FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


My browser has been hijacked





Da Rossa
Hi, I'm living for three months now with the v9 infectious agent which hijacks browsers, changes the home page and, even worse, forces itself to be the default search engine when I open a new tab, whatever browser I use.

This is my work computer, so it's very inconvenient.

I don't even know how come did I get infected, so it is also embarassing. I run Windows 7 Starter (believe me) and Google Chrome is the main browser, but IE is infected too.

The last thing I noticed is I can't access Chrome's apps since I need to open a new tab in order to swipe through the "speed dial favourites" or the installed Apps.

I've tried a number of solutions already, including ones involving booting in safemode. I use Microsoft Security Essentials as the antivirus and Comodo Firewall Free (which I don't recall correctly if installed after or prior to the infection.) McAfee Stinger and Spybot S&D are also uncapable of blasting it.

Please! Sad

Edit: forgot to say that I've been trying to lookup some removal guides found on Google, then I stopped by an arcticle that had a manual procedure or... download a removal tool. I downloaded it. Then, it had a normal installation behaviour, which I found to be odd. These removers are not supposed to be fully installed in your OS like a big application. Given this bad attitude, I used this verifier (scamadviser.com) and found out that the site offering the removal tool was not fully legit. Now I'm asking: is the legit-verifier legit??
sonam
Actually I haven't this infection. Very Happy I think this is very annoying browser manipulation. Here I find good instructions how to remove it without any software.

http://www.im-infected.com/hijacker/httpwww-v9-com-hijacker.html
http://productforums.google.com/forum/#!topic/chrome/Qt0hZlQZc40

Sonam
Sabbadon
you may try to download and install malwarebytes (the free version is enough and when install click "no" when it asks if you want to try the PRO version).
After installed it update his virus db. then run a scan. most of times it may help just to clean with that tool.
Let me know if it solved, if not I'll say you another method but it's bit "complicated"
Vanilla
I have four browsers installed in my computer. IE because it came with my computer, Fx because I need it for my bank account, Opera - the default and Chrome - when I need something that doesn't work properly with Opera.

Sometimes I open Chrome because I need to access my university's system and it works better with Chrome, and since it's already open, I keep using it. The amount of Spyware after just one day using Chrome is ridiculous. I don't visit obscure websites, I browse mainly blogs and forums. So I'm saying: Chrome is pretty unsafe and I don't use it to open my e-mail accounts. I'm afraid I'll have a problem and then I won't be able to recover my password. So Opera is my choice. It's true that it's the best browser nobody uses and I hope it will continue on being this.

I also use Spybot and and Panda Cloud Antivirus, the two combined work very well in my computer.
Da Rossa
@ Sonam: Oh My God I would never think this is actually a very nasty regular search engine! But it behaves and throttles my computer's performance just like any ordinary adware. You know, if you find someone who dresses like a thief, smells like a thief, speaks like a thief, thinks like a thief, smiles like a thief and also has a thief face, but claims not to be a thief, what will you think?

Anyway, I'll try applying the method when I get back to work, thanks for your (rare!) tip!

Edit:

Quote:
you may try to download and install malwarebytes (the free version is enough and when install click "no" when it asks if you want to try the PRO version).
After installed it update his virus db. then run a scan. most of times it may help just to clean with that tool.
Let me know if it solved, if not I'll say you another method but it's bit "complicated"


No luck. Already tried MWB, in safemode with networking. Just after I ran a Spybot scan and nothing.

Quote:
I have four browsers installed in my computer. IE because it came with my computer, Fx because I need it for my bank account, Opera - the default and Chrome - when I need something that doesn't work properly with Opera.


Then I don't understand why you use Chrome. You could use Firefox (which you already has installed) for the things Opera can't handle! Razz

I like Opera, don't have currently installed in here, I've never thought that way... plus, it is the fastest in rendering they say...
Sabbadon
You may try to use a tool called Combofix.. I never had problems with that and it "saved my life" many times but I won't be responsible for any SO damage: read carefully the guide in the following link (and do anyway a precautional backup of important files)

http://www.bleepingcomputer.com/combofix/

Hope it helps!
manfer
I don't know how deep in the system the infection is but at least to solve the problem with browser maybe is enough to reset the user profile.

Both chrome and firefox browser has the concept of user profiles so it can be used by various users and each one having their own extensions, favorites, saved passwords and forms, cache...

So removing the infected profile and creating a new one with defaults could be enough solution to at least remove the chrome hijack.

This is the official chrome support guide to create a new profile (reseting the old one)
http://support.google.com/chrome/bin/answer.py?hl=en&answer=142059

You can read documentation too about multiuser to raise knowledge about profiles and to know how to have more than one at a time if you prefer that
http://support.google.com/chrome/bin/answer.py?hl=en&answer=2364824

Take in mind that by resetting or creating a new profile you are going to lost favorites, saved passwords, default search engine, etc., so if for some reason those are important for you just find a solution to get that data back. For favorites should exists an easy way to backup them. For passwords you should be sure you know all of them.
If you have any extension installed you will have to reinstall them too.


