searching.com browser hijacker
- DexterPunk
- Busted ARSE
- Posts: 15218
- Joined: Thu Apr 21, 2005 11:18 pm
- Location: SE Suburbs, Melbourne
- Contact:
searching.com browser hijacker
This is one stubborn bastard. Anyone know how the hell you are meant to kill this thing?
Before anyone decides to do a quick google and send me a link to one of the sites claiming to have steps to remove it... none of them work. The list of anti malware software I've downloaded and tried seems to be growing, and will not get rid of it. I've run HitmanPro, Malware bytes, AdwCleaner, and JRT... I've also completely removed my browsers and shortcuts and reinstalled them. I may get it fixed for a bit, then do a restart, fucking homepage is back to searching.com. At this stage all I can think of is to format windows.
Before anyone decides to do a quick google and send me a link to one of the sites claiming to have steps to remove it... none of them work. The list of anti malware software I've downloaded and tried seems to be growing, and will not get rid of it. I've run HitmanPro, Malware bytes, AdwCleaner, and JRT... I've also completely removed my browsers and shortcuts and reinstalled them. I may get it fixed for a bit, then do a restart, fucking homepage is back to searching.com. At this stage all I can think of is to format windows.
- DarrenM
- Posts: 7251
- Joined: Wed Feb 09, 2005 3:21 pm
- Location: Sydney
Re: searching.com browser hijacker
Any chance it could be a rogue browser plugin?
I had popup ads in chrome recently, redirecting links to a spam site etc. All the searches pointed to a virus and related removal instructions. Ran malwarebytes etc but it didn't find anything. Turned out to be the "adblock" plugin that was doing it.
Seems that particular adblock plugin got hijacked and it's turned to shit. I switched to "adblock plus" which is what I use in firefox, but others are switching to ublock origin, which is apparently by the original creator of "adblock".
I had popup ads in chrome recently, redirecting links to a spam site etc. All the searches pointed to a virus and related removal instructions. Ran malwarebytes etc but it didn't find anything. Turned out to be the "adblock" plugin that was doing it.
Seems that particular adblock plugin got hijacked and it's turned to shit. I switched to "adblock plus" which is what I use in firefox, but others are switching to ublock origin, which is apparently by the original creator of "adblock".
- DexterPunk
- Busted ARSE
- Posts: 15218
- Joined: Thu Apr 21, 2005 11:18 pm
- Location: SE Suburbs, Melbourne
- Contact:
Re: searching.com browser hijacker
I don't think so. I don't really run any plugins. I think the only one I used to run was to stop DNS leak. I had a lot of shit go down after my gf tried to install codecs to play a video she downloaded and it did add a lot of browser plugins. One of the first things I did was remove them all.
Sent from my iPhone using Tapatalk
Sent from my iPhone using Tapatalk
- r8response
- Cry baby
- Posts: 8565
- Joined: Fri Dec 17, 2004 6:51 pm
- Location: Sunshine Coast, QLD
Re: searching.com browser hijacker
Time for a format
- DexterPunk
- Busted ARSE
- Posts: 15218
- Joined: Thu Apr 21, 2005 11:18 pm
- Location: SE Suburbs, Melbourne
- Contact:
Re: searching.com browser hijacker
I might have gotten rid of it last night. Removed browsers again, then ran all the anti malware progs again, hasn't shown up after a couple of restarts. Fingers crossed its gone.
Sent from my iPhone using Tapatalk
Sent from my iPhone using Tapatalk
- GT VIRUS
- Karen
- Posts: 3637
- Joined: Mon Jul 04, 2005 4:33 pm
- Location: Adelaide
- Contact:
Re: searching.com browser hijacker
I had something similar recently that would come back after anti-malware scans. It was fixed after I cleared the browser cache and cookies after the malware sweep.
- DexterPunk
- Busted ARSE
- Posts: 15218
- Joined: Thu Apr 21, 2005 11:18 pm
- Location: SE Suburbs, Melbourne
- Contact:
- Speed
- Posts: 1603
- Joined: Sun Jun 26, 2005 7:14 pm
- Location: Perth
Re: searching.com browser hijacker
I haven't had one of these for years but I had a couple that I could only get rid of by running the programs that you already have whilst the computer is in safe mode.
http://500px.com/Warren_Joyce" onclick="window.open(this.href);return false;
- r8response
- Cry baby
- Posts: 8565
- Joined: Fri Dec 17, 2004 6:51 pm
- Location: Sunshine Coast, QLD
- DexterPunk
- Busted ARSE
- Posts: 15218
- Joined: Thu Apr 21, 2005 11:18 pm
- Location: SE Suburbs, Melbourne
- Contact:
Re: searching.com browser hijacker
I'll try safe mode, cheers speed.
