Help, My Browser Got Hijacked! - Comments Page 1

Hello Bob,
I have an annoying search engine that attached itself to my computer called searchassist.me which then changes into searchassist.net
Google contacted me (auto)to offer to remove it but its still here.
My default browser is listed as Google but it still sneaks in.
Just can't find where to delete it.

EDITOR'S NOTE: This should help: https://productforums.google.com/forum/#!topic/chrome/UG_dq_epbvw

Did a sysyem restore to a date I knew was ok fixed problem

If you use Firefox (I use multiple browsers), an extension called Search Reset will reset you: http://mzl.la/1iiVIxI . But that will not necessarily remove the root causes, and symptoms my reappear after browser restart or boot. I can second that Malwarebytes protects against much of this stuff. I also recommend Revo Uninstaller free - http://www.revouninstaller.com - to get rid of unwanted software - very thorough.

Yahoo is a particularly persistent pest. To deal with that, I recommend looking at this: "Remove Yahoo Toolbar and search.yahoo.com (Removal Guide)": http://bit.ly/1iiWY42 . Addresses all 3 main browsers.

I also recommend an invaluble tool called Everything - which catalogs all the files on your computer (and it's quick about it). Then you can quickly search your entire computer for the string "yahoo" and decide if the remaining traces apply to software you want to keep, e.g. Yahoo Messenger. The rest you can delete. You can always reinstall the affected application if you go a step too far. Everything can be found here: http://www.voidtools.com . It's incredibly useful for finding things quickly and assisting with file manipulations. As with all operations where setting changes are involved, creation of a restore point and/or backup are very good ideas prior to getting started AND after the problem is fixed. Hope this is of some help.

For this tyro removal of my browser redirect trojan was a 4 day process. I can see why folks just drop it off at a repair shop and let them wipe the drive and reload the OS. I learned a lot and am glad I went through the process. No idea how I got the malware, perhaps included in a graphic download? Not only searches but any attempt to go to any site brought me to the Clear Wireless homepage. They are defunct, purchased by Sprint, so an old virus. My Ad-Aware Antivirus did not stop it's installation or find it on a deep scan, not did MBAM, Spybot-S&D, or SUPERAntiSpyware. Eventually all AV programs were shut off, MBAM was corrupted, couldn't download a new version, as download speed was so slow it would timeout after 30 minutes on a 1 minute download. On different computer I downloaded all 10 steps here (http://malwaretips.com/blogs/remove-browser-redirect-virus/) to a thumb drive and ran them from a USB. As indicated it was necessary to do some of it from Safe mode. On the second run through of this removal protocol, ESET found 2 copies of trojan: HTML/Pharmacy.A, which I suspect was the problem although other steps found other things, mostly innocuous I believe. This protocol page is provided by MBAM, and should it fail, they have expert forum assistance.

I strongly recommend CryptoPrevent as a way to help avoid you inadvertently installing something on your computer that you shouldn't have. CryptoPrevent sets your systems' Group Policies so suspicious .exe files don't get installed so casually. ;-)

Spybot is a good help too

Free software from Iobit will change your IE or Chrome "Home Page" to an Iobit branded Google search page, even though you remove all checkmarks to add other software or change your home page. I have written to Iobit several times about this and they promise to change this behavior in the future. How far away this "future" is is unknown as this behavior has been going on for more than a year.

spybot SD adds a number of entries to hosts file.
I think we should not remove them.

spybot SD adds a number of entries to hosts file.
I think we should not remove them.

Okay, Look! I am going to let you in on a secret but you HAVE to promise me that you will spend some of your precious time to learn how to use this tool! It is a FREEware but worth every penny to pay for a copy that lasts for your lifetime. I has always booted up with my PCs since before XP and has saved my bacon too mnay times to recall! It is NOT the answer to ALL the malicious attacks on a system but...
-------------------------
http://www.winpatrol.com/
I'll let BillP (and 'Scotty') explain it to you in their own words:
What Does WinPatrol Do?
The popularity of WinPatrol is based on its ability to detect and prevent changes to important Windows settings. You’ll be notified if unwanted programs are set to automatically run, if a toolbar has been added to Internet Explorer, if your home page, search provider or other internal configurations change. When a new Service or ActiveX component is detected it may be part of a legitimate program. WinPatrol will make sure and if it isn’t, you can tell WinPatrol to disable it.
Just adding a program won’t cause a notification but when a program is configured to run without your knowledge, WinPatrol will let you confirm the change is expected.
The techniques used to prevent changes were first developed by BillP Studios over 16 years ago. Feedback from supporters and researching new attacks has allowed WinPatrol to grow while continuing to run quietly in the background.
Woof!

I will never understand why when doing a reset in Internet explorer (Advanced Tab ) that it does not fully reset to factory settings !

Todd

On Vista, the Windows Live Essentials 2011 (KB2424419) "Update" installs a Bing Bar as well as Replacing your "Windows Live Toolbar".

