searching.com browser hijacker

Computer and electronic gizmo support.
User avatar
DexterPunk
Busted ARSE
Posts: 15218
Joined: Thu Apr 21, 2005 11:18 pm
Location: SE Suburbs, Melbourne
Contact:

searching.com browser hijacker

Post by DexterPunk »

This is one stubborn bastard. Anyone know how the hell you are meant to kill this thing?

Before anyone decides to do a quick google and send me a link to one of the sites claiming to have steps to remove it... none of them work. The list of anti malware software I've downloaded and tried seems to be growing, and will not get rid of it. I've run HitmanPro, Malware bytes, AdwCleaner, and JRT... I've also completely removed my browsers and shortcuts and reinstalled them. I may get it fixed for a bit, then do a restart, fucking homepage is back to searching.com. At this stage all I can think of is to format windows.
User avatar
DarrenM
Posts: 7251
Joined: Wed Feb 09, 2005 3:21 pm
Location: Sydney

Re: searching.com browser hijacker

Post by DarrenM »

Any chance it could be a rogue browser plugin?

I had popup ads in chrome recently, redirecting links to a spam site etc. All the searches pointed to a virus and related removal instructions. Ran malwarebytes etc but it didn't find anything. Turned out to be the "adblock" plugin that was doing it.

Seems that particular adblock plugin got hijacked and it's turned to shit. I switched to "adblock plus" which is what I use in firefox, but others are switching to ublock origin, which is apparently by the original creator of "adblock".
User avatar
DexterPunk
Busted ARSE
Posts: 15218
Joined: Thu Apr 21, 2005 11:18 pm
Location: SE Suburbs, Melbourne
Contact:

Re: searching.com browser hijacker

Post by DexterPunk »

I don't think so. I don't really run any plugins. I think the only one I used to run was to stop DNS leak. I had a lot of shit go down after my gf tried to install codecs to play a video she downloaded and it did add a lot of browser plugins. One of the first things I did was remove them all.


Sent from my iPhone using Tapatalk
User avatar
r8response
Cry baby
Cry baby
Posts: 8565
Joined: Fri Dec 17, 2004 6:51 pm
Location: Sunshine Coast, QLD

Re: searching.com browser hijacker

Post by r8response »

Time for a format
User avatar
DexterPunk
Busted ARSE
Posts: 15218
Joined: Thu Apr 21, 2005 11:18 pm
Location: SE Suburbs, Melbourne
Contact:

Re: searching.com browser hijacker

Post by DexterPunk »

I might have gotten rid of it last night. Removed browsers again, then ran all the anti malware progs again, hasn't shown up after a couple of restarts. Fingers crossed its gone.


Sent from my iPhone using Tapatalk
User avatar
GT VIRUS
Karen
Posts: 3637
Joined: Mon Jul 04, 2005 4:33 pm
Location: Adelaide
Contact:

Re: searching.com browser hijacker

Post by GT VIRUS »

I had something similar recently that would come back after anti-malware scans. It was fixed after I cleared the browser cache and cookies after the malware sweep.
User avatar
DexterPunk
Busted ARSE
Posts: 15218
Joined: Thu Apr 21, 2005 11:18 pm
Location: SE Suburbs, Melbourne
Contact:

Re: searching.com browser hijacker

Post by DexterPunk »

Back again. FFS,
User avatar
Speed
Posts: 1603
Joined: Sun Jun 26, 2005 7:14 pm
Location: Perth

Re: searching.com browser hijacker

Post by Speed »

I haven't had one of these for years but I had a couple that I could only get rid of by running the programs that you already have whilst the computer is in safe mode.
http://500px.com/Warren_Joyce" onclick="window.open(this.href);return false;
User avatar
r8response
Cry baby
Cry baby
Posts: 8565
Joined: Fri Dec 17, 2004 6:51 pm
Location: Sunshine Coast, QLD

Re: searching.com browser hijacker

Post by r8response »

Format
User avatar
DexterPunk
Busted ARSE
Posts: 15218
Joined: Thu Apr 21, 2005 11:18 pm
Location: SE Suburbs, Melbourne
Contact:

Re: searching.com browser hijacker

Post by DexterPunk »

I'll try safe mode, cheers speed.

