Jump to content

Malwarebytes Not detecting virus highjacking my search engine in chrome

semeagher47

By semeagher47
in Resolved Malware Removal Logs

 Share

Recommended Posts

semeagher47

semeagher47

Posted
Posted

I seem to have gotten a search engine highjack virus. I use google chrome, but every time I search I got straight back to yahoo. I have gone to google setting and removed and made the default search engine Google, but when I search it still ends up being Yahoo.  I have run Macafee Anti Virius and Malwarebyte and neither detect anything. I also notice the top of my tab "net tab" has a different Icon then before. It used to be the google  design I am not sure what the current one is.

 

Screenshot (3).png

googleenjine.png

Malwarescan1229.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

 Hello @semeagher47

My name is Maurice. I will guide you. 

Open the Chrome browser.
Type 

chrome://settings/clearBrowserData


in the address bar.
Press “Enter.”
Select “All Time” as Time Range.
Select "Browsing history" checkbox
Select "Download history" checkbox
Select the “Cached images and files” checkbox.
Uncheck all other checkboxes.

then Click the “Clear data” button.
Chrome cache is cleared instantly.

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time, But do read all of this write-up first so that you fully understand the concept of this special run.

First download & save it guide & download link

Then be sure to close all web browsers after the download & before launching the tool.

Then go to where the EXE file is saved. Start Adwcleaner.
Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt.

Take your time and go careful. There are some preliminary selections to be set ....before pressing any 'scan' button.

When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status 

Delete IFEO keys
Reset Firewall
Delete tracing keys
Delete Prefetch files
Reset Proxy
Reset IE Policies
Reset Chrome policies
Reset Winsock
Reset HOSTS files

ADW-s-1.png.10b79266f45e06a6c674783132b9ebd6.png

Now On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan.

This can take several minutes.
When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button To remove what it found.

AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean.
Click on the “Continue” button to finish the removal process.

Guide article

Attach the clean log from Adwcleaner when all completed.

Edited by Maurice Naggar
Link to post
Share on other sites
semeagher47

semeagher47

Posted
  • Author
Posted

Hi I was away with  until last night. I seem to have fixed for my main google account but not my second google account seems to stil have the issue. I have done some further research and it seem it could a mobility-search.com  (virus or malware).  According to reddit (which I am wary of) I have delete all my active and inactive shortcuts under site search to get rid of it? I have been doing so one by one, I didn't know if there was a quicker way for when this happens again.

Screenshot_20230103_110224.png

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Regarding the screen-image-grab above, you should fill me in on the sequence of steps you followed to get to that screen display.
Now then, if I understand you properly, this is all on one Windows machine.
Only on Chrome browser.
And that you have 2 Google-accounts for logging onto Google.

I would like a report set for review. This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then Gather Logs

Have patience till the run has finished. The run may take a few minutes to finish all its reporting work.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop to your reply

Edited by Maurice Naggar
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Thank you for the ZIP reports. Next first step, is to "Turn OFF ( to DISABLE) the "fast starup" of Windows 11
See https://www.windowscentral.com/software-apps/windows-11/how-to-enable-or-disable-fast-startup-on-windows-11

When that is done, be sure to do ( from Start menu) one Power >> Shutdown >> Restart.
Having "fast startup" can complicate our efforts to fix problems.
and in any way, this Windows has been "up" for nearly coming up on 5 days straight.

I will have more for you to do later.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello. This is the next procedure. I do not see indicators of a malware infection. I do see a "policy restriction" on Chrome which we will remove. It should be a helpful action.
And as I said, there is no sign of infection. There are a few handful of scheduled tasks that are "no file" which will be removed.
This script will also clear all Cache, history, and temporary files in all web browsers.
 
Please run the following custom script. Read all of this before you start. Please Close all open work.

Once the script-run has been completed, please attach the file FIXLOG.TXT to your next reply

 

Farbar program location:   C:\Users\semea\Downloads\FRSTEnglish.exe

 

Please download the attached fixlist.txt file and save it to C:\Users\semea\Downloads

Fixlist.txt

 

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run  FRSTENGLISH and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  Depending on the speed of your computer this fix may take 30 - 40 minutes or more.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

Link to post
Share on other sites
  • 3 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.