3 Replies Latest reply on Oct 4, 2011 9:12 PM by Hayton

    searchqu browser hijack

      Hi, i'm using windows 7 and I.E. 8 and when i open a new tab my browser homepage has been hijacked by searchqu.com/406. I've run a full scan with Mcafee but it hasn't found anything. Can anyone help please. Thank you Kevan

        • 1. Re: searchqu browser hijack
          Peter M

          Moved to Malware Discussion >> Home User Assistance.

           

          Searchqu doesn't appear to be harmful and you should be able to change your search preferences in IE.   But just in case download, update (important) and then run the FREE version of THIS tool. (DO NOT go for the Pro version).

           

          If for any reason something prevents that action then it is malware, so do all that (it will work with that software) in 'Safe Mode with Networking' which is number 2 on the menu you will see if you tap F8 repeatedly while booting up.

           

          Download and install Internet Explorer 9 which is far safer than IE8.  Link here: http://windows.microsoft.com/en-GB/internet-explorer/products/ie/home

           

          Always keep your machine up to date in all aspects.

           

          Tip for installing service packs...always disable your antivirus first.

           

           

           

           

           

           

          .

           

          Message was edited by: Ex_Brit on 18/09/11 9:33:25 EDT AM
          • 2. Re: searchqu browser hijack
            Vinod R

            I suspect a possible Rookit activity on the machine and would need some logs to confirm the same--- could you please perform the below steps

             

            Running a Rookit scan using -----

             

            Rootkits are programs that try to hide themselves or other programs so that   they are not easily removed. As rootkits have become such a common problem,   it is important to run a utility that will show rootkits that may reside on   your computer. Please note that if you are running a 64-bit version of Windows   you will not be able to run GMER and should skip to the next step.

             

             

            1. To start this process, download GMER from the following location and save it   to your desktop.
            2. GMER   Download Link 1
            3. GMER   Download Link 2 (Only use if the previous link does not work)
            4. When you click on the above link you will see a download prompt
            5. Click on the Save button. You will now be presented with a screen asking where you would like to save the file.
            6. Click once on the Desktop button, designated by the red arrow in the figure above, to save the file to your Desktop and then press the Save button. Your computer will now download the file to your computer and save it on your Desktop. When it is done downloading you will now find an icon on your desktop.
            7. Right-click on the gmer.zip icon and select the Extract all... from menu option
            8. You will be shown a screen asking how you would like to extract the file. Just keep pressing the Next button until you geto the last screen and then press the Finish button to finish the extraction process. The GMER folder should automatically open and you will see that it contains the file called gmer.exe. Please double-click on the gmer.exe program. Once you double-click the icon a Windows security warning may appear asking if you are sure you would like to run the program. If this warning appears, please click on the Run button to allow GMER to start. If no warning appeared then you should just continue with the guide.
            9. You will now see the main GMER window. If it gives you a warning about rootkit activity and asks if you want to run a full scan, please click on the NO button. We now need to configure GMER to not use some settings. Please uncheck the following settings that we do not want in our scan.

            Modules

            Process

            Threads

            Show all ( critical do not miss)

            Files.

             

            After ensuring the above 5 items are unchecked- Right click on the White screen of Gmer  and Select - Options

            You would see few more options getting listed there.

            Select the following Two Alone

             

            IRP Hooks

            NTAPI Registry Scan

             

            One these are selected-

            Click on the Scan button to scan your computer for rootkits. This may take a while, so please be patient. When it has finished you will be back at the main screen

             

            You now need to save the rootkit scan report to your Desktop by clicking on   the Save ... . A screen will open asking where you would like to save the report.   Click once on the Desktop button to change to the Desktop folder   and then in the File name: field enter ark.txt.   Finally, press the Save button to save the report to your desktop.   Please do not act on any of the information you find in this report as many   legitimate programs could be listed in it.

             

            Attach the Log file thus created in your next post for verification by an expert here.

            • 3. Re: searchqu browser hijack
              Hayton

              Do you still have this problem?

               

              If you have a Searchqu Toolbar uninstall it and see if that helps.

               

              Mozilla blocked this toolbar from Firefox on July 19 this year, saying

               

              Searchqu Toolbar has been blocked for your protection.

              Why was it blocked?
              This add-on causes a high volume of crashes and is incompatible with certain versions of Firefox.

              Who is affected?
              Users of Searchqu Toolbar versions 4.3.1.00 and below in all versions of Firefox.

               

              Message was edited by: Hayton on 05/10/11 03:12:05 IST