Author Topic: Infected with a browser hijack  (Read 6907 times)

0 Members and 1 Guest are viewing this topic.

September 16, 2014, 11:11:37 pm

Bedfellow

  • Guest
Infected with a browser hijack
« on: September 16, 2014, 11:11:37 pm »
I am running the latest firefox 32 and even though I have deleted everything I can using boot scan of Avast, malwarebytes and ADWcleaner I have found three entries in 'about:config':

browser.search.defaultenginename user set string Lasaoren

browser.search.selectedengine user set string Lasaoren

browser.startup.homepage user set string http://Lasoren.com (with lots of letters, symbols and numbers)

I ran your 'Roguekiller' and deleted three or four items found but was not too sure about the rest.

I still can't get rid of the above three.


Reply #1September 16, 2014, 11:21:30 pm

Bedfellow

  • Guest
Re: Infected with a browser hijack
« Reply #1 on: September 16, 2014, 11:21:30 pm »
I'm also wondering if any part of this browser hijack is running in the backround?

I ran 'Roguekiller' but saved it as .log

I will have to run it again to be able to show you the results and save it correctly this time  ::)

Reply #2September 17, 2014, 08:25:22 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 916
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Infected with a browser hijack
« Reply #2 on: September 17, 2014, 08:25:22 am »
Hello
Looks like a PUP

AdwCleaner didn't remove it?
If not I think the only way is to reinstall the browser (completely remove before).
Save your bookmarks before!

Reply #3September 17, 2014, 04:19:41 pm

Bedfellow

  • Guest
Re: Infected with a browser hijack
« Reply #3 on: September 17, 2014, 04:19:41 pm »
I have managed to get Firefox back to how it was without losing any settings or tabs that I had open.

I have rerun:  Malwarebytes/ADWcleaner/Roguekiller/tdsskiller/Superantispyware/Avast boot scan

All are coming up clean.

There is nothing else to run is there, to make sure there is nothing left behind?

I don't know if I should ask it here, but it concerns this PUP:

I think I got it when downloading a program from 'Filehorse'.  Should 'Filehorse' have an entry in the registry?
Looking through the software part of the registry and I can see 'Filehorse' which I guess is the website I use to download programs?

The other thing concerns 'Ccleaner' and the programs it is showing that can be uninstalled.
Even though it looks like I have removed all of the PUP it still shows: WSE_Lasaoren and when I click on 'uninstall' it does nothing.
Does this mean that the program is not there anymore and I can delete the entry?
Ccleaner is just remembering it when it was first installed?

Thanks

Reply #4September 30, 2014, 12:43:26 pm

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 916
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Infected with a browser hijack
« Reply #4 on: September 30, 2014, 12:43:26 pm »
Not sure what to answer here...
You'd better left the registry as it if you don't have any problem with it. It's pretty sensitive.

Reply #5January 07, 2015, 09:42:31 am

alice123

  • Guest
Re: Infected with a browser hijack
« Reply #5 on: January 07, 2015, 09:42:31 am »
browser hijacker is such a very dangerous type of malware infection, it may make your browser infected and steal user's information. So it is necessary to remove this browser infections as soon as possible.       

Reply #6January 07, 2015, 10:05:36 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 916
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Infected with a browser hijack
« Reply #6 on: January 07, 2015, 10:05:36 am »
There's no stealer here, only PUPs, PUMs