As said this is not a solution for the whole infection (you are saying IE is infected too and maybe more things are infected) but at least maybe that can solve your problems with chrome.
zimmer
it happens to me when i visited the a site that has a bad rating of WEB OF TRURST (WOT). It usually happens also in a google chrome browser after that happens i switch my default browser to Mozilla firefox.

I guess Web of trust ratings is a good tools to visit or browse a website to avoid this kind of browser malfunctions.

Now, i installed WOT both of my browsers.
Vanilla
Da Rossa wrote:
Then I don't understand why you use Chrome. You could use Firefox (which you already has installed) for the things Opera can't handle! Razz


Pretty simple: they have the same engine. Chrome is better for me because Fx is way too heavy (I use a netbook most of the time). I only open Fx when it is strictly necessary.
manfer
Vanilla wrote:
Pretty simple: they have the same engine.


I'm not sure what you mean here. If you are refering to firefox and chrome and you say they are using same engine, in my opinion you are wrong.

While firefox uses gecko as its rendering engine, chrome uses webkit as its rendering engine.

While firefox uses spidermonkey javascript engine, chrome uses V8 javascript engine.

Chrome and Firefox has very little in common other than being two browsers that are implementing (at least trying their best) the www standards as specified by the assigned working groups by the world wide web consortium.
Da Rossa
Quote:
Pretty simple: they have the same engine. Chrome is better for me because Fx is way too heavy (I use a netbook most of the time). I only open Fx when it is strictly necessary.


OMG I wrote "you has" above, shame on me Embarassed
So, I still can't understand. If you take a look at your task manager, you'll see Chrome ends up eating more memory than Firefox. Just do the sum of each chrome.exe process. There can still be the processor performance thing, but this I don't even know how to benchmark... I couldn't say if a higher use of CPU would mean a better performance...

Web of Trust is of trust? I started questioning every tool which claims to remove the v9 Hijacker. There are a lot of fake malware removers out there. So I found the scamadviser.com. Is scamadviser a scam? Smile
manfer
@Da Rossa

Malwarebytes is the actual best tool to try to automatically remove a malware infection. If malwarebytes had been unable to remove the infection then you are going to need to more manually find and remove the infection.

That is a task not easy to do oneself even being an experienced computer user unless you are very experienced in security. So my suggestion would be to use one of the specialized forums that provide help in dealing with those kind of infections.

On those forums experts will guide you and inform you about the tool you have to run in order to create a log text (some years ago that was done mostly with hijackthis and now it is done mostly with OTL) so you can publish it for them to analyze to give you the steps you have to follow to get rid of the infection.

Some of those forums are for example geekstogo forums (english forums) or infospyware forums (spanish forums)

And anyway the link to the google groups discussion provided by @Sonam doesn't look a bad place to look either though their doesn't seems to be an unique definitive solution in there that ensures to get rid of everything it has good suggestions both for Windows XP and Windows 7:

[url=http://productforums.google.com/forum/#!topic/chrome/Qt0hZlQZc40]Google forums[/url]

if it is only a chrome issue as it is explained there, doing what is explained in that forum is enough as well as would be enough resetting the google chrome profile as explained in:

http://support.google.com/chrome/bin/answer.py?hl=en&answer=142059
Da Rossa
Thanks Manfer. I'll write down (bookmark) those links. But I think the reason MWB didn't nail the infection is because it is not a proper, real infection, as sonam pointed... maybe it doesn't fit a malware signiture for the anti-malware solutions we have around. Nasty applications doesn't necessarily are actual infections,right? I wish I'm wrong, because it is inconvenient.
manfer
Da Rossa wrote:
Thanks Manfer. I'll write down (bookmark) those links. But I think the reason MWB didn't nail the infection is because it is not a proper, real infection, as sonam pointed... maybe it doesn't fit a malware signiture for the anti-malware solutions we have around. Nasty applications doesn't necessarily are actual infections,right? I wish I'm wrong, because it is inconvenient.


There is not any software that automatically finds everything. Nor malwarebytes finds all malware, nor any antivirus finds all viruses. (this is just an example as both malwarebytes and antivirus find all sort of nasty things).

So it is posible that a malware is not caught by malwarebytes or not considered malware by malwarebytes.

Anyway something that hijacks the browser the way that v9.com does and makes it difficult to change it back to what you want has to be considered malware in my opinion even if it comes from a supposed totally legal browser. For what I read in the google groups discussions it hijacks the browser very badly so can only be considered malware.

