Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
5819 Views 15 Replies Latest reply: Dec 2, 2008 7:10 PM by Grif RSS 1 2 Previous Next
dodjw Newcomer 14 posts since
Sep 2, 2004
Currently Being Moderated

Nov 12, 2008 12:27 PM

Browser Hijack

Hello
My daughter’s laptop has become infected with a browser hijacker. Mcafee does not find it. I’ve looked at other threads and tried to install Malwarebytes and Smitfraud but I’m not able to, they install ok on my pc. On a couple of occasions I’ve been prompted to install antivirus2009 which appears to do a scan and found some suspect files and prompted me to install a file, which I cancelled. Any ideas whats going on.

Security Centre
V 9
B 9.0.286

Virus Scan
V 13
B 13.0.218

Personal Firewall
V10
B 10.0.209
  • Ex_Brit Volunteer Moderator 59,530 posts since
    May 6, 2004
    Currently Being Moderated
    1. Nov 12, 2008 7:05 PM (in response to dodjw)
    RE: Browser Hijack
    Try downloading Hijacthis and posting its log on one of the following forums. If you can't download it in regular mode because of the infection boot into "Safe Mode With Networking" by tapping F8 repeatedly while booting up. It allows you internet access while in safe mode.

    Do not post the log here, we can't help!

    DOWNLOAD HIJACKTHIS

    Post the logs at a specialist Forum:

    AUMHA FORUM

    BLEEPING COMPUTER FORUM

    CASTLECOPS FORUM

    GEEKS TO GO FORUM

    MAJOR GEEKS FORUM

    MALWARE REMOVAL FORUM

    SPYWARE INFO FORUM

    TECH SUPPORT GUY FORUM

    WHAT THE TECH FORUM (Formerly Tom Coyote)

    Be sure to read all the sticky announcements/instructions at the top of each malware forum!

    Sorry to take so long to reply to your post but I seem to only one of two Moderators present in this board today.

    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • Apprentice 11,659 posts since
    Sep 29, 2002
    Currently Being Moderated
    2. Nov 12, 2008 7:26 PM (in response to Ex_Brit)
    RE: Browser Hijack
    Dodjw,

    Try installing Malwarebytes again. This time do it this way:

    IF you are not able to download these tools on your machine, please use a friend or family member's computer and download the Malwarebytes tool and it's manual update from the link below.. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

    Malwarebytes Download Link (Clicking on the links below will immediately start the download dialogue window.)
    http://www.besttechie.net/tools/mbam-setup.exe

    Malwarebytes Manual Updater link
    http://www.malwarebytes.org/mbam/database/mbam-rules.exe

    Hope this helps.

    Grif
  • paullotion Apprentice 8,078 posts since
    Apr 13, 2006
    Currently Being Moderated
    5. Nov 14, 2008 5:52 AM (in response to dodjw)
    RE: Browser Hijack
    Did you follow Grif`s advise and rename the applications, these infections like to block security applications from either being downloaded or if they are installed, they like to block them from running.

     

    My fire wall is blocking a program brastk.exe. Is this the program causing the problem.



    Is it blocking inbound or outbound, if outbound you are infected.

    The Black Bear

    *Important News for BT/TalkTalk customers*

    BT/TalkTalk dump Phorm spyware, for more information see this article Here , also visit the NODPI website for much more information relating to DPI.
  • paullotion Apprentice 8,078 posts since
    Apr 13, 2006
    Currently Being Moderated
    7. Nov 14, 2008 10:30 AM (in response to dodjw)
    RE: Browser Hijack

     

    I tried installing several times each with a different name each time the installation would start but never finish and I was unable to run it



    Did you rename prior to saving to your flash drive, for example- abc1, abc2 and abc3.

     

    The firewall is bloking an outbound connecton attempt by brastk.exe



    Which means that file is present on the hard-drive.

     

    Mcafee on demand scan has encountered a problem and needs to close.
    Scanning has encountered a problem from which it can not recover, Error getting scan progress



    These infections like to disable your protection.

    If you still cannot install/scan with SAS, MBAM and Smitfradfix, then follow Ex_Brit`s advise in post 2.

    The Black Bear

    *Important News for BT/TalkTalk customers*

    BT/TalkTalk dump Phorm spyware, for more information see this article Here , also visit the NODPI website for much more information relating to DPI.
  • Apprentice 11,659 posts since
    Sep 29, 2002
    Currently Being Moderated
    9. Nov 15, 2008 1:00 PM (in response to dodjw)
    RE: Browser Hijack
    I've also found a few issues with a the newest XP Antivirus 2009.. If you rename the MBAM file to a different name, it will sometimes allow you to install it but it still won't run because there is a new bot causing it to shut down.. Please try the steps below to create a Rescue Disc CD boot scanner.. After following the procedures in the link below, place the CD in the drive, then restart the computer and scan the computer.. It will remove the bot and then allow you to install and run Malwarebytes:

    Avira Rescue Disc Link
    http://www.free-av.de/en/tools/12/avira_antivir_rescue_system.html

    Hope this helps.

    Grif
1 2 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (0)