Removing common browser hijackers?

T

ToolPackinMama

One of the most common problems I deal with is helping home users to
remove browser hijackers and extortion-ware. Usually they appear as
helpful pop-ups that warn that you are infected, and they offer to sell
you something, or direct you to somebody who sells something.

What's the quickest, cleanest, safest way to remove this stuff, short of
wiping the hard drive and re-installing the OS? I actually have felt
driven to doing that a few times, but surely there is something
trustworthy that is less extreme?

If there is a good freeware cleaner that you verify as trustworthy, what
is it? There certainly are a lot of sites that offer such things but
they could be malware themselves.
 
V

VanguardLH

ToolPackinMama said:
One of the most common problems I deal with is helping home users to
remove browser hijackers and extortion-ware. Usually they appear as
helpful pop-ups that warn that you are infected, and they offer to sell
you something, or direct you to somebody who sells something.

What's the quickest, cleanest, safest way to remove this stuff, short of
wiping the hard drive and re-installing the OS? I actually have felt
driven to doing that a few times, but surely there is something
trustworthy that is less extreme?

If there is a good freeware cleaner that you verify as trustworthy, what
is it? There certainly are a lot of sites that offer such things but
they could be malware themselves.

Decide whether you want to support home users that choose to login under
an admin-level Windows account that permits them to install all that
crap that they are incapable of refusing.

Disinfection is not guaranteed to remove all of a pest plus it doesn't
not restore the computer back to the prior state so the remnant files
and registry keys after disinfection can cause side effects.

Focus keeping the crap out rather than letting it in and then having to
shovel it out. Of course, if your customers were safe users then they
wouldn't be paying you to fix their computers.

If these customers want a means of restoring their computers back to a
prior state then why haven't they installed imaging software and
schedule periodic (daily) backups?

While there are products like Returnil that can be left enabled in safe
mode where all changes to the [virtual] hard disk get discarded on a
reboot, These do not use a VMM (virtual machine manager) running a VM
(virtual machine) which is slow because all hardware except the CPU is
emulated. They use the real hardware so there is no impact on speed.
Even the "virtual disk" where all disk changes are effected is reserved
space on the real hard disk. Reboot and all the changes to the virtual
hard disk are gone. That also means the user is reverted to the same
state as before after a reboot. They need to save the data files
elsewhere so changes will survive a reboot. Virtualizing disk changes
does not obviate the need to perform regular backups.

To your customers: If they don't backup then they deem their data as
reproducible or trivial. That they don't like to hear that doesn't
eliminate that they must do some effort to provide recovery. If they
don't invest in recovery then they don't have any (or it can get far
more expensive then they consider is the value of that data).
 
F

Flasherly

If there is a good freeware cleaner that you verify as trustworthy, what
is it?

If you handing over/repairing builds, well, they'll probably just have
to go down the rabbit hole to see how far it goes. Mostly because
they're stupid rabbits and most won't get to come back out. Mostly.

A binary sector backup from OS images -- achieved from a MBR boot
arbitrator, through booting into another OS, streaming back
sector-to-sector images that are periodically updated and rewritten
when changes occur or such as trusted programs accumulate -- to a
rabbit is a hostile entity and act of aggression;- A binary image will
insinuate intelligent commitment to rules and syntax governing
computers, such as: No binary image should ever have seen the WWW.
The OS exposed to the WW should be rewritten, as a matter of
principle, every week or two by a binary image, regardless.

Rabbits, I've encountered, do not want to play with fox;- they just
want to be silly rabbits. Congratulations, Thumper. It appears
you've been adopted for hutch master.

Between you and I, Thumper, it takes twice the time for me to write an
OS image, than to restore the image to a partition;- I rewrite XP in
45 seconds and Win7 in 2min and 30sec;- I keep 3 generations of dated
XP OS image writes and 2 for Win7. Binary sector writes occur between
two physical SSD brand makes.
 
T

ToolPackinMama

To your customers: If they don't backup then they deem their data as
reproducible or trivial. That they don't like to hear that doesn't
eliminate that they must do some effort to provide recovery. If they
don't invest in recovery then they don't have any (or it can get far
more expensive then they consider is the value of that data).

A great emotional weight lifted off of me when I read that paragraph.

Gods, why don't people save copies of their personal stuff, at least?
Nine times out of ten they have no backups saved at all!

Two days ago I delivered a whole new hand-built PC to one of my oldest
customers. She had been limping along with an ancient Dell with Vista,
and was happy enough until she picked up one of these ferocious
hijackers. I asked her what data she wanted rescued/transferred from
the old dustdox, and in the end the only thing that mattered to her was
one photograph. BUT! I learned that AFTER trying to salvage over 5
gigs of data for her.