If as in the links pointed by @Sonam the only thing that have been damaged in your system is google chrome (in fact just default chrome search engine in some nasty ways), then solving the chrome problem by following the advices on the google discussion that @Sonam linked or by resetting the google profile as described in google documentation I have linked should be enough to get rid of that malware.

The solution in google discussion is less intrusive because it just solves the problem and respects all the rest of configuration but it is a little harder to follow. You will have to find which is the best solution that fits your system from the solutions given on the discussion as seems different depending on the operating system.

The solution by resetting the chrome profile is more intrusive as will solve the problem but at same time will lost favorites, configuration will be resetted to defaults, you'll lost saved passwords in the browser, ... (is just as starting google chrome from scratch as if you had installed it just in that very moment for first time), but it is very easy to do.
Da Rossa
Quote:
There is not any software that automatically finds everything. Nor malwarebytes finds all malware, nor any antivirus finds all viruses. (this is just an example as both malwarebytes and antivirus find all sort of nasty things).


Yeah but the thing is, I already ran a handful of antispy utilities, including McAfee Stinger (portable) and Spybot. All in safemode.

Quote:
If as in the links pointed by @Sonam the only thing that have been damaged in your system is google chrome (in fact just default chrome search engine in some nasty ways), then solving the chrome problem by following the advices on the google discussion that @Sonam linked or by resetting the google profile as described in google documentation I have linked should be enough to get rid of that malware.


Not only Chrome has been taken; it got IE too. So all browsers installed in that machine were severed. So this is not applicable:

Quote:
The solution by resetting the chrome profile is more intrusive as will solve the problem but at same time will lost favorites, configuration will be resetted to defaults, you'll lost saved passwords in the browser, ... (is just as starting google chrome from scratch as if you had installed it just in that very moment for first time), but it is very easy to do.


Now I agree. It is malware. Period.
manfer
Da Rossa wrote:

Not only Chrome has been taken; it got IE too. So all browsers installed in that machine were severed. So this is not applicable:


I forgot that from your first message.

----------------

Anyway if it were my system I would solve the problem with chrome and later will try to deal with the IE hijack.

For IE you can try same as with chrome. The less intrusive solution by reconfiguring the default IE search engine. Or the more intrusive one resetting the whole IE settings to its defaults. You can find documentation from Microsoft for both. I'm not providing links because it is different if it is IE7/8 or IE9.
manfer
Da Rossa wrote:

Edit: forgot to say that I've been trying to lookup some removal guides found on Google, then I stopped by an arcticle that had a manual procedure or... download a removal tool. I downloaded it. Then, it had a normal installation behaviour, which I found to be odd. These removers are not supposed to be fully installed in your OS like a big application. Given this bad attitude, I used this verifier (scamadviser.com) and found out that the site offering the removal tool was not fully legit. Now I'm asking: is the legit-verifier legit??


About this I would say that one has to be very very very careful with app that claims to be antivirus or malware removals. There is a huge amount of those that are themselves malware (rogue security software).
Vanilla
manfer wrote:
While firefox uses gecko as its rendering engine, chrome uses webkit as its rendering engine.

While firefox uses spidermonkey javascript engine, chrome uses V8 javascript engine.

Chrome and Firefox has very little in common other than being two browsers that are implementing (at least trying their best) the www standards as specified by the assigned working groups by the world wide web consortium.


Sorry, I thought that both used the gecko engine. My bad. Smile

Da Rossa wrote:
So, I still can't understand. If you take a look at your task manager, you'll see Chrome ends up eating more memory than Firefox. Just do the sum of each chrome.exe process. There can still be the processor performance thing, but this I don't even know how to benchmark... I couldn't say if a higher use of CPU would mean a better performance...


It doesn't make a difference to me since I only open one tab when I'm using a different browser. You see, I open the browser, I do what I need to do and then I close it. Then I go back to my pretty Opera. Fuss free. Very Happy
existenz
I have a similar issue. My browsers (firefox, chrome, ie) were hijacked by u-search dot net (don't try to open it because I don't know if you'll get infected also). It changed all my default settings (home page, search url, new tab url) and I cannot change them back.
During the infection I was protected by AVG and after the infection I've tried to remove it with malwarebytes. It did find some infected files and removed them but I still can't set any other default pages.

Did you by any chance found a solution on to remove a browser hijacker?

Thanks!
Related topics
GIF and JPEG.
which kind of browser do u use
*OFFICIAL* Which Browser do you use?
Strange Fire fox problem
Netscape patches 1-day-old browser
internet explorer
Why use IE?
Spoofing in Mozilla ( FireFox) browser flaw
... And the browser trophy goes to ...
Speed Up Firefox Browser Upto 10 times!!!
Opera (the web browser) is now FREE!!!
what is the best web browser?
Browser Errors..
Cross-Browser Compatability
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.