14 Replies - 2979 Views - Last Post: 22 July 2012 - 08:59 PM

#1 Utael  Icon User is offline

  • D.I.C Head

Reputation: 55
  • View blog
  • Posts: 210
  • Joined: 12-December 11

Virus: Search Hijacker

Posted 19 July 2012 - 09:56 AM

So, somehow I picked up a virus. When I search in firefox, google does its search but each link takes me to some other sketchy search engines. I've run Malwarebytes anti malware with no success.

I will be running spybot search and destroy here soon and was wondering what else I may be able to try to get this thing gone.
Is This A Good Question/Topic? 0
  • +

Replies To: Virus: Search Hijacker

#2 modi123_1  Icon User is online

  • Suitor #2
  • member icon



Reputation: 9259
  • View blog
  • Posts: 34,739
  • Joined: 12-June 08

Re: Virus: Search Hijacker

Posted 19 July 2012 - 10:01 AM

Did you run malware bytes in safe mode? If not do that. 9/10 times it takes care of it.

Any id on the virus name? You can probably just zero in on a one shot fixer..
Was This Post Helpful? 0
  • +
  • -

#3 Utael  Icon User is offline

  • D.I.C Head

Reputation: 55
  • View blog
  • Posts: 210
  • Joined: 12-December 11

Re: Virus: Search Hijacker

Posted 19 July 2012 - 10:31 AM

Unfortunately, I don't know the name of the virus, After spybot is done searching, I'll pop into safemode and run malware bytes again.
Was This Post Helpful? 0
  • +
  • -

#4 calvinthedestroyer  Icon User is offline

  • D.I.C Lover

Reputation: 167
  • View blog
  • Posts: 1,911
  • Joined: 13-October 07

Re: Virus: Search Hijacker

Posted 21 July 2012 - 09:51 AM

Check your host file to make sure it was not changed.
Was This Post Helpful? 0
  • +
  • -

#5 no2pencil  Icon User is online

  • Admiral Fancy Pants
  • member icon

Reputation: 5345
  • View blog
  • Posts: 27,296
  • Joined: 10-May 07

Re: Virus: Search Hijacker

Posted 21 July 2012 - 10:21 AM

Disable all Firefox addons. Any search hijack I've seen is an addon to the browser.
Was This Post Helpful? 0
  • +
  • -

#6 Utael  Icon User is offline

  • D.I.C Head

Reputation: 55
  • View blog
  • Posts: 210
  • Joined: 12-December 11

Re: Virus: Search Hijacker

Posted 21 July 2012 - 11:30 AM

View Postno2pencil, on 21 July 2012 - 12:21 PM, said:

Disable all Firefox addons. Any search hijack I've seen is an addon to the browser.


I checked all my addons, and the only things still running are the ones I've personally added (Way before this virus came around)

Where would I find the host file?

Also, for some strange reason it will not boot into safemode, It gets to loading the basic system files, gets stuck on one file and never loads...

This post has been edited by Utael: 21 July 2012 - 11:31 AM

Was This Post Helpful? 0
  • +
  • -

#7 Ryano121  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1362
  • Posts: 3,002
  • Joined: 30-January 11

Re: Virus: Search Hijacker

Posted 21 July 2012 - 12:08 PM

Find it at -

C:\Windows\System32\drivers\etc\hosts

Also is this only happening with Firefox? Or with all browsers?

This post has been edited by Ryano121: 21 July 2012 - 12:09 PM

Was This Post Helpful? 0
  • +
  • -

#8 no2pencil  Icon User is online

  • Admiral Fancy Pants
  • member icon

Reputation: 5345
  • View blog
  • Posts: 27,296
  • Joined: 10-May 07

Re: Virus: Search Hijacker

Posted 21 July 2012 - 05:09 PM

View PostUtael, on 21 July 2012 - 02:30 PM, said:

Also, for some strange reason it will not boot into safemode, It gets to loading the basic system files, gets stuck on one file and never loads...