I'll likely format if all else fails. But off overseas on Monday, so probably have to wait till I get back.
I'll likely format if all else fails. But off overseas on Monday, so probably have to wait till I get back.
- plastik8
- Posts: 1155
- Joined: Sat Jan 14, 2006 1:10 pm
- Location: Adelaide
Re: searching.com browser hijacker
- Checked the Windows hosts file?
- Have you tried creating a new windows user?
- Have you tried creating a new windows user?
- DexterPunk
- Busted ARSE
- Posts: 15218
- Joined: Thu Apr 21, 2005 11:18 pm
- Location: SE Suburbs, Melbourne
- Contact:
Re: searching.com browser hijacker
plastik8 wrote:- Checked the Windows hosts file?
- Have you tried creating a new windows user?
Plastik, just with notepad or a text editor for the hosts file? I assume it's large, so just CTRL F and look for 'searching' specifically?
I haven't tried making a new user. I hadn't really thought of it, but how do I use that to fix my admin account?
I know it's weird, but I kinda feel like i've been beaten if I format lol.
- DarrenM
- Posts: 7251
- Joined: Wed Feb 09, 2005 3:21 pm
- Location: Sydney
Re: searching.com browser hijacker
Trouble is you don't know what else it might be doing in the background. You might feel beaten, but if you can't be confident it's gone then formatting is your only option from a security standpoint.DexterPunk wrote:I know it's weird, but I kinda feel like i've been beaten if I format lol.
Any chance it's auto-running off a thumb drive or something like that?
- DexterPunk
- Busted ARSE
- Posts: 15218
- Joined: Thu Apr 21, 2005 11:18 pm
- Location: SE Suburbs, Melbourne
- Contact:
Re: searching.com browser hijacker
I'll have a look. And you're right. No idea what security breaches may be happening. It's only a gaming machine / downloads machine but you never know what you may log into, and give away. Cheers. I'll do a proper back up of what I need and nuke it when I get back from holidays.
Sent from my iPhone using Tapatalk
Sent from my iPhone using Tapatalk
- w00dsy
- The Senna of Hoppers Crossing
- Posts: 24457
- Joined: Wed Mar 02, 2005 2:41 pm
- Location: incognito
Re: searching.com browser hijacker
did you install any free programs recently?
- DexterPunk
- Busted ARSE
- Posts: 15218
- Joined: Thu Apr 21, 2005 11:18 pm
- Location: SE Suburbs, Melbourne
- Contact:
Re: searching.com browser hijacker
sort of... It was a video file that apparently needed a new codec to be downloaded though windows media player. It seemed weird but I thought oh well, let her go, surely it can't be too much trouble if it's media player doing the install. Some divX 10 updater got installed and after running it, things went berserk. Pretty sneaky, and to be honest I can't really blame her for it. I reckon it would have caught me out too. I don't really use the Windows video playing software, pretty much never had an issue using VLC. In hind sight I should have just got her to download a new version of VLC. If they still didn't work I'd have known something was dodgy. Since I don't use the Windows player much though it seemed reasonable that it may need to update a codec.
It took me a while to stop random programs installing. It was a chain reaction of shit and for a moment I was about to pull the Ethernet cord out till I got things under control.
Sent from my iPhone using Tapatalk
It took me a while to stop random programs installing. It was a chain reaction of shit and for a moment I was about to pull the Ethernet cord out till I got things under control.
Sent from my iPhone using Tapatalk
- w00dsy
- The Senna of Hoppers Crossing
- Posts: 24457
- Joined: Wed Mar 02, 2005 2:41 pm
- Location: incognito
Re: searching.com browser hijacker
Did you uninstall the video codec that installed it? Sometimes that can remove it too. It's really easy to get caught out during the install process because we are so conditioned to just click yes or agree that we don't realise one of them was to install something else with it.
- DexterPunk
- Busted ARSE
- Posts: 15218
- Joined: Thu Apr 21, 2005 11:18 pm
- Location: SE Suburbs, Melbourne
- Contact:
Re: searching.com browser hijacker
I'm pretty sure everything that was installed got un-installed. Either manually from control panel and then by the various malware removal progs.
People keep suggesting that the searching prog will be gone, and that you need to delete/change the target html in the shortcuts you use. All examples seem to be using win7 but I'm on win 10. I just removed the browsers entirely instead. It fixes it for a bit, then returns again. So I don't think there's an issue with the short cuts.
I don't really understand why the malware progs can't find the issue. Surely they are updated such as an antivirus would be.
