browser hijack

D

Dalziel

Help please.I seem to have inadvertently got my browser hijacked!
Each time I try to google for a solution I get to pages other than
what I expect.
It comes up with "waiting for poiskwebdll.com". I'm running windows xp
with the latest updates, MS Security antivirus software (with latest
updates) and also ran Malwarebytes anti-malware. The latter reports
'no viruses found'. The MS antivirus finds 2 viruses and cleans them
then wants a restart. But after restarting it keeps coming up with the
same viruses, (Virus:Win32/Patchload.O) in file wuauclt.exe. Deleting
them does not do any good.
Hope there is a solution other than re-installing the whole OS.
 
M

MowGreen

Dalziel said:
Help please.I seem to have inadvertently got my browser hijacked!
Each time I try to google for a solution I get to pages other than
what I expect.
It comes up with "waiting for poiskwebdll.com". I'm running windows xp
with the latest updates, MS Security antivirus software (with latest
updates) and also ran Malwarebytes anti-malware. The latter reports
'no viruses found'. The MS antivirus finds 2 viruses and cleans them
then wants a restart. But after restarting it keeps coming up with the
same viruses, (Virus:Win32/Patchload.O) in file wuauclt.exe. Deleting
them does not do any good.
Hope there is a solution other than re-installing the whole OS.
Click to expand...


Dalziel,

Since MSE is installed, you can get *free* help with malware removal
here - https://support.microsoftsecurityessentials.com/
Click the “I think my computer is infected” link. From there, select
either the email or phone option.

Or, use this link:
http://supportservices.microsoft.com/support/services/virus_essentials

If you want to clean the system yourself and be reasonably sure that
it's no longer present, suggest you -

1. Boot to Safe Mode and run MSE ( good but NO guarantees the malware
will not reappear when the system restarts to normal Windows mode )

2. Burn a CD and boot the system from that CD so that the Hard Drive is
*not* active ( much better than #1 and you can *almost* guarantee the
system will be malware free ) -

a. Kaspersky Rescue Disk -
http://support.kaspersky.com/viruses/rescuedisk/main

b. How to create a Bitdefender Rescue CD -
http://www.bitdefender.com/support/How-to-create-a-Bitdefender-Rescue-CD-627.html

c. Microsoft Safety Scanner ( can be burned to a CD or run from a USB
thumb drive; not updatable and expires in 10 days )
http://www.microsoft.com/security/scanner/en-us/default.aspx


MowGreen
================
*-343-* FDNY
Never Forgotten
================

"Security updates should *never* have *non-security content* prechecked
 
D

Dalziel

Dalziel,

Since MSE is installed, you can get *free* help with malware removal
here -https://support.microsoftsecurityessentials.com/
Click the “I think my computer is infected” link.   From there, select
either the email or phone option.

Or, use this link:http://supportservices.microsoft.com/support/services/virus_essentials

If you want to clean the system yourself and be reasonably sure that
it's no longer present, suggest you -

1. Boot to Safe Mode and run MSE ( good but NO guarantees the malware
will not reappear when the system restarts to normal Windows mode )

2. Burn a CD and boot the system from that CD so that the Hard Drive is
*not* active ( much better than #1 and you can *almost* guarantee the
system will be malware free ) -

a. Kaspersky Rescue Disk -http://support.kaspersky.com/viruses/rescuedisk/main

b. How to create a Bitdefender Rescue CD -http://www.bitdefender.com/support/How-to-create-a-Bitdefender-Rescue...

c. Microsoft Safety Scanner ( can be burned to a CD or run from a USB
thumb drive; not updatable and expires in 10 days )http://www.microsoft.com/security/scanner/en-us/default.aspx

MowGreen
================
  *-343-* FDNY
Never Forgotten
================

"Security updates should *never* have *non-security content* prechecked
Click to expand...

Hello
Thanks for replying. I did try all your solutions but without success.
Each google search on the infected computer took me to a shopping
channel. Not porn sites but regular shopping channels that I never
visit anyway.
So bit the bullet and did a restore from a previous backup. The
computer is working fine again but needs a lot of customisation as the
last backup was nearly a year ago! My fault of course...should have
backed up more often.
But thanks very much for your help. Most appreciated.
Would still like to know what the 'poriskwebdll' and 'sirefef.p' virus
are though.

thanks again and regards
 
M

MowGreen

Hello
Thanks for replying. I did try all your solutions but without success.
Each google search on the infected computer took me to a shopping
channel. Not porn sites but regular shopping channels that I never
visit anyway.
So bit the bullet and did a restore from a previous backup. The
computer is working fine again but needs a lot of customisation as the
last backup was nearly a year ago! My fault of course...should have
backed up more often.
But thanks very much for your help. Most appreciated.
Would still like to know what the 'poriskwebdll' and 'sirefef.p' virus
are though.

thanks again and regards
Click to expand...


'poriskwebdll' is a modification to this malware -

Trojan:Win32/Sirefef.P
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/Sirefef.P

" Installation
Trojan:Win32/Sirefef.P is installed by other malware and may be present
as a file named "wpbt0.dll". The trojan component is responsible for
downloading other malicious components. "

The malware present was most likely downloaded and installed by
Virus:Win32/Patchload.O.
It replaces system files (ex: wuauclt.exe ) .

That's why it is so difficult to remove infected files when the Hard
Drive is running. Booting from a Linux based rescue cd or from a USB
thumb drive/external drive (MS Safety Scanner) is the only way to clean
up this crap with any degree of certainty.


MowGreen
================
*-343-* FDNY
Never Forgotten
================

"Security updates should *never* have *non-security content* prechecked
 
D

Dalziel

'poriskwebdll' is a modification to this malware -

Trojan:Win32/Sirefef.Phttp://www.microsoft.com/security/portal/threat/encyclopedia/Entry.as...

" Installation
Trojan:Win32/Sirefef.P is installed by other malware and may be present
as a file named "wpbt0.dll". The trojan component is responsible for
downloading other malicious components. "

The malware present was most likely downloaded and installed by
Virus:Win32/Patchload.O.
It replaces system files (ex: wuauclt.exe ) .

That's why it is so difficult to remove infected files when the Hard
Drive is running. Booting from a Linux based rescue cd or from a USB
thumb drive/external drive (MS Safety Scanner) is the only way to clean
up this crap with any degree of certainty.

MowGreen
================
  *-343-* FDNY
Never Forgotten
================

"Security updates should *never* have *non-security content* prechecked
Click to expand...

Thanks. Yes, I see now that there was a Sirefef.p, Win32/Patchload.O
and mention ofwuauclt.exe.
I manually deleted the latter after ooting from a Linux livecd.also
ran kaspersky Boot CD as you suggested. But the virus still remained
on boot up.
So, as I said, I idid a restore from a backup which though not perfect
was less hassle than re-installing windows and all the updates and
programmes, etc. Now I shall amke sure I backup more often. :)
lesson learnt.
Thanks again for your time and help.

Regards
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Browser Hijack Aftering Installing SP2 1
Browser Hijack? 4
Hijack Browser 13
Browser Hijack 12
Microsoft detected the Win32/PSW.Lineage.DN/PWS-Lineage virus on your computer 0
Browser hijack 3 1
Questions about limited(standard) account 5
Browser Problems 2

Top