Solved I believe my search engine was hijacked

Mixed ?
June 3, 2013 at 14:47:53
Specs: Windows XP, 1000
I have a serious problem. For years I have been using Google as my search engine. It has been hijacked by "Search .us". I can't find it anywhere, certainly not in Control Panel's add and remove programs. AVG didn't pick it up. Help please.

When was the last time you did something for the first time?


See More: I believe my search engine was hijacked

Report •


#1
June 3, 2013 at 15:06:55
✔ Best Answer
Redirects are quite easy to fix. Try these 3 progs in the EXACT order for starters
1- rkill.exe
http://www.technibble.com/rkill-rep...
2- tdss killer
http://www.bleepingcomputer.com/dow...
3- Malwarebytes
http://www.filehippo.com/download_m...
Fix all they find, if the problem still exists after that, try the SAME again....only this time in safe mode.
Let me know how it goes, there are also some other tools that will remove the problems.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#2
June 3, 2013 at 15:10:39
Please ignore this response #2 - posted in error.

Report •

#3
June 3, 2013 at 15:27:01
This is for Derek. Come grandfather, you have been such a stalwart and a person one could your faitg in when it came to getting slotions on any thing. This is tonque in the cheek stuff though. I will engage with the other guys.

When was the last time you did something for the first time?


Report •

Related Solutions

#4
June 4, 2013 at 12:05:01
Aha Dawie - you are a well known name around these parts.

My original #2 was to point out that the links were missing in #1. I must have been too fast or something because a few seconds later they arrived. Yeah grandfather is right, 13 of them to be precise, but only 4 of them girls.

As for your post then probably #1 will sort it. If not it is worth running ADWCleaner, see here:
http://www.bleepingcomputer.com/dow...
Might be worth running anyway because toolbars being added behind your back could be the source of your issue. You'll probably be surprised to see what old junk it finds and gets shot of.

One other thing, look in "Control Panel > Add-Remove Programs" and make sure no weird programs have been installed without you knowing. Make sure you don't uninstall the wrong thing - google will usually tell you what they all are.

Always pop back and let us know the outcome - thanks


Report •

#5
June 4, 2013 at 13:10:16
Hi Derek. Thanks for your advice. Yes I have tried the 3 programs that XP suggested but the specific problem still exists. I'm now running them again but with AVG disabled. I will also go to that webpage you suggested. I will let you guys know of the outcome. Yes I'm a grandfather of 4 myself. What a pleasure.

When was the last time you did something for the first time?


Report •

#6
June 4, 2013 at 14:42:53
I'll let you two guys iron this out....

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#7
June 4, 2013 at 15:05:17
Re #6
Nah, join in by all means - the more the merrier.

Dawie
Did you run the links in #1 in Safe Mode too? Exact order is important, as given.
Do NOT close Rkill until you have run the other two.

Also, are you using Internet Explorer, otherwise what browser(s) are you using?

Always pop back and let us know the outcome - thanks


Report •

#8
June 4, 2013 at 15:30:39
Derek, no I did not run n r. ! in safe mode. Just explain again how I go about doing it? What I did was running 1 first and no problems detected. I then ran TDSS Killer and nothing showed up. I then ran Malbites and 10 threats came up amongst others also "pupdownload.admin". I deleted all of that. I than downloaded your AdWare Cleaner and he showed the Registry is clean. If you tell me how to run these programs in safe mode that will be my next task. Checking Add and Remove programs in Control Panel showed up nothing suspicious. I'm running Internet Explorer 8.

When was the last time you did something for the first time?


Report •

#9
June 4, 2013 at 15:47:33
It is OK to run ADWCleaner in normal mode. You say it showed the registry clean but were all the other areas clean too? If in doubt just run the Delete and that will remove any unwanted addon toolbars it finds.

To get into Safe Mode, power off the computer, then power it on and start tapping the F8 key. Eventually you should see the start menu list on a black screen. From this select Safe Mode With Networking. After a delay Windows will arrive but it will look a bit strange - large icons and so forth. You will still be able to find everything if you scroll around.

Run the exact sequence given in #1 but do not close Rkill until it the other two programs have finished. Afterwards you could run your AVG scan from Safe Mode too - it gives it a better chance.

See how you get on.

Always pop back and let us know the outcome - thanks


Report •

#10
June 4, 2013 at 17:07:57
Delete all your temp files. Do it from safe mode or safe mode command prompt since a file in use won't be deleted. Often that stuff hides there. Then run the malwarebytes scan again using the 'perform full scan' option.

DAVEINCAPS - Made with REAL high fructose corn syrup.


Report •

#11
June 4, 2013 at 17:53:43
No harm doing the full scan obviously (although it takes a while). Interesting discussion on the malwarebytes forum though - seems to imply the quick scan is good enough:
http://forums.malwarebytes.org//ind...

Always pop back and let us know the outcome - thanks


Report •

#12
June 5, 2013 at 13:17:16
Hi XP and the other guys. Sorry man I was just responding to Derek's point and I was not ignoring me. Besides, you put me on the right track so this is what happened over the last 12 hours. After following your suggestion and sequence, I eventually threw AVG full scan into the fray and something seemed to have happened. Search.us (seems) not to be my default browser anymore as Google now opens. But when I opened the search options it was nicely tuggen in as one of them but Google shows up as my default browser. I checked Add or Remove and it doesn't appear there either. Can I maybe, just maybe assume that it is gone although I managed to delete it from the list of browsers. I'm still going to go the Safe Mode route. Do I need to feel optimistic?

When was the last time you did something for the first time?


Report •

#13
June 5, 2013 at 13:26:21
Remember I said I had deleted Search.us from the browser list. I have just now restarted the computer and I can't find any trace of it. Maybe I should delay running those 3 programs in Safe Mode. What do you guys think?

When was the last time you did something for the first time?


Report •

#14
June 5, 2013 at 13:40:25
Up to you. If the problem appears to be resolved then maybe you don't need to, although there is always the chance that doing so might unearth some remnant.

Always pop back and let us know the outcome - thanks


Report •

#15
June 5, 2013 at 15:29:31
Thanks to all of you. You will not realise how much I appreciate your expertise which you so lavishly share with laymen like me. Thanks guys.

When was the last time you did something for the first time?


Report •


Ask Question