Jump to content

Hijack.Globalsearch.C


Recommended Posts

Hi everyone

 

Silly me, i was installing a few programs i needed and somehow i didn't noticed one of those "if you press next you accept to install a lot of garbage on your pc"

 

Thing is im using windows 10 and Microsft Edge doesn't even have addons yet, so it's looking kind of harmless, problem is that everytime i restart my computer Mbam detects 6 buggies:

 

Registry Keys: 2
PUP.Optional.GlobalSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [b28bcbe09deea98dccbd07b8b949ce32], 
 
PUP.Optional.GlobalSearch.ShrtCln, HKU\S-1-5-21-1440628858-3412619246-2608770312-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [6fceb5f66a21b77f7315932cbf43a35d], 
 
Registry Values: 2
PUP.Optional.GlobalSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.globasearch.com/?serie=211&installkey=EGFGP3x5YTy48ctwsf0n&b=3&q={searchTerms},, [b28bcbe09deea98dccbd07b8b949ce32]
 
PUP.Optional.GlobalSearch.ShrtCln, HKU\S-1-5-21-1440628858-3412619246-2608770312-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.globasearch.com/?serie=211&installkey=EGFGP3x5YTy48ctwsf0n&b=3&q={searchTerms},, [6fceb5f66a21b77f7315932cbf43a35d]
 
Registry Data: 2
Hijack.GlobaSearch.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.globasearch.com/?serie=211&b=3&installkey=EGFGP3x5YTy48ctwsf0n, Good: (www.google.com), Bad: (http://www.globasearch.com/?serie=211&b=3&installkey=EGFGP3x5YTy48ctwsf0n),,[36077d2e8efd46f01d7f3e5a7292b848]
 
Hijack.GlobaSearch.C, HKU\S-1-5-21-1440628858-3412619246-2608770312-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.globasearch.com/?serie=211&b=3&installkey=EGFGP3x5YTy48ctwsf0n, Good: (www.google.com), Bad: (http://www.globasearch.com/?serie=211&b=3&installkey=EGFGP3x5YTy48ctwsf0n),,[b88508a3a7e4b87eb0eb0791be46c43c]
 
 
This 6 things can be deleted with Mbam or manually it doesn't matter as you restart they will repappear, so i guess there is a process running at the startup thats creating them, but i have checked in all the startup folders and registry keys i can  find and there is nothing at all, so i dont know where this littly bugger is hiding, maybe anyone knows how to get rid of this thing?
 
Thanks in advance
Link to post
Share on other sites

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and upload your next reply.
Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Link to post
Share on other sites

Since there are no more problems, we can declare this PC clean thumbs_up_smiley.gif

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.

Step 1. - Creation of system restore point and tools removal.

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.
Tool deletes old system restore points and creates a fresh system restore point after cleaning.

Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.

Security tips - highly recommended reading:

Maintenance tips:Additional software that I personally use and install on all my clients devices:
  • Malwarebytes' Anti-Malware (paid version highly recommended) - to scan your system from time to time in search for malware.
  • Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
  • McShield - to prevent infections spread by removable media.
  • Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
  • Adblock - to surf the web without annoying ads!
  • Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: btn_donateCC_LG.gif

Thank you!

Stay safe,

TwinHeadedEagle :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.