Turns out that one picture was something she could have simply asked for
another copy of, from the sender.

In the end, as long as I am paid by the hour, I don't care.
 
T

ToolPackinMama

| One of the most common problems I deal with is helping home users to
| remove browser hijackers and extortion-ware. Usually they appear as
| helpful pop-ups that warn that you are infected, and they offer to sell
| you something, or direct you to somebody who sells something.
|
| What's the quickest, cleanest, safest way to remove this stuff, short of
| wiping the hard drive and re-installing the OS? I actually have felt
| driven to doing that a few times, but surely there is something
| trustworthy that is less extreme?
|
| If there is a good freeware cleaner that you verify as trustworthy, what
| is it? There certainly are a lot of sites that offer such things but
| they could be malware themselves.

My first step is to run the free Malwarebytes Anti-Malware program.

https://www.malwarebytes.org/downloads/

It's as reliable as such programs get. Install it and then update the database
before scanning.

Larc


Thanks a lot! :)
 
T

ToolPackinMama

If you handing over/repairing builds, well, they'll probably just have
to go down the rabbit hole to see how far it goes. Mostly because
they're stupid rabbits and most won't get to come back out. Mostly.

Well, yes.
Between you and I, Thumper, it takes twice the time for me to write an
OS image, than to restore the image to a partition;- I rewrite XP in
45 seconds and Win7 in 2min and 30sec;- I keep 3 generations of dated
XP OS image writes and 2 for Win7. Binary sector writes occur between
two physical SSD brand makes.

You exist on a whole other plane, my friend. I always advise people to
at least save copies of unique photos and documents, but they usually
can't even do that. It's gotten to the point that I advise most people
to do all their email via their ISP web interface, because that
increases the chance that their correspondance at least will still be
there after a crash or wipe.
 
T

ToolPackinMama

I asked her what data she wanted rescued/transferred from
the old dustdox, and in the end the only thing that mattered to her was
one photograph. BUT! I learned that AFTER trying to salvage over 5
gigs of data for her.

Oh! Oh, I gotta tell you the best part. At least 4 gigs of the five
gigs of data was icons and copies of icons and copies of copies of icons
I KID YOU NOT.
 
T

ToolPackinMama

Oh! Oh, I gotta tell you the best part. At least 4 gigs of the five
gigs of data was icons and copies of icons and copies of copies of icons
I KID YOU NOT.

I know many of you sneer at people like that, but I am filled with
compassionate sorrow when I behold the evidence of their suffering.
 
T

ToolPackinMama

A woman who is a friend (and customer) came to me with a CD and booklet,
intending them as a gift to me, saying "I know you like computer games
and things like that, so I thought you would like this."

It was the manual and drivers disk from her motherboard. I had given
them to her when I had first built the computer, saying "Hang on to
these, they are important." She had forgotten what they were and why
she had them... and then thought "Hey! ToolPackinMama might like these!"
 
F

Flasherly

You exist on a whole other plane, my friend. I always advise people to
at least save copies of unique photos and documents, but they usually
can't even do that. It's gotten to the point that I advise most people
to do all their email via their ISP web interface, because that
increases the chance that their correspondance at least will still be
there after a crash or wipe.

Yea...I'm a computer "genius." Hell, may as well be after talking to
the average joe/jane about computers. (Gott'a come to places like
this forum to get taken down a notch or two and put in my place.)

Well...I do that, too, although in general for a
qualification/disclaimer after selling a build. I explain there's a
hidden backup I put on their computer (sometimes I do that with a
hidden partition, a binary image -- or just give them a DVD with the
same thing, which they then go and lose, damnit.)

Anything after that they do to the computer (my pictures, etc.), I
continue to explain, will be lost when I restore the computer to its
original state when they bought it. It's the short way for me to say
-- No, damnit, I didn't build you a faulty computer, which you're now
accusing me of, because of a software setting, something you changed
and can't understand the repercussions. (Just sit down and watch me
pull my rabbit out of the hat of magic with a image backup.)

I know, I know...sounds like a SOB way to handle things, only sell
enough of them and, believe me, when word gets around all kinds will
come around. At first it's respect and some wonderment, showing them
a build;- after buying, running with it awhile or more, it's "teach me
or do it for free with all your spare time." A core resentment
overcomes them because of what you can do with computers when they
realize they cannot;- the angles then shift inot other aspects of
their characters that emerge.

Although, I would do work for others, of course, I'm a bit closer
with... -will- help/teach them to learn to save things and such. Good,
honest and perceptive people, bless their hearts -- even if
accomplishing much of anything with a computer, for them, is like
trying to go through a brick wall with a sledge hammer.

