restore point before you got infected. Then, install a decent anti-virus on the machine once you have it back. You have a virus that is a browser re-director. They can be a royal PITA to clean.


----------



## digitalplumber (Jul 8, 2011)

Marty1Mc said:


> Easiest method is to go back to a restore point before you got infected. Then, install a decent anti-virus on the machine once you have it back. You have a virus that is a browser re-director. They can be a royal PITA to clean.


In my repair experience, this is usually not possible since some malware and viruses make restoring back, impossible.


----------



## Marty1Mc (Mar 19, 2011)

I do it all the time. You may need to take it to safe mode. Most re-directors aren't that sophisticated.


----------



## gregzoll (Dec 25, 2006)

Marty1Mc said:


> I do it all the time. You may need to take it to safe mode. Most re-directors aren't that sophisticated.


Not that easy. That is why there have been white papers written on how to properly remove malware.

My brother was one of them that helped to write the process stated on both malwareteks.com & majorgeeks.com, to remove malware from computers. He does this stuff professionally for emisoft, as a part of their Malware removal team.


----------



## Marty1Mc (Mar 19, 2011)

Depends on the virus. Like I said before, re-directors tend to tie directly into the browsers. Also, many malware removal programs don't get them. But, restoring the registry removes the pointers and allows the system to boot up without the virus loading into memory and putting a reservation against the file. Then running a virus removal program can find and remove it. Like I said, I do it all the time.


----------



## gregzoll (Dec 25, 2006)

Wrong again Marty1mc. You are way off base on this.


----------



## Marty1Mc (Mar 19, 2011)

Dude, I really am not trying to win an argument. No offense, just because your brother works in the industry, means nothing for your knowledge. I have removed browser redirectors this way, period. I don't care whether you agree or not. It works.


----------



## gregzoll (Dec 25, 2006)

It has nothing to do with my brother working in the industry, it is that I have been dealing with this stuff since before it became mainstream. That means at least going on 21 years now since computers have been getting infected by people using the Internet, and 15 years dealing with Windows based viri.

I have also dealt with the old Dos based viri, that dates over 30 years ago. So been doing this stuff for a very long time.


----------



## Marty1Mc (Mar 19, 2011)

So, I have too. I had the original PC. So what. 
I also have a degree in Computer Science, am a programmer by trade and do ethical hacking on the side. I know what I am doing around a pc and in the registry.
My last job was to recover a password protected video stream from cameras. The manager forgot the password and the place was robbed. I cracked it and the guy was caught. 

OP, give it a try. Like I said, I have had it work many times.


----------



## digitalplumber (Jul 8, 2011)

gregzoll said:


> Not that easy. That is why there have been white papers written on how to properly remove malware.
> 
> My brother was one of them that helped to write the process stated on both malwareteks.com & majorgeeks.com, to remove malware from computers. He does this stuff professionally for emisoft, as a part of their Malware removal team.


 
Exactly, I would rather pull the drive and place in a USB dr and scan using a known clean machine.

The last thing I will do, if you can get it to function, is use the restore back. Reason is, the restore(s) can contain the issue and you dont know how far back to go to not recover them.


----------



## Marty1Mc (Mar 19, 2011)

digitalplumber said:


> Exactly, I would rather pull the drive and place in a USB dr and scan using a known clean machine.
> 
> The last thing I will do, if you can get it to function, is use the restore back. Reason is, the restore(s) can contain the issue and you dont know how far back to go to not recover them.


I am recommending this specifically for browser redirectors. You can do what you are talking about above, spend a lot of time and when you are done, the browser redirector will still be there. You will probably think the virus scan didn't remove it. But, it probably did. 

Why then is the browser redirector still working? Because the damage to the registry has already been done. These are unique viruses. They modify 3 areas of the system: The local registry, the settings for the browser and the HOSTS file (local system file). All of these need to be returned to the correct state as well and virus scanner programs do not do this. Without knowing how to crawl through/edit the registry and edit the HOSTS file, most people are not going to rid the computer of this. There are some programs like "ComboFix" that do this on some of the viruses, but I have seen less success with these lately. 

Also, most people notice a redirector almost immediately. Therefore, the restore point is usualy as of the last window update. 

I don't do this with other viruses, just redirectors.


----------



## danny325is (Dec 4, 2012)

you can clean it an make it usable agian, but it is not worth the time IMO.

I hope you backed up everything you need off that machine, if not start is Safe mode and back up what you need. 

Then do a clean fresh install of windows. You will love the new feel. I am not a fan of windows 8, but if you don't have windows 7. you can get windows 8 for 39.99.


----------

