Help! I'm being hijacked!igoogle is my Homepage. If I am on the page and navigate away, I get the following message: are you sure you want tp navigate away from this page? No mater what if i say yes or no, I am directed to this URL:http://adf.ly/locked/ACaOZI have deleted cookies and temp files, blocked all pop ups, done eveything I know how. I can also have the page open, and be on another page, and I see the page is active and that pop up appears. How can I get rid of it?!?!?!?!?
Computer OS: Windows 7
deleting temp files and cookies
blocking all pop ups on the home page
Hi my name is XXXXXX, X would like to assist you with your question. I am an expert here on JustAnswer.com in the computer field. How are you doing today?
It sounds like you may be infected with Malware of Some Sort.
Let's try a few different things to resolve this :)
There are a couple different things we can test out that should help out.First add our chat to your favorites.Once you have our chat saved to your favoritesHold the Windows Key (Looks like a flag on the keyboard) and press RIn the Runbox type msconfig and push enterClick the Startup TabPress Disable ALLPress ApplyClick on the Services Tab.Check the box to "Hide Microsoft Items"Click Disable All once againPress Apply and OKReboot the computer.After the computer has rebooted return to our chat.Next we want to double check to make sure no Spyware has infected your computer.Let's download this file http://tinyurl.com/jeremymbamIf this link prompts you to "Run or Save" choose "Run"Install this application it is called MalwarebytesAt the end of the installation it will automatically openWhen it opens click the "Decline" message for the trial.Choose the Quick ScanThe Scan may take a while depending on how many files are on the computer.Once it is finished if any infections have been found click the "Remove Selected" buttonThis will reboot your computer.Try to run Malwarebytes at least once a monthIt created a shortcut on your desktop that you can access at anytime if your computer is acting funny
(sorry about the above novel I wrote you :) )
Let's try these two steps above, this should remove it.
If it would be okay with you, I can convert our chat to a Q&A this will make it easier to read my steps above ?
Our chat has ended, but you can still continue to ask me questions here until you are satisfied with your answer. Come back to this page to view our conversation and any other new information. What happens now? If you haven’t already done so, please rate your answer above. Or, you can reply to me using the box below.
Deborah, try the above steps, if this does not resolve the issue let me know so we can continue to narrow down where the infection is hiding :)
Deborah, were you able to test out the above steps? I am still here for you, I have seen your multiple questions, they have been closed out, I did not want you to get charged for the additional questions. Use this chat here to respond to me.If the above does not work please respond to me so we can continue troubleshooting :)
Hi Deborah I just seen your latest question :)Let's try this.Turn off your computerTurn the computer back on.Rapidly press F8 on your computer when it turns back on. It should bring up a menu with different choicesYou want to choose Safe Mode use your arrow keys and the enter key on the keyboard to select this.If it asks which user name you want to login to choose your own account.Double click the Malwarebytes and run a full scan in Safe ModeReboot and everything should be A-OK :)
Thanks. I'll be in touch after I try this.
This is not good. I performed the full scan in safe mode and it came back clean. I know it is still there, because when i was logging off to follow your instructions, I got the pop off and re-direct. this is also on my work computer. It only hijacks my Igoogle page, which is my home page. Not g-mail, or anything else google...
Have you added any Gadgets to Igoogle lately that could of cause this issue?Take a look at this Deborah, this is your iGoogle settings.See if there is anything strange in here, if so delete ithttp://www.google.com/ig/settings
OK...there was one thing that looked kinda funky. I did remove it. Let me give it a couple of hours and I'll be in touch.
Sounds great, Thanks Deborah, i'll be standing by
IT IS STILL THERE! It just popped up. And no, I didn't add anything to my iGoogle. it has been the same for some time.
Deborah, can you test something for me while I try to duplicate your problem?Download and install Firefox from this likehttp://tinyurl.com/jeremyfirefoxdownloadIf it asks to run or save choose RunI want to see if the issue is IE related or if it occurs in Firefox as well to better narrow it down.
ok...going to install. but it will be a little while before it happens...if it happens. it is sneaky. it won't hijack on the first attempt or even the second or third...and it's not always on the same attempt. Very sneaky...
Sounds like it :) You may even want to scan Malwarebytes once again in Normal Mode (the mode you are currently booted into) to see if it picks it up again
Also on Internet Explorer let's disable all plugins to see if that helpsClick Tools then choose Internet Options (if you do not see tools press alt on the keyboard to reveal this menu)Click the Programs TabClick Manage AddonsDisable everything EXCEPT Microsoft Items, Adobe Items, Sun Microsystem Items, and Apple ItemsThen click the Search Providers on the leftMake sure nothing strange is set as your default provider, if it is click on a trusted provider then choose Set as Default Then you want to click on the strange provider (if applicable) and press Remove to delete it
don't know if you received my message about firefox, because I didn't get returned to the "waiting room." if you did get it, read no further, If you didn't here's what I send.I went to set igoogle as my home page and got a certificate warning. when I opted for exception, I got another warning that said the certificate was for a different site. I backed out. Is this my issue???