There's a little statistical abstract about people and computers I'd
like to share with you: The more knowledgeable and sophisticated a
computer operator is, the more private their computer and its workings
become to them. (Not here, not now and not with me -- you can just
keep your damn hands off it if you don't know what you're doing!)
 
M

Michael Black

A woman who is a friend (and customer) came to me with a CD and booklet,
intending them as a gift to me, saying "I know you like computer games and
things like that, so I thought you would like this."

It was the manual and drivers disk from her motherboard. I had given them to
her when I had first built the computer, saying "Hang on to these, they are
important." She had forgotten what they were and why she had them... and
then thought "Hey! ToolPackinMama might like these!"
Sometimes those "useless parts" can be useful.

I once tried to upgrade my Mac Plus when someone gave me some low density
SIMMs from an upgrade, so I used a hot air gun to get the RAM off that,
and solder higher density RAM on the SIMM boards. It worked, except the
RAM was too dense, and the Mac Plus couldn't refresh it properly. So long
as I kept using it, it was fine, but if I let it sit, doing anything would
cause it to crash. It was a known problem, I just didn't know about it
until after I'd done the work.

I have a nice CPU fan for some future project, found in a bunch of odds
and ends tossed out. That's a good way to get hardware and miscellaneous
cables, someone does an upgrade and the bits leftover, and any pieces from
taken out during the upgrade are garbage.

My previous computer, I finally got it up to the maximum 512megs of RAM
when a random garage sale had two 256meg DIMMs, leftover from some upgrade
(they were even in the package from the newer RAM), and I paid a couple of
dollars.

I actually ended up with 2 1gig DIMMs last year at a garage sale for 5.00,
again some other upgrade, someone probably not knowing the value of what
was taken out. All I have to do is find a computer that takes that RAM.

So when I see a moterhboard box lying on the sidewalk waiting for the
garbage trucks, I always check to make sure there's nothing of interest
inside.

Michael
 
F

Flasherly

My previous computer, I finally got it up to the maximum 512megs of RAM
when a random garage sale had two 256meg DIMMs, leftover from some upgrade
(they were even in the package from the newer RAM), and I paid a couple of
dollars.

Early systems were crazy. $6K-$10K for a PC computer at the
beginnings. Or so they say. To populate a generic MB for a computer
with 640K, $300;- Radio Shack's, a 384K module for their stock,
256K-equipped TX1000, to bring it to 640K, was that, too. And ISA AST
EMS boards with 2 Meg for tasking swapping on a 6Mhz XT were waiting
right around the corner.

The oldest part for computers that's still working is a saying: It's a
hole where you go to throw your money into.

Until it stops and you say that's it and no more, to begin to look
into garbage boxes on the curbsides;- Me, I started by flipping them,
research for all the best, save the receipts and documentation to
prove it, build that computer for long enough to get intimate and turn
it into a smooth machine, and, by then, someone would usually buy it
for what I had in it. Just in time for the best to be raised a bar or
notch, for the same price as before, only faster and better. I'd go
buy all of that and do it all over again.

Worked fine until too many people wanted them and threw off my natural
rhythm, having to buy parts for builds without drilling them at my own
pace for at least a satisfied sense of research, I was buying the best
available for the money.

So, I took up timing and flipping market investments for a more
relaxing hobby, than anything of a sense of accomplishment people
buying computer builds gave me. I just quit building computers unless
it was for myself. I don't how thoroughly sound that decision was,
especially the investment part, although I'm more than comfortable
with a discipline and knowledge gained -- could do it again tomorrow
if I wanted to grease churning wheels again -- inasmuch by modest
assessment of realized abilities, by experience or profits, from
both;- although I'd have credit computers first with a sense for
monetary means, if not more than an appreciation to focus to that end.

Why, or what's there more to complain about if you remember to be
grateful for what you've managed and are able to take from right under
their noses;... nor to forget that easy money never quite means that
it's free.

-
They don't get that way for nothing. -Greek proverb.

Translated into French by Blaise Pascal: "Bet. You have no choice;-
You're in the game."
 
L

Loren Pechtel

Oh! Oh, I gotta tell you the best part. At least 4 gigs of the five
gigs of data was icons and copies of icons and copies of copies of icons
I KID YOU NOT.

No copies of shortcuts?
 
T

ToolPackinMama

SuperAnti-Spyware
Malwarebytes
HijackThis
ADWcleaner

For hidden processes/rootkits:-- tdsskiller, rkill, rubotted,
processkiller,rootkitbuster, Panda antirootkit, AvastAntirootkit, F-Secure's
blacklight - and now Malwarebytes iteself contains an antirootkit module.

