Firefox search hijacked

[SandEagle]

im running. firefox 8 on vista x64. every time i run a google searj, it refirects to uniquesearchsystem.com or a few variants along the same line.

ive tried avg, malwarebytes, ms security essentials, tdskiller, adaware, etc. nothing works. i uninstalled and reinstalled, but problem is still there. any other suggestions?

 

[yhelothar]

May I introduce you to my good buddy, System Restore?
http://forums.anandtech.com/showthread.php?t=2205353&highlight=

 

[boochi]

Check the hosts file for anything that should not be there like the sites you listed.

 

[SandEagle]

May I introduce you to my good buddy, System Restore?
http://forums.anandtech.com/showthread.php?t=2205353&highlight=

i didn't set any restore points

 

[mechBgon]

im running. firefox 8 on vista x64. every time i run a google searj, it refirects to uniquesearchsystem.com or a few variants along the same line.

ive tried avg, malwarebytes, ms security essentials, tdskiller, adaware, etc. nothing works. i uninstalled and reinstalled, but problem is still there. any other suggestions?

Sure. Post a HijackThis log, and/or paste the text into http://hijackthis.de for an automagic analysis.

It's also possible that there's been monkeyshines with DNS somewhere besides on your computer itself. What's your network setup... are you behind a router, or on a college network, or what? If you have a router, did you change the default password so it couldn't be reprogrammed via a scripted attack? (yes that happens)

 

[Deathhorse]

oh crappy i used a few programs to remove a browser hijack

superantispyware
malware bytes
avast
simply super trojan detector.

the last thing i used was a burned copy of some bootup disk that scans the comp before everything loads. Dont member where it came from though

 

[mechBgon]

the last thing i used was a burned copy of some bootup disk that scans the comp before everything loads. Dont member where it came from though

That's another good step, here's a couple to try:

Kaspersky: http://support.kaspersky.com/faq/?qid=208282173

Avira / AntiVir: http://www.avira.com/en/support-download-avira-antivir-rescue-system

 

[MacLeod1592]

i didn't set any restore points

Windows sets its own restore points automatically whenever you change something significant in your system. Ive had to go back and restore a time or two and have never set a restore point myself but there was always one ready to go.

 

[mechBgon]

Once you're done, also install Secunia PSI and run a scan to see if your various software needs security updates. Chances are about 98% that you do and out-of-date software is one of the ways your system can get pwned like it did, so PSI will help fix that.

Also install Microsoft EMET and use it to 1) configure system defenses, and 2) protect Internet-aware software. I have some info on that here, very easy to use.

A couple other suggestions...

Max out UAC like this pic (Start > Control Panel > User Accounts And Family Safety > User Accounts > Change User Account Control Settings). Contrary to popular belief, this actually does not kill you ()

Java is one of the most heavily-exploited softwares lately. If you have it installed but don't need it, uninstall it. If you do need it (for a torrent client or something), but not for Web use per se, disable Java support in Firefox so it can't be exploited via the browser.

 

[Slugbait]

My nephew's machine got hit by similar (or same) malware a couple of months ago, we discussed it here: http://forums.anandtech.com/showthread.php?t=2193380.

You've already tried tdsskiller, so if this really is Alureon it could mean several things, such as the MBR cannot be cleaned, or DNS Changer hit your router. Try the following instructions to see if you're compromised by DNS Changer: http://www.theregister.co.uk/2011/11/14/tdss_drops_dns_changer/

Some malware is just impossible to get rid of...this malware is a good example. You may need to flatten your box.

The people responsible were arrested last week.

 

[PowerYoga]

I'm a bit paranoid myself, so if I ever get infected with some malware i usually backup my data and reformat. Never really know if there are lingering backdoors if you just use spybot or AV to clean.

 

[SandEagle]

it also redirects to noblesearchsystem.com. here's a link where others are having same issue
http://support.mozilla.com/en-US/questions/896834

thanks MechBgon and all for the info. will look into it

 

[mechBgon]

Looking into it briefly, it sounds rootkit-protected, so the malware can cloak itself from conventional methods of detection. One way to outmaneuver this tactic is the aforementioned bootable scanning CDs.

Kaskersky also maintains a dedicated detector for a specific, extra-tough rootkit called TDSS or TDL-4. You can get that from here: http://support.kaspersky.com/faq/?qid=208283363 (there's a link to the Zip file near the bottom). If it'll run, then click "Change parameters," check all four checkboxes, and run it. It won't take long.