Jump to content

Browser Hijacked

Recommended Posts

Before I powered off my laptop 05-10-2-17 near midnight California time, I updated and ran Malwarebytes free version, as is my custom. It showed, "0." But it installed something when I powered off, and something scrolled across the screen when I turned it back on. Something like:

Applying Updates . . . Registration/Machi

So I ran Malwarebytes free version again. "0" objects were detected. But opening a new tab in IE - which usually is blank according to my default setting: about:blank - displays articles and a search bar, or no articles and a search bar if connected, or error message if not connected. I copied and pasted the html code of the browser window, and ran a Farber and attached the FRST.txt and Addition.txt.






05-11-2017 8PM Upgraded to professional and ran another scan. Still no objects found.

Edited by longbeachlouise
consolidate to a single post. Upgraded to professional and ran another threat scan.
Link to post
Share on other sites

  • Root Admin

Hello @longbeachlouise


Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


Next, please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Click on Help / Troubleshooting Information then click on the Reset Firefox button.


I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome.

You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed.

Then I need you to go to >> Google Sync << and sign into your account.
Scroll down until you see the reset sync button and click on the button
At the prompt click on Ok.

Reset Your Browser Settings

  1. In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines)
  2. Select Settings.
  3. At the bottom, click Show advanced settings…
  4. Scroll down until you see “Reset settings”, Then click on the button Reset Settings.
  5. In the dialog that appears, click Reset.

Close Chrome and restart it and check it out for me please



Next, please run the following steps.

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

Download Sophos Free Virus Removal Tool and save it to your desktop.

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.



Link to post
Share on other sites

Here is the junkware:

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by Louise (Administrator) on Sat 05/13/2017 at 16:28:08.82


File System: 6

Successfully deleted: C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9798YOMH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EO8W0F9L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSYV2XUH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9798YOMH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EO8W0F9L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSYV2XUH (Temporary Internet Files Folder)


Registry: 0



Scan was completed on Sat 05/13/2017 at 16:29:11.68
End of JRT log

**************************End Junkware***********************************************************

**************************Start AdwCleaner ********************************************************


# AdwCleaner v6.046 - Logfile created 13/05/2017 at 16:13:09
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-13.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Louise - LOUISE-PC
# Running from : C:\Users\Louise\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support


***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled Tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****



:: "Tracing" keys deleted
:: Winsock settings cleared


C:\AdwCleaner\AdwCleaner[C0].txt - [768 Bytes] - [13/05/2017 16:13:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [1160 Bytes] - [13/05/2017 16:12:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [913 Bytes] ##########






Edited by longbeachlouise
Link to post
Share on other sites


Here is the FRST. Thanx for helping. Now, I'll try the IE tab. Opening fresh didn't cause redirect; opening a new session didn't cause redirect, only a new tab. Here goes: Oops! Nope! Still news articles in new tab. It was confusing. Since I had, "reset," internet explorer settings, it seems a default Microsoft homepage appeared first, with a popup screen offering to add SmartScreenFilter, or something like that, but I clicked, Remind Me later.

Then I tried to set the tab in internet options to blank, instead of the default microsoft page: http://go.microsoft.com/fwlink/p/?LinkId=255141

Maybe I was wrong all along. There is a current tab, which reads: about:NewsFeed . Is that programmed default into IE? When I clicked the Tab link under Internet Options in IE 11, I could set the tab with the pull-down menu to "Change how webpages are displayed in tabs," to blank page, now, a new tab creates a blank. I put the html code for the NewsFeed page in my first post. Does it look like an infection?


Link to post
Share on other sites

Wowl I thought, it wasn't set right. It was set to NewsFeed. But now I tried to load one of my bookmarked pages into the blank, and see what appeared!

Edit: I mean, I perceived the about:NewsFeed default Microsoft tab as an infection! It had somehow reset, and I didn't know how to set it. Or something. It might have been my big, dumb mistake.

Since I upgraded to Premium at this time, and ran all the AdwCleaners and Junkware Removal tools, I am glad of my mistake.The site I like to access is: aqmd.gov I access the air quality map every day.


Edited by longbeachlouise
to refine meaning
Link to post
Share on other sites

False alarm. I figured it out. The update that appeared, "forced," on my Windows 7 Professional operating system is the patch!

  • For customers using Windows Defender, we released an update earlier today

according to MIcrosoft, May 12th, 2017: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Microsoft must have pushed the update, where I am used to receiving ample warning via the HP Envy 7640 series software. So, it concerned me to have an update forced on me, and changed the settings of my new tab to about:NewsFeed.

@ AdvancedSetup, if you say my laptop looks clean, I'll move on from here.

Thank you.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.