Jump to content
Metallica

Removal instructions for Znoo.net hijacker

Recommended Posts

What is the Znoo.net hijacker?

The Malwarebytes research team has determined that the Znoo.net hijacker is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.

This one uses browser shortcut hijacks and also displays advertisements.

How do I know if my computer is affected by Znoo.net hijacker?

You may see these warnings during install:

warning1.png

warning2.png

and this icon on your desktop during install:

icons.png

your browser shortcuts on the taskbar, desktop and in the Startmenu will be altered to open this site:

main.png

and the altered shortcuts will look like this in their properties:

warning3.png

How did Znoo.net hijacker get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was offered as a key-generator for several software packages.

How do I remove Znoo.net hijacker?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of Znoo.net hijacker?
  • No, Malwarebytes' Anti-Malware removes Znoo.net hijacker completely.
  • Information about manually fixing altered shortcuts can be found here
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Znoo.net hijacker hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

There will be no signs in a HijackThis log.

Possible signs in FRST logs:

 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk C:\Users\Public\Desktop\Internet Explorer.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera C:\Users\Public\Desktop\Google Chrome.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk C:\Users\Public\Desktop\Opera.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk C:\Users\Public\Desktop\Mozilla Firefox.lnkShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Tarayýcýsý'ný Baþlat.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\Public\Desktop\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.znoo.net <==== ATTENTIONShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.znoo.net <==== ATTENTION
Alterations made by the installer:

File system details [View: All details] (Selection)---------------------------------------------------    In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs       Adds the file Google Chrome.lnk"="11/12/2015 08:43, 1200 bytes, A       Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1040 bytes, A       Alters the file Mozilla Firefox.lnk        25/06/2015 08:41, 1159 bytes, A ==> 11/12/2015 08:43, 1023 bytes, A       Alters the file Opera.lnk        25/06/2015 08:43, 1135 bytes, A ==> 11/12/2015 08:43, 976 bytes, A    In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome       Alters the file Google Chrome.lnk        11/12/2015 08:39, 2218 bytes, A ==> 11/12/2015 08:43, 1206 bytes, A    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera       Adds the file Opera.lnk"="11/12/2015 08:43, 982 bytes, A    In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch       Alters the file Google Chrome.lnk        04/12/2015 08:51, 2279 bytes, A ==> 11/12/2015 08:43, 1212 bytes, A       Adds the file Internet Explorer Tarayýcýsý'ný Baþlat.lnk"="11/12/2015 08:43, 1052 bytes, A       Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1052 bytes, A       Adds the file Mozilla Firefox.lnk"="11/12/2015 08:43, 1035 bytes, A       Adds the file Opera.lnk"="11/12/2015 08:43, 988 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu       Adds the file Google Chrome.lnk"="11/12/2015 08:43, 1224 bytes, A       Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1064 bytes, A       Adds the file Mozilla Firefox.lnk"="11/12/2015 08:43, 1047 bytes, A       Adds the file Opera.lnk"="11/12/2015 08:43, 1000 bytes, A    In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar       Alters the file Google Chrome.lnk        25/06/2015 08:47, 2290 bytes, A ==> 11/12/2015 08:43, 1224 bytes, A       Alters the file Internet Explorer.lnk        24/06/2015 22:35, 1419 bytes, A ==> 11/12/2015 08:43, 1064 bytes, A       Alters the file Mozilla Firefox.lnk        25/06/2015 08:41, 1159 bytes, A ==> 11/12/2015 08:43, 1047 bytes, A       Alters the file Opera.lnk        25/06/2015 08:43, 1135 bytes, A ==> 11/12/2015 08:43, 1000 bytes, A    In the existing folder C:\Users\Public\Desktop       Alters the file Google Chrome.lnk        11/12/2015 08:39, 2183 bytes, A ==> 11/12/2015 08:43, 1188 bytes, A       Adds the file Internet Explorer.lnk"="11/12/2015 08:43, 1028 bytes, A       Alters the file Mozilla Firefox.lnk        25/06/2015 08:41, 1147 bytes, A ==> 11/12/2015 08:43, 1011 bytes, A       Alters the file Opera.lnk        25/06/2015 08:43, 1135 bytes, A ==> 11/12/2015 08:43, 964 bytes, A
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 11/12/2015Scan Time: 10:01Logfile: mbamZnooNet.txtAdministrator: YesVersion: 2.2.0.1020Malware Database: v2015.12.11.02Rootkit Database: v2015.12.07.01License: PremiumMalware Protection: DisabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: {username}Scan Type: Threat ScanResult: CompletedObjects Scanned: 311982Time Elapsed: 5 min, 1 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 1PUP.Optional.Amonetize.ShrtCln, C:\Users\{username}\Desktop\Installer.exe, Quarantined, [04cacbd84b40171f735851ffa9577a86], Physical Sectors: 0(No malicious items detected)(end)
Note: the log does not show the cleaned shortcuts, but when you see a detection with the ShrtCln addition the shortcuts were cleaned.

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.