Jump to content

Infected with globasearch virus/browser hijacker. Unable to remove. Help?


Recommended Posts

Hi,

 

 

Since a few days now, i've been infected with the globasearch virus/browser hijacker. I use firefox as my browser. The homepage was autoset to globasearch.com and opened up when the browser starts up. My computer and internet dragged really slow. Then i changed the homepage back to the default and it seemed to work. The computer and internet seems to have returned to its original speed. But now every time i open a new tab, it directs to globasearch. And almost every time i go to a website, or go to my mail, the page tries to redirect somewhere (but luckily firefox prevents the redirect without my consent), i'm most sure it is trying to redirect to globasearch.

 

I have tried scanning with malwarebytes anti-malware free and avast 8 (my primary antivirus) but it did not resolve the problem.

 

Source of the infection:

I downloaded a free software (monopoly usa 2013) by Ilyesoft which brought about the infection. I tried removing the software from add/remove progams but it did not do so. So i deleted the software from its installed folder. Also i did not see globasearch in the add/remove programs.

 

I've read a post regarding this infection posted by 'someone2088' on Dec 12, 2012 and assisted by 'gringo' (malwarebytes staff). Should i follow the same procedure? I was hesitant to do that since i wouldn't get support if something went wrong along the way. Please advise.

 

Any help in removing globasearch will be greatly appreciated.

 

I use winXP.

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
Don´t ever follow the instructions designed for other users!
 
 
Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply
 
 
 
Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

This contains the aswMBR log:

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-17 06:07:14
-----------------------------
06:07:14.593    OS Version: Windows 5.1.2600 Service Pack 2
06:07:14.593    Number of processors: 1 586 0xA
06:07:14.593    ComputerName: USER-5753114357  UserName: Administrator
06:07:16.828    Initialize success
06:07:17.453    AVAST engine defs: 13091500
06:08:00.843    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e
06:08:00.843    Disk 0 Vendor: ST3250310NS ____MA08 Size: 238418MB BusType: 3
06:08:00.984    Disk 0 MBR read successfully
06:08:00.984    Disk 0 MBR scan
06:08:00.984    Disk 0 Windows XP default MBR code
06:08:00.984    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        80003 MB offset 63
06:08:01.000    Disk 0 Partition - 00     0F Extended LBA            158406 MB offset 163846935
06:08:01.031    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        74998 MB offset 163846998
06:08:01.031    Disk 0 Partition - 00     05     Extended             83407 MB offset 317444400
06:08:01.062    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        83407 MB offset 317444463
06:08:01.078    Disk 0 scanning sectors +488263545
06:08:01.156    Disk 0 scanning C:\WINDOWS\system32\drivers
06:08:12.484    Service scanning
06:08:27.875    Modules scanning
06:08:38.781    Disk 0 trace - called modules:
06:08:38.812    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
06:08:38.812    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86728ab8]
06:08:38.828    3 CLASSPNP.SYS[f78a405b] -> nt!IofCallDriver -> \Device\00000061[0x8677af18]
06:08:38.828    5 ACPI.sys[f781a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-e[0x86771d98]
06:08:39.281    AVAST engine scan C:\WINDOWS
06:08:44.828    AVAST engine scan C:\WINDOWS\system32
06:10:53.828    AVAST engine scan C:\WINDOWS\system32\drivers
06:11:09.046    AVAST engine scan C:\Documents and Settings\Administrator
06:12:08.562    AVAST engine scan C:\Documents and Settings\All Users
06:12:26.093    Scan finished successfully
06:12:48.250    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
06:12:48.265    The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

 

 

Link to post
Share on other sites

Windows XP out of date

Your Microsoft Windows installation is out of date. Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure. Out-of-date Windows installations represent a risk to your system and are also a conduit for the spread of malware. You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.

Link to post
Share on other sites

I'm having trouble reaching the windows update website via internet explorer since that is the only browser that permits you to do so. The browser reports an error.

Note: Internet explorer version: 8

 

The SP3 link you've provided links to SP3 networking edition which microsoft doesn't recommend for a single pc and i could certainly use the normal and smaller SP3 since my connection isn't that quick either.

Automatic updates option doesn't bring up anything as well.

The only choice i could consider is download SP3 from an external source which will take a while.

Perhaps download.com (cnet)?

 

Is it possible to troubleshoot the globasearch problem as it is? If so i could download SP3 once the problem is resolved and get back if the problem persists.

Link to post
Share on other sites

Yes, it IS possible to troubleshoot this, but we won´t do it because with this unsafe system missing SP3 it is almost impossible to keep it long enough clean to fill all the holes.

 

The networking edition is the last version offered by microsoft to be downloaded, so please get it and update your system.

Downloading this service pack from a third party site brings the danger of being infected with other malware or even getting badly modified updates.

Link to post
Share on other sites

I have updated to winXP service pack 3.

 

Also i reset firefox which removed all traces of globasearch (redirects, new tab redirects, etc) as far as the browser is concerned.

But i am not entirely convinced that globasearch is completely gone and the pc is clean in that aspect.

 

I would like to make sure the pc is clean.

Link to post
Share on other sites

Fine! Then let´s go on:

 

 

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.