I'll likely format if all else fails. But off overseas on Monday, so probably have to wait till I get back.
User avatar
plastik8
Posts: 1155
Joined: Sat Jan 14, 2006 1:10 pm
Location: Adelaide

Re: searching.com browser hijacker

Post by plastik8 »

- Checked the Windows hosts file?
- Have you tried creating a new windows user?
Image[url=steam://friends/add/76561197971333750]Image[/url]
User avatar
DexterPunk
Busted ARSE
Posts: 15218
Joined: Thu Apr 21, 2005 11:18 pm
Location: SE Suburbs, Melbourne
Contact:

Re: searching.com browser hijacker

Post by DexterPunk »

plastik8 wrote:- Checked the Windows hosts file?
- Have you tried creating a new windows user?

Plastik, just with notepad or a text editor for the hosts file? I assume it's large, so just CTRL F and look for 'searching' specifically?

I haven't tried making a new user. I hadn't really thought of it, but how do I use that to fix my admin account?

I know it's weird, but I kinda feel like i've been beaten if I format lol.
User avatar
DarrenM
Posts: 7251
Joined: Wed Feb 09, 2005 3:21 pm
Location: Sydney

Re: searching.com browser hijacker

Post by DarrenM »

DexterPunk wrote:I know it's weird, but I kinda feel like i've been beaten if I format lol.
Trouble is you don't know what else it might be doing in the background. You might feel beaten, but if you can't be confident it's gone then formatting is your only option from a security standpoint.

Any chance it's auto-running off a thumb drive or something like that?
User avatar
DexterPunk
Busted ARSE
Posts: 15218
Joined: Thu Apr 21, 2005 11:18 pm
Location: SE Suburbs, Melbourne
Contact:

Re: searching.com browser hijacker

Post by DexterPunk »

I'll have a look. And you're right. No idea what security breaches may be happening. It's only a gaming machine / downloads machine but you never know what you may log into, and give away. Cheers. I'll do a proper back up of what I need and nuke it when I get back from holidays.


Sent from my iPhone using Tapatalk
User avatar
w00dsy
The Senna of Hoppers Crossing
Posts: 24457
Joined: Wed Mar 02, 2005 2:41 pm
Location: incognito

Re: searching.com browser hijacker

Post by w00dsy »

did you install any free programs recently?
User avatar
DexterPunk
Busted ARSE
Posts: 15218
Joined: Thu Apr 21, 2005 11:18 pm
Location: SE Suburbs, Melbourne
Contact:

Re: searching.com browser hijacker

Post by DexterPunk »

sort of... It was a video file that apparently needed a new codec to be downloaded though windows media player. It seemed weird but I thought oh well, let her go, surely it can't be too much trouble if it's media player doing the install. Some divX 10 updater got installed and after running it, things went berserk. Pretty sneaky, and to be honest I can't really blame her for it. I reckon it would have caught me out too. I don't really use the Windows video playing software, pretty much never had an issue using VLC. In hind sight I should have just got her to download a new version of VLC. If they still didn't work I'd have known something was dodgy. Since I don't use the Windows player much though it seemed reasonable that it may need to update a codec.

It took me a while to stop random programs installing. It was a chain reaction of shit and for a moment I was about to pull the Ethernet cord out till I got things under control.


Sent from my iPhone using Tapatalk
User avatar
w00dsy
The Senna of Hoppers Crossing
Posts: 24457
Joined: Wed Mar 02, 2005 2:41 pm
Location: incognito

Re: searching.com browser hijacker

Post by w00dsy »

Did you uninstall the video codec that installed it? Sometimes that can remove it too. It's really easy to get caught out during the install process because we are so conditioned to just click yes or agree that we don't realise one of them was to install something else with it.
User avatar
DexterPunk
Busted ARSE
Posts: 15218
Joined: Thu Apr 21, 2005 11:18 pm
Location: SE Suburbs, Melbourne
Contact:

Re: searching.com browser hijacker

Post by DexterPunk »

I'm pretty sure everything that was installed got un-installed. Either manually from control panel and then by the various malware removal progs.