You know what would be REALLY helpful? Knowing what that file is.
Was This Post Helpful? 0
  • +
  • -

#9 Utael  Icon User is offline

  • D.I.C Head

Reputation: 55
  • View blog
  • Posts: 210
  • Joined: 12-December 11

Re: Virus: Search Hijacker

Posted 22 July 2012 - 02:38 PM

Update on info, it only seems to use Google, haven't tried another browser, when I get home ill get the file name I do know its a .sys file, all my docs (that are important are backed up) so if o can't sort this out today ill just do a wipe and reload. Maybe ill dual boot with ubuntu this time.
Was This Post Helpful? 0
  • +
  • -

#10 no2pencil  Icon User is online

  • Admiral Fancy Pants
  • member icon

Reputation: 5345
  • View blog
  • Posts: 27,296
  • Joined: 10-May 07

Re: Virus: Search Hijacker

Posted 22 July 2012 - 05:53 PM

Delete your Google Search, & reinstall it.

Attached Image
Was This Post Helpful? 0
  • +
  • -

#11 Utael  Icon User is offline

  • D.I.C Head

Reputation: 55
  • View blog
  • Posts: 210
  • Joined: 12-December 11

Re: Virus: Search Hijacker

Posted 22 July 2012 - 06:37 PM

View Postno2pencil, on 22 July 2012 - 07:53 PM, said:

Delete your Google Search, & reinstall it.

Attachment google.JPG


It effects Both Firefox and Google Chrome, I am talking about the actual webpage and not the add-on bar. Although I did try your suggestion.

Going to do a quick restart into safemode and I'll post which sys file its getting stuck on.

And of course now it boots into safe mode
Was This Post Helpful? 0
  • +
  • -

#12 KYA  Icon User is online

  • g++ jameson.cpp -o beverage
  • member icon

Reputation: 3105
  • View blog
  • Posts: 19,144
  • Joined: 14-September 07

Re: Virus: Search Hijacker

Posted 22 July 2012 - 06:40 PM

It might be a dns hijack or a portion of the TDDS rootkit. Reset and reboot your router if you have one and flush the dns cache on your local box.
Was This Post Helpful? 0
  • +
  • -

#13 GunnerInc  Icon User is offline

  • "Hurry up and wait"
  • member icon




Reputation: 858
  • View blog
  • Posts: 2,282
  • Joined: 28-March 11

Re: Virus: Search Hijacker

Posted 22 July 2012 - 06:42 PM

The sys file is probably TDSSserve.sys

Search for "Google Redirect Virus" and you will find tons of info on how to remove it.
Was This Post Helpful? 0
  • +
  • -

#14 Utael  Icon User is offline

  • D.I.C Head

Reputation: 55
  • View blog
  • Posts: 210
  • Joined: 12-December 11

Re: Virus: Search Hijacker

Posted 22 July 2012 - 07:07 PM

View PostKYA, on 22 July 2012 - 08:40 PM, said:

It might be a dns hijack or a portion of the TDDS rootkit. Reset and reboot your router if you have one and flush the dns cache on your local box.


I'd do that except it doesn't effect any other device on this network. I have also flushed the DNS cache with no change.


View PostGunnerInc, on 22 July 2012 - 08:42 PM, said:

The sys file is probably TDSSserve.sys

Search for "Google Redirect Virus" and you will find tons of info on how to remove it.


It booted now in safe mode and am now running malware in safemode, we will see if it comes up with anything. While thats going I will certainly do that.

I don't remember the name of the process, I was just excited it booted into safemode, I will definately track that down. If the malware bytes doesn't pick anything up that will be the next step since that requires a dedicated program.
Was This Post Helpful? 0
  • +
  • -

#15 Utael  Icon User is offline

  • D.I.C Head

Reputation: 55
  • View blog
  • Posts: 210
  • Joined: 12-December 11

Re: Virus: Search Hijacker

Posted 22 July 2012 - 08:59 PM

Update: Ran TDSS killer, found a trojan am restarting and will find out whether this solved the issue, If it does I know what I'm downloading next (kaspersky {hope i spelled that right})

Looks like I'm gonna be shelling out $60 this next pay period.

This post has been edited by Utael: 22 July 2012 - 09:04 PM

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1