Author Topic: Infected with a browser hijack (Read 9281 times)

Bedfellow · « **on:** September 16, 2014, 11:11:37 PM »

I am running the latest firefox 32 and even though I have deleted everything I can using boot scan of Avast, malwarebytes and ADWcleaner I have found three entries in 'about:config':

browser.search.defaultenginename user set string Lasaoren

browser.search.selectedengine user set string Lasaoren

browser.startup.homepage user set string http://Lasoren.com (with lots of letters, symbols and numbers)

I ran your 'Roguekiller' and deleted three or four items found but was not too sure about the rest.

I still can't get rid of the above three.

Bedfellow · « **Reply #1 on:** September 16, 2014, 11:21:30 PM »

I'm also wondering if any part of this browser hijack is running in the backround?

I ran 'Roguekiller' but saved it as .log

I will have to run it again to be able to show you the results and save it correctly this time

Tigzy · « **Reply #2 on:** September 17, 2014, 08:25:22 AM »

Hello
Looks like a PUP

AdwCleaner didn't remove it?
If not I think the only way is to reinstall the browser (completely remove before).
Save your bookmarks before!

Bedfellow · « **Reply #3 on:** September 17, 2014, 04:19:41 PM »

I have managed to get Firefox back to how it was without losing any settings or tabs that I had open.

I have rerun: Malwarebytes/ADWcleaner/Roguekiller/tdsskiller/Superantispyware/Avast boot scan

All are coming up clean.

There is nothing else to run is there, to make sure there is nothing left behind?

I don't know if I should ask it here, but it concerns this PUP:

I think I got it when downloading a program from 'Filehorse'. Should 'Filehorse' have an entry in the registry?
Looking through the software part of the registry and I can see 'Filehorse' which I guess is the website I use to download programs?

The other thing concerns 'Ccleaner' and the programs it is showing that can be uninstalled.
Even though it looks like I have removed all of the PUP it still shows: WSE_Lasaoren and when I click on 'uninstall' it does nothing.
Does this mean that the program is not there anymore and I can delete the entry?
Ccleaner is just remembering it when it was first installed?

Thanks

Tigzy · « **Reply #4 on:** September 30, 2014, 12:43:26 PM »

Not sure what to answer here...
You'd better left the registry as it if you don't have any problem with it. It's pretty sensitive.

alice123 · « **Reply #5 on:** January 07, 2015, 09:42:31 AM »

browser hijacker is such a very dangerous type of malware infection, it may make your browser infected and steal user's information. So it is necessary to remove this browser infections as soon as possible.

Tigzy · « **Reply #6 on:** January 07, 2015, 10:05:36 AM »

There's no stealer here, only PUPs, PUMs

Author Topic: Infected with a browser hijack (Read 9281 times)

Bedfellow

Infected with a browser hijack

Bedfellow

Re: Infected with a browser hijack

Tigzy

Re: Infected with a browser hijack

Bedfellow

Re: Infected with a browser hijack

Tigzy

Re: Infected with a browser hijack

alice123

Re: Infected with a browser hijack

Tigzy

Re: Infected with a browser hijack