People keep suggesting that the searching prog will be gone, and that you need to delete/change the target html in the shortcuts you use. All examples seem to be using win7 but I'm on win 10. I just removed the browsers entirely instead. It fixes it for a bit, then returns again. So I don't think there's an issue with the short cuts.

I don't really understand why the malware progs can't find the issue. Surely they are updated such as an antivirus would be.


Sent from my iPhone using Tapatalk
User avatar
Duke
Dukester Maldonado
Dukester Maldonado
Posts: 11436
Joined: Tue Jan 23, 2007 9:33 pm
Location: Melbourne

Re: searching.com browser hijacker

Post by Duke »

Dex, this sounds like the same fark'n thing I had to deal with a little while ago. How the hell someone has been able to do this & make it look like a legit WMP codec install is pretty ingenious.
What I found was that it has an auto-installer which kicks off again at every re-boot. But I did beat it eventually...

iirc the way I got rid of it was to monitor task manager to see strange tasks being opened then select one to see what folder it was coming from. I then deleted the suspicious looking folder/files until the auto-installer didn't start on the next re-boot. You will also need to un-install all the suspicious programs it has installed from control panel, programs & features.
I found the foldesr & files causing all this had names with random letters that didn't form a word, they also contained a combination of caps & lwr case letters.

I hope this helps you too. ;)
Dukester

norbs diplomacy lesson 101: "If I was putting words in your mouth, you'd know."
User avatar
Enforcer-J
Posts: 6512
Joined: Wed Oct 12, 2005 11:16 pm
Location: right on your A.R.S.E.

Re: searching.com browser hijacker

Post by Enforcer-J »

If Dukes solution doesnt work.... then what r8 said

I spent hours trying to remove the bastard from my inlaws computer. Its the only virus thats totally defeated me! Reformatted with my tail between my legs.
User avatar
DexterPunk
Busted ARSE
Posts: 15218
Joined: Thu Apr 21, 2005 11:18 pm
Location: SE Suburbs, Melbourne
Contact:

Re: searching.com browser hijacker

Post by DexterPunk »

Thanks guys. That gives me something else to try.

If no better I'll format it. Thanks again.


Sent from my iPhone using Tapatalk
User avatar
Cursed
Posts: 1445
Joined: Thu Feb 10, 2011 8:46 am

Re: searching.com browser hijacker

Post by Cursed »

Would turning on UAC force it to prompt you to allow it to install? That might also provide you with the exe name to hunt down.
Image[url=steam://friends/add/76561197962772149]Image[/url]
Sarsippius
Posts: 4336
Joined: Tue Jan 11, 2005 1:13 pm
Location: Darwin

Re: searching.com browser hijacker

Post by Sarsippius »

Don't forget Windows 10 has a reset feature, saves doing a reformat and reinstall.
User avatar
r8response
Cry baby
Cry baby
Posts: 8565
Joined: Fri Dec 17, 2004 6:51 pm
Location: Sunshine Coast, QLD

Re: searching.com browser hijacker

Post by r8response »

In the time you've spent wasting trying to find solutions that obviously haven't worked, you could've formatted and had a clean install of windows running.


If anyone spends more than 3 hours trying to fix an issue, they could easily format and be up and running within 2 hours.
User avatar
DexterPunk
Busted ARSE
Posts: 15218
Joined: Thu Apr 21, 2005 11:18 pm
Location: SE Suburbs, Melbourne
Contact:

Re: searching.com browser hijacker

Post by DexterPunk »

Last time I formatted I backed up my steam folder. After format replaced the folder, it found the games and then for some reason decided it wanted to install (download) everything again. No idea why. Done it before with no issues at all.

Generally I agree though. Probably spent an hour on it at this point. Just didn't wanna have to go through the process as I'm pretty time poor right now.


Sent from my iPhone using Tapatalk
Post Reply