Author Topic: safesearch homepage browser hijacker infection ****FIXED*****  (Read 7327 times)

0 Members and 2 Guests are viewing this topic.

July 15, 2016, 05:55:35 am

Mars

  • Guest
Hi there, RogueKiller is the only app Iv found that can detect this regenerating infection, but it replaces itself constantly. How do I get rid?? Im starting to have system errors now..... eg. Cannot uninstall Mozilla????

Attached last scan, still there but cannot access Mozilla now.
« Last Edit: July 15, 2016, 02:39:20 pm by Mars »

Reply #1July 15, 2016, 06:56:40 am

Mars

  • Guest
Re: safe search browser hijacker infection HELP!
« Reply #1 on: July 15, 2016, 06:56:40 am »
ok iv managed to get Mozilla back, it was showing a 'Couldn't load XPCOM' message.

I went to Mozilla download page and downloaded it over the top of the old one and its updated and fixed itself, now just couple of 'profile' issues where the beast is lurking....

Reply #2July 15, 2016, 11:38:53 am

Mars

  • Guest
Re: safe search browser hijacker infection HELP!
« Reply #2 on: July 15, 2016, 11:38:53 am »
These are the 3 profiles for Mozilla that I need to 'clean' somehow, I dont know what files should be in there and what shouldnt; one must be a legit profile for me but infected, iv taken lots of screenies of whats contained within. Just doing a RK scan now to see what it picks up and will attach latest report shortly, thank you
« Last Edit: July 15, 2016, 02:35:35 pm by Mars »

Reply #3July 15, 2016, 12:04:22 pm

Mars

  • Guest
Re: safe search browser hijacker infection HELP!
« Reply #3 on: July 15, 2016, 12:04:22 pm »
Just scanned. It is the last 2 detections foundsitting in the IE and Mozilla areas... (Im ignoring the wordpad entries.)
« Last Edit: July 15, 2016, 02:35:56 pm by Mars »

Reply #4July 15, 2016, 12:10:48 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2448
  • Reputation:
    84
    • View Profile
Re: safe search browser hijacker infection HELP!
« Reply #4 on: July 15, 2016, 12:10:48 pm »
Hi Mars,

Welcome to Adlice.com Forum.

I think there is a misunderstanding
The WPAD detections are false positives, they are legit entries.

Concerning the [PUM.SearchPage] ones :
PUM stands for Potentially Unwanted Modification. In your case, these entries are perfectly legit.
For more information, please read RogueKiller Documentation.

Regards.

Reply #5July 15, 2016, 12:36:02 pm

Mars

  • Guest
Re: safe search browser hijacker infection HELP!
« Reply #5 on: July 15, 2016, 12:36:02 pm »
Hi thank you, so its gone!!!??????

And the profiles there are ok?

And the PUM RK is finding are ok to NOT remove??

I cant believe it!

Reply #6July 15, 2016, 12:41:45 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2448
  • Reputation:
    84
    • View Profile
Re: safe search browser hijacker infection HELP!
« Reply #6 on: July 15, 2016, 12:41:45 pm »
Hi Mars,

I think so.
Do you want me to thoroughly analyse your computer to make sure ?

Regards.

Reply #7July 15, 2016, 12:43:33 pm

Mars

  • Guest
Re: safe search browser hijacker infection HELP!
« Reply #7 on: July 15, 2016, 12:43:33 pm »
This is my registry Hkey Users, does that look ok? I should be only user plus administrator back up account.

I wonder if it was gone before I purchased RK? I dont care, its a great program!
« Last Edit: July 15, 2016, 02:36:17 pm by Mars »

Reply #8July 15, 2016, 12:45:27 pm

Mars

  • Guest
Re: safe search browser hijacker infection HELP!
« Reply #8 on: July 15, 2016, 12:45:27 pm »
Hi Mars,

I think so.
Do you want me to thoroughly analyse your computer to make sure ?

Regards.


Would you? This has been giving me stress for over a month. Killed my pc had to factory reset lost a load of stuff.

Reply #9July 15, 2016, 12:48:56 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2448
  • Reputation:
    84
    • View Profile
Re: safe search browser hijacker infection HELP!
« Reply #9 on: July 15, 2016, 12:48:56 pm »
Hi Mars,

The HKEY_USERS hive may contains multiple entries.
Please download Farbar Recovery Scan Tool (x86) and save it to your Desktop.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.
Regards.

Reply #10July 15, 2016, 12:50:02 pm

Mars

  • Guest
Re: safe search browser hijacker infection HELP!
« Reply #10 on: July 15, 2016, 12:50:02 pm »
ok will do thank you!

Reply #11July 15, 2016, 12:59:25 pm

Mars

  • Guest
Re: safe search browser hijacker infection HELP!
« Reply #11 on: July 15, 2016, 12:59:25 pm »
FarBar scan results.

I think when I reset to factory I gave the computer a different name than my old one?? That has affected restoring from back up. Can that be changed?

Thank you Im so impressed!!!
« Last Edit: July 15, 2016, 02:36:36 pm by Mars »

Reply #12July 15, 2016, 01:39:09 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2448
  • Reputation:
    84
    • View Profile
Re: safe search browser hijacker infection HELP!
« Reply #12 on: July 15, 2016, 01:39:09 pm »
Hi Mars,

Yes, you can change your computer name at will : Change Your Computer Name in Windows 7, 8, or 10
Did you install Nanoheal Client yourself ?

Regards.

Reply #13July 15, 2016, 01:45:53 pm

Mars

  • Guest
Re: safe search browser hijacker infection HELP!
« Reply #13 on: July 15, 2016, 01:45:53 pm »
great!

no it was installed by tech support, not installed but still showing, thats where i heard of RK :)

Reply #14July 15, 2016, 01:51:52 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2448
  • Reputation:
    84
    • View Profile
Re: safe search browser hijacker infection HELP!
« Reply #14 on: July 15, 2016, 01:51:52 pm »
Hi Mars,

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

How is the computer running now ?

Regards.