How to restore hijacked browser?

Topic

New Reply

My Internet Explorer got hijacked today! I was prompted to install a Java update and in the process I missed the extras that were sneeked in on me. Now my IE home page has been changed to something else and my search engine has been changed to Bing. I hope someone will be able to tell me how to get rid of this stuff. I’ve looked through the uninstall list but didn’t find anything listed there.

Thanks,
Bill

Reply | Quote

Replies

Generic fix would consist of something like running Malwarebytes Anti-Malware then AdwCleaner, followed by Junkware Removal Tool: http://www.bleepingcomputer.com/download/windows/security/page/4/ and http://www.bleepingcomputer.com/download/windows/security/page/2/

Save all the logs, they might be useful later.

Reply | Quote

Generic fix would consist of something like running Malwarebytes Anti-Malware then AdwCleaner, followed by Junkware Removal Tool . . .

I ran Malwarebytes and it found a bunch of PUPs but nothing more. I had it disable all the PUPs. Then I ran AdwCleaner and it listed a lot of things in the various categories. Is it safe to have AdwCleaner uninstall all those items? I would like to but I don’t know what they do and if any are needed. I have not gone any further yet. I do have my default home page and search engine back.

Thanks to all the others too who made suggestions.
Bill

Reply | Quote

I ran Malwarebytes and it found a bunch of PUPs but nothing more. I had it disable all the PUPs. Then I ran AdwCleaner and it listed a lot of things in the various categories. Is it safe to have AdwCleaner uninstall all those items? I would like to but I don’t know what they do and if any are needed. I have not gone any further yet. I do have my default home page and search engine back.

Thanks to all the others too who made suggestions.
Bill

Can you post the AdwCleaner report ?

Reply | Quote

Before you do all that:
Set IE Home Page: http://windows.microsoft.com/en-us/internet-explorer/change-home-page#ie=ie-11

Set IE Search Engine: http://windows.microsoft.com/en-us/windows/change-choose-internet-explorer-search-provider#1TC=windows-7

After that, you might still want to run the programs Satrow recommended to be sure you haven’t picked up anything else.

Jerry

Reply | Quote

I got a pop up like that yesterday which said an unknown program wants to change your search provider to Bing and I clicked on Disallow or something but went into Manage add-ons later and made Bing the default and removed Google.

I also ran AdwCleaner afterwards and other than some Driver Updater which could have been something which sneaked in with IOBit Uninstaller, everything else was clean.

Reply | Quote

Do you want Bing or Google as default? Both can exist as search engines within IE. One can be default via IE’s manage add-ons or something like that. I use FF 99% of the time here.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

Hi Bill,

Do you have a system restore point prior to the hijack?

It may be worthwhile restoring back to then and then using the tools suggested earlier in this thread.

Reply | Quote

Browni: I’l look for an earlier restore point.

Sudo15: The AdwCleaner results are displayed on a form that has 6-8 tabs and some items are listed on several of those tabs so listing them here isn’t very straight forward. I’ll see if I can use copy and paste to retrieve each sub list and build a message here.

Thanks to both of you.
Bill

Reply | Quote

OK, copy and paste didn’t work in the ADWCleaner window so I have taken a screen shot of the contents of each tab and pasted all of them in a Word document. I’ll try to insert the document in this message or add it as an attached file.

Thanks,
Bill

Reply | Quote

Bill – Following a scan with AdwCleaner, the Logfile button will be enabled. Just click on this Logfile button to show the current logfile (and be able to save it).
39815-adwcleaner
Click to enlarge

Alternatively, after accepting AdwCleaner’s recommendations (and following the usual automatic reboot), browse to (typically) C:AdwCleanerAdwCleaner[I][/I].txt (where is just that… a random 2-character string, e.g. S0 or R1, etc.)

Hope this helps…

Reply | Quote

Bill – Following a scan with AdwCleaner, the Logfile button will be enabled. Just click on this Logfile button to show the current logfile (and be able to save it. . .

You are right, that log file would be much easier for others to review. I’ll attach it to this message.

A couple of other messages have come in after yours and I’ll concentrate on them after a little.

Thanks,
Bill

Reply | Quote

Bill,

ADW lists a lot of things I wouldn’t install on an enemies PC! I suggest letting it fix things. (After a backup of course!)

Was that after a system restore?

Reply | Quote

As Rick has said, we’ll need to see the LogFile as that is what it will delete should you hit the Clean button.

Of those in the lower pane that you have posted – have you installed that Drive Cure program from ParetoLogic ?

Sometimes you can end with these type of programs bundled with other downloads, which is why it has snagged it.

If it is a legit install then uncheck those two boxes.

I don’t think anyone uses Yahoo, unless it was your choice so you can leave those checked if you want rid of them.

I’m always suspicious of Coupons – if they are unknown to you then leave those checked as well.

The Reimage is probably a legit file so if you recognise it as genuine then uncheck that box.

Some people intentionally install Download Managers, but more often than not, some download sites include them as a must to download a particular program.

When I come across those sites I look for another source, so if you haven’t intentionally installed that – leave it checked for removal.

I don’t know what that FavouritesSearch is.

In its actual kill list there may be what I call mini programs – I think it was Fanspeed (or something) that I had installed and it snagged that in its all or nothing list so I just let it go, but make a note if it lists anything you would prefer to keep and then you will need to reinstall after Cleaning.

Reply | Quote

Unchecking any of those items in the lower pane will edit its kill list in the Log File, but you do have some in the list that you don’t want such as Conduit, trovi and it’s either Softonic or Uniblue that will be responsible for that Download Manager.

I tend to trust AdwCleaner for any other items I don’t recognise such as those Keys, but creating a restore point and then running AdwCleaner again will give you a fall back should anything not work as it should after the reboot.

Reply | Quote

I would trust the AdwCleaner suggestions, remove any ParetoLogic.

Here’s a fairly recent removal guide for Trovi, it recommends running those tools in a different order, as well as adding more checks: http://malwaretips.com/blogs/trovi-search-removal/

Reply | Quote

Thank you to all of you who made suggestions. I used several of them and my browser and my computer seem to be running better than usual now! All is well. Thank you.

Bill

Reply | Quote

Thanks for the update Bill and glad that things are back to normal.

AdwCleaner and Junkware Removal Tool are handy programs to run when you feel things aren’t quite as they should be.

Reply | Quote

http://www.winpatrol.com free version – you won’t be hijacked again
check the box that says lock files or it will drive you crazy win updating.
during install uncheck the box that says trial period.

Reply | Quote

Thanks for the suggestion, Wiley.
Bill

Reply | Quote

Just to chip in here. There is actually another way to fix this without using a single software.

If you have a restore point set up, you can just use Windows utility called “System Restore”. What it does is it sets your settings and executables at an earlier point without deleting your documents, at least that’s what they claim, but so far, I haven’t experience any issues with my data.

Reply | Quote

recimg is system restore on steroids :p

Reply | Quote

Kittencat: I didn’t have a Restore Point to use for that purpose!

Browni: Thanks for the suggestion to use recimg. It looks like a very useful tool.

Bill

Reply | Quote

Are restore points not being created ?

Reply | Quote

Are restore points not being created ?

The Restore system was turned off for some reason! There were no restore points.

Bill

Reply | Quote

The Restore system was turned off for some reason! There were no restore points.

That’s not uncommon, infections/malware/adware frequently have that switch built into their arsenal.

Reply | Quote