(just seen your message as I was writing this below) A certificate error could either be from an incorrect date, time or timezone set on the computer, (double click the clock in the bottom right hand corner of the screen to check this, if it's incorrect manually adjust to fix this) Or it could be the malware trying to redirect and Firefox is preventing it. We need to run 2 different scanners One scanner we should use that I was thinking of is TDSS KillerClick this link http://tinyurl.com/jeremytdssIf it asks to run or save choose RunWhen it opens Double click the TDSSKiller.exe file and press openWhen it opens press the Start Scan button Reboot Then click this file http://tinyurl.com/jeremyhitman If it asks to run or save choose Run This program is a 30 day trial, but it will work for what we need it to do today, I would recommend just using the trial, but that's just me (I'm cheap :) ) Scan with both above tools and see what happens. Let's see if this helps :)
OK...Kaspersky found nothing. hitman (btw, I needed 64 bit ) Anyway, hitman found 5 cookies and removed them all, though 3 were allegedly from Microsoft, 2 from Firefox. So...let's wait and see
Ahh sorry about that Let's see what happens.
OK...i just got the same thing on firefox. this is insidious!
Can you check something for me?Click Start, then choose RunIn the runbox type notepadClick File then openIn the filename box type C:\windows\system32\drivers\etc\hosts then push enterCan you copy and paste the contents to me?
# XXXXX (c) 1993-2009 Microsoft Corp.## XXXXX is a sample HOSTS file used by Microsoft TCP/IP for Windows.## XXXXX file contains the mappings of IP addresses to host names. Each# XXXXX should be kept on an individual line. The IP address should# XXXXX placed in the first column followed by the corresponding host name.# XXXXX IP address and the host name should be separated by at least one# XXXXX## XXXXX comments (such as these) may be inserted on individual# XXXXX or following the machine name denoted by a '#' symbol.## XXXXX example:## 126.96.36.199 rhino.acme.com # XXXXX server# 188.8.131.52 x.acme.com # XXXXX client host# XXXXX name resolution is handled within DNS itself.# 127.0.0.1 localhost# ::1 localhost
Let's check something else.In Internet ExplorerClick Tools then Internet OptionsClick the connections tabchoose Lan SettingsWhat information do you see under here?
nothing. no options are selected on anything
Try this one Deborahhttp://tinyurl.com/jeremytdss2This is a stubborn little bugger :)
I would also check thisOpen Internet Explorer.Click Tools then choose Internet OptionsClick the Advanced TabClick Restore Advanced Settings press ApplyClick Reset click Reset again to confirmClick the General TabClick Delete under browser historyClick Delete to confirmClick this link http://tinyurl.com/jeremytfcIf it asks to run or save choose RunUse this to delete all temporary files then Reboot
OK...all temp files removed. Hope this gets the bugger! I'll be in touch
Thanks Deborah, if I dont hear from you the rest of the night have a wonderful night :)
you too! hope this does the trick!
You won't believe this. yes, it is still here. Let's deal with this tomorrow.
Deborah I have came to the conclusion it must be an add-on on IGoogle's end.Mind if we test something? we'll backup your Igoogle first, but I think something addon or Gadget has been hacked into causing this re-direct.http://www.google.com/ig/settingsVisit this page.Click BackupThen click the Reset buttonThis will reset Igoogle to defaults. You can restore it by visiting the same page http://www.google.com/ig/settingsThen choosing a previous backup.If it works after the Reset I would recommend restoring it to the previous backup and manually delete each addon/gadget to narrow it down.The good news is the malware is not actually on your computer, somehow a gadget got hacked and it redirects you.
I just rebuilt it from scratch. Time for a change anyway. We'll give this a whirl, and I'll be in touch. Thanks for your patience and persistence!!!!
No problem Deborah :)
Holy Moley...I think we've got it! Haven't been slammed all day! That little bugger just wouldn't let go. We deleted the malware (2 of 'em) on the initial scan, but it still left something behind. Whatever, it's gone now. Thanks again for your persistance and patience. You're a good one!
I try my hardest and never give up :)Thanks for sticking with me If you get a sec make sure to rate the question and choose excellent service ;)Thanks Deborah!Jeremy
Computer Issues? Let my 14 years experience work to solve your toughest issue. Simple and Fast.
I tried to read your response to my question about your rating and my tip, but when I clicked the link, it was "locked by customer service." can we try again? I want to make sure you get credit..and the bucks
I made sure, I closed out the other question so you would not be double billed :)
OK. Thanks! You're the best!
Not a problem at all, come see me if you ever need anything Deborah :)