Sent from my iPhone using Tapatalk
People keep suggesting that the searching prog will be gone, and that you need to delete/change the target html in the shortcuts you use. All examples seem to be using win7 but I'm on win 10. I just removed the browsers entirely instead. It fixes it for a bit, then returns again. So I don't think there's an issue with the short cuts.
I don't really understand why the malware progs can't find the issue. Surely they are updated such as an antivirus would be.
Sent from my iPhone using Tapatalk
- Duke
- Dukester Maldonado
- Posts: 11441
- Joined: Tue Jan 23, 2007 9:33 pm
- Location: Melbourne
Re: searching.com browser hijacker
Dex, this sounds like the same fark'n thing I had to deal with a little while ago. How the hell someone has been able to do this & make it look like a legit WMP codec install is pretty ingenious.
What I found was that it has an auto-installer which kicks off again at every re-boot. But I did beat it eventually...
iirc the way I got rid of it was to monitor task manager to see strange tasks being opened then select one to see what folder it was coming from. I then deleted the suspicious looking folder/files until the auto-installer didn't start on the next re-boot. You will also need to un-install all the suspicious programs it has installed from control panel, programs & features.
I found the foldesr & files causing all this had names with random letters that didn't form a word, they also contained a combination of caps & lwr case letters.
I hope this helps you too.
What I found was that it has an auto-installer which kicks off again at every re-boot. But I did beat it eventually...
iirc the way I got rid of it was to monitor task manager to see strange tasks being opened then select one to see what folder it was coming from. I then deleted the suspicious looking folder/files until the auto-installer didn't start on the next re-boot. You will also need to un-install all the suspicious programs it has installed from control panel, programs & features.
I found the foldesr & files causing all this had names with random letters that didn't form a word, they also contained a combination of caps & lwr case letters.
I hope this helps you too.
Dukester
norbs diplomacy lesson 101: "If I was putting words in your mouth, you'd know."
norbs diplomacy lesson 101: "If I was putting words in your mouth, you'd know."
- Enforcer-J
- Posts: 6512
- Joined: Wed Oct 12, 2005 11:16 pm
- Location: right on your A.R.S.E.
Re: searching.com browser hijacker
If Dukes solution doesnt work.... then what r8 said
I spent hours trying to remove the bastard from my inlaws computer. Its the only virus thats totally defeated me! Reformatted with my tail between my legs.
I spent hours trying to remove the bastard from my inlaws computer. Its the only virus thats totally defeated me! Reformatted with my tail between my legs.
- DexterPunk
- Busted ARSE
- Posts: 15218
- Joined: Thu Apr 21, 2005 11:18 pm
- Location: SE Suburbs, Melbourne
- Contact:
Re: searching.com browser hijacker
Thanks guys. That gives me something else to try.
If no better I'll format it. Thanks again.
Sent from my iPhone using Tapatalk
If no better I'll format it. Thanks again.
Sent from my iPhone using Tapatalk
- Cursed
- Posts: 1445
- Joined: Thu Feb 10, 2011 8:46 am
Re: searching.com browser hijacker
Would turning on UAC force it to prompt you to allow it to install? That might also provide you with the exe name to hunt down.
-
- Posts: 4336
- Joined: Tue Jan 11, 2005 1:13 pm
- Location: Darwin
Re: searching.com browser hijacker
Don't forget Windows 10 has a reset feature, saves doing a reformat and reinstall.
- r8response
- Cry baby
- Posts: 8565
- Joined: Fri Dec 17, 2004 6:51 pm
- Location: Sunshine Coast, QLD
Re: searching.com browser hijacker
In the time you've spent wasting trying to find solutions that obviously haven't worked, you could've formatted and had a clean install of windows running.
If anyone spends more than 3 hours trying to fix an issue, they could easily format and be up and running within 2 hours.
If anyone spends more than 3 hours trying to fix an issue, they could easily format and be up and running within 2 hours.
- DexterPunk
- Busted ARSE
- Posts: 15218
- Joined: Thu Apr 21, 2005 11:18 pm
- Location: SE Suburbs, Melbourne
- Contact:
Re: searching.com browser hijacker
Last time I formatted I backed up my steam folder. After format replaced the folder, it found the games and then for some reason decided it wanted to install (download) everything again. No idea why. Done it before with no issues at all.
Generally I agree though. Probably spent an hour on it at this point. Just didn't wanna have to go through the process as I'm pretty time poor right now.
Sent from my iPhone using Tapatalk
Generally I agree though. Probably spent an hour on it at this point. Just didn't wanna have to go through the process as I'm pretty time poor right now.
Sent from my iPhone using Tapatalk