Adlice forum

General Category => Malware removal help => Topic started by: Bedfellow on September 16, 2014, 11:11:37 pm

Title: Infected with a browser hijack
Post by: Bedfellow on September 16, 2014, 11:11:37 pm
I am running the latest firefox 32 and even though I have deleted everything I can using boot scan of Avast, malwarebytes and ADWcleaner I have found three entries in 'about:config':

browser.search.defaultenginename user set string Lasaoren

browser.search.selectedengine user set string Lasaoren

browser.startup.homepage user set string http://Lasoren.com (with lots of letters, symbols and numbers)

I ran your 'Roguekiller' and deleted three or four items found but was not too sure about the rest.

I still can't get rid of the above three.

Title: Re: Infected with a browser hijack
Post by: Bedfellow on September 16, 2014, 11:21:30 pm
I'm also wondering if any part of this browser hijack is running in the backround?

I ran 'Roguekiller' but saved it as .log

I will have to run it again to be able to show you the results and save it correctly this time  ::)
Title: Re: Infected with a browser hijack
Post by: Tigzy on September 17, 2014, 08:25:22 am
Hello
Looks like a PUP

AdwCleaner didn't remove it?
If not I think the only way is to reinstall the browser (completely remove before).
Save your bookmarks before!
Title: Re: Infected with a browser hijack
Post by: Bedfellow on September 17, 2014, 04:19:41 pm
I have managed to get Firefox back to how it was without losing any settings or tabs that I had open.

I have rerun:  Malwarebytes/ADWcleaner/Roguekiller/tdsskiller/Superantispyware/Avast boot scan

All are coming up clean.

There is nothing else to run is there, to make sure there is nothing left behind?

I don't know if I should ask it here, but it concerns this PUP:

I think I got it when downloading a program from 'Filehorse'.  Should 'Filehorse' have an entry in the registry?
Looking through the software part of the registry and I can see 'Filehorse' which I guess is the website I use to download programs?

The other thing concerns 'Ccleaner' and the programs it is showing that can be uninstalled.
Even though it looks like I have removed all of the PUP it still shows: WSE_Lasaoren and when I click on 'uninstall' it does nothing.
Does this mean that the program is not there anymore and I can delete the entry?
Ccleaner is just remembering it when it was first installed?

Thanks
Title: Re: Infected with a browser hijack
Post by: Tigzy on September 30, 2014, 12:43:26 pm
Not sure what to answer here...
You'd better left the registry as it if you don't have any problem with it. It's pretty sensitive.
Title: Re: Infected with a browser hijack
Post by: alice123 on January 07, 2015, 09:42:31 am
browser hijacker is such a very dangerous type of malware infection, it may make your browser infected and steal user's information. So it is necessary to remove this browser infections as soon as possible.       
Title: Re: Infected with a browser hijack
Post by: Tigzy on January 07, 2015, 10:05:36 am
There's no stealer here, only PUPs, PUMs