It offers to replace newer preferences in the place of what you have already selected (Mail, Photo Viewer, etc).

Apparently this was first offered ('Published') on 4/5/2012... and I have yet to choose to install it with no ill effects as far as I can tell.

One way to prevent unwanted programmes (PUPs) from sliding into an installation is to use the freeware "unchecky" - it automatically warns about such PUPs and recommends unchecking the relevant boxes.

Install Unchecky (from unchecky.com) which, in their words, "keeps your checkboxes clear." It works in the background and prevents those annoying toolbars, search engines, etc., from being installed. I've installed it on all my computers and my friends' computers and I'm not getting as many calls to remove unwanted toolbars and search engines as I did before. Unfortunately, most people don't take time to carefully read when installing software and this program seems to take care of unchecking the pre-checked boxes pretty well. I also use Privazer and AdwCleaner which work great.

About a year ago, my browsers were hijacked and the default search set to AVG's search bar. Yes, that's right, the supposedly wonderful AV/security company. It was a hidden install included with an update of a proprietary software (FixCleaner). I always watch for the "extras" offered during downloads; this was an update, so it had no series of "Next" pages. I proved this by doing a system restore to revert everything and then re-installing the update. Yep, there she went. Needless to say, I repeated the system restore, removed FixCleaner, and blasted off angry emails to both AVG and FixCleaner. No response from either, but I won't ever use anything from either company, ever again.

I ran into an especially nasty one. The program erased my system restore files so there was nothing to go back to!

I found that adwcleaner, downloaded from bleepingcomputer.com got rid of conduit, which had been plaguing me, resisting all other efforts.

Someone I know (not me) did a dumb thing by downloading some "coupon" site software off some pop-up ad. Yep, they got the dreaded Conduit virus. Even after they followed my suggestion of downloading Malwarebytes (which was a chore as conduit apparently tried it's best to block it), doing a 9 hour scan (including rootkits) and locking conduit away, it screwed things up so badly they could not access the internet at all, much less even run other basic software. In the end the local Geek Squad had to operate. I hope the "inferno" has a special circle just for those who foist this malware upon us.

@ Bob Kamino; Microsoft updates are particularly nasty as they destroy system restore points since Windows XP. (Have been enduring Windows 7 for 4 years or so). It's not a good idea to depend on system restore. DOZENS of times I've gone there to turn back the system and found NO restore points. After MS updates. Learn to use a good backup program and use it. I backup about every 3 months or so. And Adwcleaner will find and remove crap that MBAM or Spybot won't find.

Wait a minute ... I keep seeing, good suggestions for eliminating nasty Malwares, Trojan Horses, Worms and Viruses. Lately, it really does seem that the biggest problems we run into ... Are the Malware/Foistware that comes with Downloads and "Nasty" Websites!!! However, I keep reading a re-occurring theme ... “Let’s blame the Anti-Virus or Malware programs, for this issue.” Please, remember ... The designers of these “nasties”, know fully how to "by-pass" the popular programs, and that is one of the first things, they do.

When, I got the Conduit "drive by" with a download from CNET ... The first thing, I did try to use was Malwarebytes. I even had the Pro version ... It froze at the same spot, every time I tried to scan my PC. Talk about frustrated, I was really upset. Then, I started looking on the Internet, to see what the solution was, to the Conduit issue. ADW Cleaner was mentioned, on several different forums and articles. I first tried using Chameleon, from Malwarebytes. The "designers" did their homework, is all I can say ... Using Chameleon, I got the freezing at the same point and no advancement.

Then, I decided to use ADW Cleaner. Finally, I was able to use my own tools, to continue with the removal of Conduit and for me, Sweet Packs! My Chameleon was the first to work, with a complete scan, then I used my Malwarebytes Pro to scan, again. However, with all of that ... I STILL had Conduit and Sweet Packs!!! I went back to the Internet, for more reading. One of the forum moderators, stated they had a miserable time, getting rid of this mess. They had to go into the Registry, to search for both Conduit and Sweet Packs, both were hidden deep within.

Finally, I had my solution, but, it did take me over all, more than a week to get my Conduit issue resolved. Then, my daughter's PC got the same issue and she lives out in California, while I am in Georgia. Thank goodness for Team Viewer ... I was able to "clean up" her PC, because I knew what to do, by then.

So, back to my original comment … Please, don’t always blame the software program, you are using. The bad guys are smart and know what they are doing, so they know which protective programs, to try and “by pass”, to do their nasty work. It is vital, in today’s world that, all protective programs be kept up to date, with the latest data, as possible. The Bad Boys are mostly coming from China and Russia. They love what they are doing or they would not be doing it … Unless, you subscribe to the “conspiracy theory” that the governments of China and Russia are “allowing” their smartest computer genius’, to do this for political reasons. Trust me that, theory is out there. :)