google redirects and possible rootkit?

[IDKWatMNShouldBe]

Hello,

Okay, so I was on the pirate bay, and I know that I shouldn't be on there but I was trying to find an old bruce lee movie.

And on the pirate bay there is a button that says "ANONYMOUS DOWNLOAD", and the reason I clicked on that was because for some reason the "GET TORRENT" button wasn't working on my laptop.

After I clicked and opened it, it was a setup for something called "Privitize VPN" I believe, and I assumed that it just had to install that to download the movie or files the user desires but in a secure connection or so.

My KIS 2013 blocked a malicious URL during the setup, so after the setup was done it didn't do anything with the movie, so I got suspicious and uninstalled "Privitize VPN" from programs and features.

But now my homepage got changed to

searchab.com

and it kept redirecting to that.

I've so far just changed my homepage on IE and google chrome back to google.ca and changed the search engine back to google too, and disabled an extention in the manage add ons by Privitize VPN.

Running a quick scan with MBAM came clean, but I'm still worried that there still may be something still left in my computer.

http://guides.yoosecurity.com/hijacked-by-searchab-com-redirect-how-to-remove/

http://virusesremoval.wordpress.com/2013/01/16/how-can-i-remove-searchab-com-virus-and-fix-redirect-problem/

http://www.zimbio.com/Remove+Malware/articles/9lsARhEYQkB/Searchab+com+Removal+Instructions+Step+Step

http://blog.cheesesoft.com/searchab-com-how-to-remove-searchab-com-from-pc/

http://www.pcthreatremoval.net/solved-how-to-uninstall-privitize-vpn-from-pc-completely

http://www.tomshardware.com/forum/63401-63-privitize-removal

After reading these articles, searchab is a parasitic browser hijacker and some of them say how it comes with a rootkit.

Could you guys reccomend me some steps to do and remove this completely? Thanks.

[TheDarkKnight]

I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear.

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download Malwarebytes Anti-Rootkit here.

• Unzip the contents to a folder on the Desktop.
  
• Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

=====

In your reply please provide the contents of the following logs:

• ComboFix.txt.
  
• Both MBAR logs.

How is your computer running?

[IDKWatMNShouldBe]

Hello, is it possible that I can just use some programs to scan for malware instead before I run combofix?

I've read how there's a risk of using it and if I don't have an infection will there still be a risk something may go wrong after running combofix?

I will soon hopefully run MBAR but if it does find some infections such as a root kit I will not remove it now in case there is a risk of something to go wrong during the removal.

Thanks.

[TheDarkKnight]

G'day IDKWatMNShouldBe,

If you do not wish to run ComboFix that's fine. There is a risk of using it if you run it alone and without the help of someone who has been trained to use it. It is a powerful tool, and is very useful for these sorts of situations.

As for MBAR, it will remove the infection automatically. It is an extremely effective anti rootkit tool so you do not need to be concerned.

[TheDarkKnight]

Please skip ComboFix as it has been compromised. Just use MBAR.

[TheDarkKnight]

You may use ComboFix as it has been fixed. Please continue with my instructions.

[TheDarkKnight]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!