Jump to content

New malware attack by Trojan.BrowserHijack


Go to solution Solved by nasdaq,

Recommended Posts

 

I've been infected by the damn Trojan.BrowserHijack malware. I have already installed malwarebytes, I have spent it several times these days and the Trojan.BrowserHijack continues to appear again and again, I can't write with accent in Spanish, it also hides the hidden folders and it generates some files with this path: C: \ ProgramData \ Tqzq… Other software  points to rundll32 in C: \ Windows \ SysWOW64. And in the task manager I open 2 or 3 empty tasks that point here C: \ Windows \ SysWOW64 \ svchost.exe
 

 

malwarebytes english.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====


 

  • Thanks 1
Link to post
Share on other sites

Hello! @nasdaqI don't know how,  I can't download frst.exe on English. Anyway, I tried to translate the some parts of the logs. Just in case, I attached both.

And yes, the problems  persits. when I see that the windows explorer automatically hides the hidden folders and I cannot write accents, I unhide programdata, and I quarantine the "tqzq" folder. or delete it. but it appears again in a few minutes.

Addition english.txt Addition.txt FRST ENGLISH.TXT FRST.txt

Link to post
Share on other sites

  • Solution

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

AV: ESET Security (Enabled - Up to date)

AV: Norton Security (Disabled - Out of date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}

I suggest you remove Norton using their Uninstaller.

Download and run their uninstaller tool from this site.
https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

Restart the computer when the removal is completed.
-----

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

The files Malwarebytes is reporting are Quarantined.
Not causing any issues. Delete it.

How to Delete/Restore quarantined files.
https://support.malwarebytes.com/hc/en-us/articles/360038479214-Quarantine-or-restore-items-with-Malwarebytes-for-Windows-v4

Follow the directives on the page to delete all the files.
<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

  • Thanks 1
Link to post
Share on other sites

Hello. Good afternoon

Thanks a lot for the time spent.

after updating malwarebytes It had a different log report. And then the problem went off. Anyway, I've done all your recommendations.

 I attached to you the malwarebytes log when the problem disappeared, and the last log, after follow your recommendations.
And the log of frst too

malware log8.txt malware log9.txt Fixlog.txt

Link to post
Share on other sites

Hello @djsuzukid 

You can proceed with cleanup of tools  used.

To remove the FRST64 tool & its work files, do this. Go to your C: \ Users \ ariel \ OneDrive \ Desktop \ frst folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to

UNINSTALL.exe

.
Then run that ( double click on it) to begin the cleanup process.
Best regards.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.