Browser hijacker need help

November 16, 2010 at 17:32:13
Specs: Windows Vista
Recently I started getting the "browser redirect" problem. I use avast antivirus and spybot as my main virus protection and have never had one. The redirect is so bad that I literally cannot click on ANYTHING without it redirecting. I could only post this by using google cache. Here is the Hijack This log...please tell me other programs I may need or anyways you can help. Thank you.

edited by moderator: remove un-requested log

See More: Browser hijacker need help

Report •

November 18, 2010 at 11:22:00
I looked through your hijackthis log, and it looks like it wasn't any help. Most of what was on there were legitate files. I would recommend downloading malwarebytes if you are able to. then switch to safe mode. This can be done durring startup by hitting the F8 button at the right time. after that is done, try running malwarebytes. It maye be a good idea to stop the other virus protection temporarily as they may interfere with malwarebytes. if this works email the log if there are any infected files and i will take a look to see what might be effecting your system to make it redirect. Also, you may wish to check to see if there is a prxy server enabled that shouldn't be. this can be found under lan setting under internet options. good luck

Report •

November 18, 2010 at 14:15:54
Yes..thank you for your reply. I talked to my Computer Systems Technology teacher and he suggested MalwareBytes! also. It found 7 infected files and a few of them even said hijacker in the's the log:
Malwarebytes' Anti-Malware 1.46

Database version: 5147

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

11/18/2010 5:10:39 PM
mbam-log-2010-11-18 (17-10-39).txt

Scan type: Quick scan
Objects scanned: 149223
Time elapsed: 24 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Weemi Service (Adware.Weemi) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Phillip\AppData\Local\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Phillip\downloads\rDos.exe (HackTool.DOS) -> Quarantined and deleted successfully.
C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Explorer\keys.txt (Password.Stealer) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.

Report •

November 22, 2010 at 05:48:20
Looks like most of the files for this virus are removed. I noticed that you ran a quick scan, I would recommend a "full scan" when you have time. This one is difficult to fully remove. Glad that you were able to run Malwarebytes though

Report •

Related Solutions

November 22, 2010 at 12:23:26
a redirect is usually an unwanted rootkit.
Run these 2 progs in the order
1- rkill.exe (will stop the malware process)
2- tdss killer (will remove the unwanted rootkit if found)

Some HELP in posting on plus free progs and instructions Cheers

Report •

Ask Question