Author Topic: browser hijacked by - SearchSettings.exe  (Read 20301 times)

0 Members and 1 Guest are viewing this topic.

bart1048

  • Guest
browser hijacked by - SearchSettings.exe
« on: June 05, 2013, 10:11:03 AM »
HI
I recently downloaded a piece of software throe cent download and my Google chrome search engine had changed to yahoo and i notice also ther are some new extensions installed as well. I than noticed that my task bar is flashing a new software called SearchSettings.exe.
After researching it and establishing that is a browser hijacked, i found a thread on Google forum that suggested to remove the folder in  program files containing the SearchSettings.exe and un-installing it.
I did that and removed the extensions and changed the default  search engine back to chrome i than scaned the system with my avast software and browser clean-up and run a adw cleaner scan as well.

Every thing looks ok now however im a bit concerned is my browser safe to use now as i use this computer for online banking???

Please Advise.
« Last Edit: June 05, 2013, 10:13:37 AM by bart1048 »

gen-hackman

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #1 on: June 05, 2013, 12:27:42 PM »
Hello

Accommodate your adwcleaner report on http://cjoint.com and give the link obtained in exchange here ( dont write your email on cjoint.com )

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: browser hijacked by - SearchSettings.exe
« Reply #2 on: June 05, 2013, 01:54:14 PM »
Scan using MBAM as well. I know it has a good history with infections. Although I'm not sure about Toolbars.

And Attach the .txt files of MBAM and any other cleaners you use for inspection of Essex or another Techie
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

gen-hackman

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #3 on: June 05, 2013, 02:19:29 PM »
I prefer to see in the first one the report of adwcleaner, malwarebytes detect much fewer things than adwcleaner in adware

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: browser hijacked by - SearchSettings.exe
« Reply #4 on: June 05, 2013, 02:21:46 PM »
I know, that's why I said not sure how it does against Toolbars. I wouldn't mind having a look either. Looking to learn about viruses without actually catching one.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

gen-hackman

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #5 on: June 05, 2013, 02:25:07 PM »
And then there will be still rests to remove with diagnostic one followed of a script personalized to return the totally clean browsers

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: browser hijacked by - SearchSettings.exe
« Reply #6 on: June 05, 2013, 02:40:06 PM »
We should probably just let Essex take care of him. Instead of us giving different information.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

gen-hackman

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #7 on: June 05, 2013, 02:44:05 PM »
 I know what I'm doing, I know the infections, their way of functioning, I am to devoloppeur of tools of desinfection and I have 130 000 comments on other forums of desinfection

bart1048

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #8 on: June 05, 2013, 08:12:41 PM »
the link to the adwcleaner report sorry its in polish couldn't find the language options :)
http://cjoint.com/13jn/CFfufb3x4vg.htm

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37599
  • Not a avast user
Re: browser hijacked by - SearchSettings.exe
« Reply #9 on: June 05, 2013, 08:26:27 PM »
follow essexboys guide.   http://forum.avast.com/index.php?topic=53253.0

and then you will also get help from a trained and certified malware remover.   ;)


bart1048

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #10 on: June 05, 2013, 08:39:11 PM »

bart1048

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #11 on: June 05, 2013, 08:44:12 PM »

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: browser hijacked by - SearchSettings.exe
« Reply #12 on: June 05, 2013, 08:50:07 PM »
You look to have cleared it all ... Are you experiencing any problems ?

gen-hackman

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #13 on: June 05, 2013, 08:57:47 PM »
AswMBR is not useful everytime. it is useless to use tools when we are not sure that they are essential to the disinfection

.... OK....

Redo OTL with this configuration please :

If you have XP = > double click
If you have Vista or Windows 7 / 8 = > right click "as administrator"

On OTL.exe to Launch it.

Click here to configure it : http://www.archive-host.com/files/1897388/ecd939269bcc7cdfed2d2e726c22709a32db3067/OTL.PNG

Copy and Paste the contents of what follows in bold face in the bottom of OTL "Customization"("Personalization")

HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndisuio.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT


Click on "Analyse"

At the end of the scan, the Pad is going to open with the report (OTL.txt) and (Extras.txt).

This file is on your Desktop.

Give the links of both files onto cjoint.com
« Last Edit: June 05, 2013, 09:12:02 PM by g3n-h@ckm@n »

bart1048

  • Guest
Re: browser hijacked by -
« Reply #14 on: June 05, 2013, 09:02:46 PM »
No everything looks ok.
The deleting of the SearchSettings.exe and removing extensions in chrome seemed to do the trick and after i scanned the system and run adwcleaner and system restarted it all looked good.
I just want to be certain the computer is safe to use.
Because if there's doubts i would probably format and reinstall the system however i would prefer not to since it would take ages to instil all the software and games back on :)