Search Engines Hijacked
I am having a huge problem. In Internet Explorer the search engines have been hacked. When I search for something in Google it brings up the results as normal but when you click on a link the majority of the time I get redirected to an advertising site. This is also happening in Alta Vista. I have some experience with getting rid of viruses and have tried a whole bunch of tools to get rid of it but neither Norton Anti Virus, Spybot Search And Destroy or Ad-Aware seems to be able to find the problem.
This is my first time posting in a virus forum like this so I don't really know what you need to help diagnose my problem. I would be really grateful if you can get me started in the right direction. This virus is really starting to interfere with my normal browsing habits and hopefully with your help I can quickly eradicate it.
This is my first time posting in a virus forum like this so I don't really know what you need to help diagnose my problem. I would be really grateful if you can get me started in the right direction. This virus is really starting to interfere with my normal browsing habits and hopefully with your help I can quickly eradicate it.
0
This discussion has been closed.
Comments
Trend Micro HijackThis v2.0.0 is still in beta and not be used here yet
Click here to download HJTsetup.exe and save it to your Desktop.
* Double click on the HJTsetup.exe icon on your desktop.
* By default it will install to C:\Program Files\Hijack This.
* Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
* Put a check by Create a desktop icon then click Next again.
* Continue to follow the rest of the prompts from there.
* At the final dialogue box click Finish and it will launch Hijack This.
* Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
* Name the log "HJTLog" (or something similar ) and save it to your desktop.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
Please be patient, one of our resident experts will be along shortly to help you.
Your HijackThis log has not been posted correctly; it is impossible to read it at present. Please make sure WordWrap is turned off under the Format tab in Notepad and then create a new HijackThis log and post it back here.
Thanks!
You have Norton Internet Security (I think it is), which has a Firewall included. You also have Zone Alarm. Running multiple Firewalls is not a good idea as they will conflict with each other and cause all sorts of problems. You either need to Disable the Firewall on Norton or Uninstall Zone Alarm.
Please do the following...
1. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis
2. Run HijackThis and click on Open the Misc Tools section.
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:
C:\WINDOWS\SYSTEM32\winzwr32.dll
When you are asked "Do you want to restart your computer now?", click OK.
Your PC MUST reboot to delete the file!
3. Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
4. I need to see another log from HijackThis.
- Run Hijackthis.
- Click on Open the Misc Tools section.
- Next click on Open uninstall manager.
- Press the Save list button.
- Save the file to your desktop, with the default name of uninstall_list
- Copy & Paste the entire contents of that file in your in your next post.
5. Please post the following...I followed your instructions and here is the list of logs you asked for. I posted them as attachments again to maintain the neatness.
Glad to hear that.
Your HijackThis is clean.
You need to uninstall this older version of Java through Add/Remove programs - it is a security risk. You have the latest version installed already.
J2SE Runtime Environment 5.0 Update 11
I also suggest you uninstall PartyPoker as it bundles malware.
Apart from that, how is the search engine now?
Well I am finally glad to have got rid of that virus. That was the last thing I needed to do to complete my computer maintenance. Thanks for all your help.
I think its just laziness from Sun Java.
Do you have any questions or can I close this thread?