Finally, there are a bunch of bootable anti-virus CD/DVDs from AVG, Avira,
Kaspersky, Panda, Bit-Defender, Dr. Web Cure-it, and more.

All free downloads. And some have specialized prgrams for particular pests
like ransomware.

That's great, thanks a lot!
 
T

ToolPackinMama

So when I see a moterhboard box lying on the sidewalk waiting for the
garbage trucks, I always check to make sure there's nothing of interest
inside.

LOL I do too, but, as my mother used to say, "we don't talk about such
things" LOL.
 
T

ToolPackinMama

...I explain there's a
hidden backup I put on their computer (sometimes I do that with a
hidden partition, a binary image -- or just give them a DVD with the
same thing, which they then go and lose, damnit.)

Ya Know!?

I never bothered to create something like that because to be honest for
me it's easier simply to re-install the OS. Most of my customers just
use the PC for web browsing and email - it's not like they would be
interesting to the NSA, or anything like that.
There's a little statistical abstract about people and computers I'd
like to share with you: The more knowledgeable and sophisticated a
computer operator is, the more private their computer and its workings
become to them. (Not here, not now and not with me -- you can just
keep your damn hands off it if you don't know what you're doing!)

Hm... maybe. In my experience each person's PC is as personal as a
toothbrush. Most of them don't realize it, though.
 
P

Paul

ToolPackinMama said:
Very cool! Thank you. :)

A download mirror is available at Bleepingcomputer, as well
as a few instructions for exception cases.

http://www.bleepingcomputer.com/download/adwcleaner/

The author could be in France.

https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Do the "scan" first, before trying "clean". Don't just
blindly click "clean" as your first option. You need to make
sure the tool isn't "nuts", before clicking the clean
option. Just like other (malware) tools can quarantine
important system files, which will prevent the computer
from booting later on. These things can make a mess,
if they hit a false positive.

At one time, the tool listed the location of the "prefs.js"
file for the browser. That was just an "informative" display
and did not mean the file was infected. However, if several
lines of text appeared just below the "prefs.js" convenience
display, then the file has some lines of text that need to
be removed. And those preference items will be removed when
you do a "clean". The last time I used the program, I don't
think it was bothering to list the location of "prefs.js",
so the confusion here may no longer exist.

Paul
 
F

Flasherly

I never bothered to create something like that because to be honest for
me it's easier simply to re-install the OS. Most of my customers just
use the PC for web browsing and email - it's not like they would be
interesting to the NSA, or anything like that.

I've been through it, myself getting messed up with installs or web
site permissions and such. So, it's what I do - I do, being not as
much what a customer wants, but how I'm comfortable handling it. No
doubt, and I've no illusions about that the antivirus business being
huge, but that's for later - at the customer's discretion. Saves me
extra work if they're happy going that route, nor far from all I care
about, for me, identifying a true condition if, how or when they come
back dissatisfied about a build: I do seriously want to know if it's
anything but software (for due consideration when selecting the next
set of hardware components).

Fast and easy, in and out and I'm gone. See Ya - just Wouldn't Want
to Be Ya, though. Norton, btw -- ghosting, in its heyday, powerful
stuff, capable of propagating images across thousands of network
connections.
Hm... maybe. In my experience each person's PC is as personal as a
toothbrush. Most of them don't realize it, though.

I also "entertain" the notion that, all else equal - exact same
components in a build - no two computers will then compute exactly
alike. Probably too many films over latenite spaghetti -- (Asimov's),
_I Robot_, The Matrix, _AI_ ... societies' umpteen favorites for the
high religion of an event horizon and singular-conscious enactment by
atomic #14, 0's and 1's, in Si.

Last generation it was into atomic bomb shelters after crawling out of
trenches;- then, thirty years ago, something called _The Terminator_
came out and all hell broke lose.

Screw toothbrushes, although I nonetheless do review them regularly
and just love to buy all the latest fancy dentistry technology
available;- I've shifted from better contained battery units to the
newest for a NiCad charging station a stock Eneloop batteries.
Seriously, when I brush my teeth - I rotate over three units: first an
Arm & Hammer with Eneloops, a self-contained Oral B, then another
contained Oral B extra high-velocity polisher (three different paste
types, as well - discounting final mouth wash).

Just let me tell a few of your customers about my real, deepest
personal feelings about toothbrushes -- then I'll ask if they'd like
me to sell them a computer. Guaranteed - you won't lose not a single
one.

How about, want to hear about my electric razor units, too, all of
them?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top