browser hijack

[donnydave]

I am not very good with computers being in my 60,s but I have a virus/trojan called Qsearch.com lurking on my computer? none of my virus remover progammes are able to remove it because it acts like a browser, as soon as I go onto the internet Qsearch.com takes over from google. I have managed to stop it by asking avast to block it from loading then clicking on google to make google my search engine, but as soon as I close my browser and start up again it reappears. I was told on youtube that if I scan with Superantispyware, then Malwarebytes and the with Kapinsky this will remove it, but when I tried loading Kapinsky anti spyware, Avast closed my computer down. This Qsearch.com is well known on the internet as a browser hijacker why can not Avast remove it?HELP please!I am using mozilla firefox.

[essexboy]

Hi there this normally needs to be removed manually

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
 Double click the aswMBR.exe to run it  Click the "Scan" button to start scan 



On completion of the scan click save log, save it to your desktop and post in your next reply

[donnydave]

Thank you for your quick reply I did as you suggested, but the notepad windows did not appear, and they are not with OTL in my downloads, so I am going to give it another try I think the CREATRESTOREPOINT was missing of my copy and paste

Will this process be affected by me having the URL for Qsearch blocked?

[Pondus]

as instructed above..


Download OTL  to your Desktop
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

[donnydave]

Something bad is happening I can not access my documents anymore and I have had trouble even getting back on this forum?

[true indian]

Try this:

Download RogueKiller to your desktop
 

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and validate
  
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe  

Please post the contents of the RKreport.txt in your next Reply.

[donnydave]

Wow I am back I thought all my files had been wiped clean nothing would come up, even accessories
was showing empty so I could not get to system restore? I rebooted and system restore came back so I restored back to early December 2011 and everything seems to be  working except all my passwords for forums need resetting, but so far Qsearch seems to have vanished, if I have to use the procedure you recommended I will get my son to do it because he his more competent than me
Thank you for your time and advice.

[true indian]

this is essexboy post i just quoted it.....he is the guy to be thanked first!