I just got hit today, too. I was able to get it to stop by identifying the process; it installs itself as a randomly named executable (mine was bhinhonshdw.exe) in Douments and Settings\Username\Local Settings\Application Data\RandomName. Deleting the file and removing all registry entries to it worked for me (I also had to disable the proxy in IE to get it to work again). I used Process Explorer (do a web search) to identify the hijacking process (move the target over the warning window) and suspend it while I cleaned things up. It's insidious. There are multiple start vectors. You CAN start task manager by Ctrl-Alt-Del before the hijacker starts, and use task manager to start process explorer. The highjacker does not seem to affect Windows explorer's copy function, so you should be able to get Process Explorer in a usable path. Just do a New Task procexp. You have to be fast. You may also be able to kill it directly from Task Manager; I didn't try that, but it could work. I believe that the process always has "shdw" as the last letters of the name. Worst case is you'll have to reboot if you accidentally kill a vital process. Good luck!
I also got hit today too! Out of no where! I wonder how this hijacker targets peole? I didn't download anything today or go on any unusual web sites.
anyways, your info really helped! I restarted my computer, quickly opened up task manager and 'ended process' on the weird file..mine was ohjvroshdw
(i think you're right..they do end in shdw). so after i ended that process, i went to the file location where it was at Douments and Settings\Username\Local Settings\Application Data\RandomName like you said, and then just deleted the entire folder containing the malware (my folder was called 'elhosebg').
All seems to be going fine now, I am able to go on the internet and I am now running a scan using McAfee and Windows Defender, so far everything is working normally.
Thanks again, and I'm glad a found other people with the same issue. Hopefully this info will help others.
oh, a side note: a random gay porn web site popped up while my laptop was infected...? not sure about the connection but just thought i would include that incase anyone else had the same thing happen!
Make sure those registry entries are removed or reset! This malware leaves your computer vulnerable to re-infection to this or other malware. I found this site
Link to paid-for support site removed - Hayton
which gives a good rundown on other things that need to be fixed, like the one that sets .exe files as "low risk", and others that disble IE security settings.
My laptop is infected by the Security Suite malware that directs me to a website called strongantivir.com to fix the problem. From the previous reading that I have done I know that this is a scam, and I have tried to fix it with the removal tools that others have posted. The problem that I have is that this malware will not allow me to run any programs. I cannot open a web browser or other programs (I am using another computer to write this and to transfer removal tools to my infected computer), but as soon as I open the removal tool it is immediately shut down.
An excellent guide to removing Security Suite: http://www.bleepingcomputer.com/virus-removal/remove-security-suite
Follow the "Automated Removal Instructions" to the letter. Please read the instructions first and ask questions if you are unsure of the steps required to remove this 'security suite.'
Let us know how you are doing.
I got hit too! but that was like a few weeks ago. I removed the file like u guys said but today on my other user it popped up again! what should i do? but before it completed scanning i quickly logged off and went to another user. and nothing happened... yet.
and p.s. : when i was attacked it went to this porn site... like jhenriques said..... weird... i wonder if there's a connection....
As "administrator" on your computer, I'd also run the anti-malware program from Malwarebytes. Download the free version and run it as "admin". See if this helps. Also make sure your version of windows is up-to-date. You can check it at Microsoft Update website. Another thing you can do is to download and run the Malicious software Removal Tool.
Let us know how it goes...