How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Jeremy Your Own Question

Jeremy
Jeremy, Computer Repairer
Category: Computer
Satisfied Customers: 3126
Experience:  Computer Issues? Let my 14 years experience work to solve your toughest issue. Simple and Fast.
62669195
Type Your Computer Question Here...
Jeremy is online now
A new question is answered every 9 seconds

Help! Im being hijacked! igoogle is my Homepage. If I am

Customer Question

Help! I'm being hijacked!
igoogle is my Homepage. If I am on the page and navigate away, I get the following message: are you sure you want tp navigate away from this page? No mater what if i say yes or no, I am directed to this URL:
http://adf.ly/locked/ACaOZ
I have deleted cookies and temp files, blocked all pop ups, done eveything I know how. I can also have the page open, and be on another page, and I see the page is active and that pop up appears. How can I get rid of it?!?!?!?!?
Submitted: 2 years ago.
Category: Computer
Expert:  Jeremy replied 2 years ago.

BestComputerExpert :

Hi my name isXXXXX would like to assist you with your question. I am an expert here on JustAnswer.com in the computer field.

How are you doing today?

BestComputerExpert :

It sounds like you may be infected with Malware of Some Sort.

BestComputerExpert :

Let's try a few different things to resolve this :)

BestComputerExpert :

There are a couple different things we can test out that should help out.

First add our chat to your favorites.

Once you have our chat saved to your favorites

Hold the Windows Key (Looks like a flag on the keyboard) and press R

In the Runbox type msconfig and push enter

Click the Startup Tab

Press Disable ALL

Press Apply

Click on the Services Tab.

Check the box to "Hide Microsoft Items"

Click Disable All once again

Press Apply and OK

Reboot the computer.

After the computer has rebooted return to our chat.

Next we want to double check to make sure no Spyware has infected your computer.

Let's download this file http://tinyurl.com/jeremymbam

If this link prompts you to "Run or Save" choose "Run"

Install this application it is called Malwarebytes
At the end of the installation it will automatically open

When it opens click the "Decline" message for the trial.

Choose the Quick Scan

The Scan may take a while depending on how many files are on the computer.

Once it is finished if any infections have been found
click the "Remove Selected" button

This will reboot your computer.

Try to run Malwarebytes at least once a month

It created a shortcut on your desktop that you can access at anytime if your computer is acting funny

BestComputerExpert :

(sorry about the above novel I wrote you :) )

BestComputerExpert :

Let's try these two steps above, this should remove it.

BestComputerExpert :

If it would be okay with you, I can convert our chat to a Q&A this will make it easier to read my steps above ?

Expert:  Jeremy replied 2 years ago.
Our chat has ended, but you can still continue to ask me questions here until you are satisfied with your answer. Come back to this page to view our conversation and any other new information.

What happens now?

If you haven’t already done so, please rate your answer above. Or, you can reply to me using the box below.
Expert:  Jeremy replied 2 years ago.
Deborah, try the above steps, if this does not resolve the issue let me know so we can continue to narrow down where the infection is hiding :)
Expert:  Jeremy replied 2 years ago.
Deborah, were you able to test out the above steps? I am still here for you, I have seen your multiple questions, they have been closed out, I did not want you to get charged for the additional questions.

Use this chat here to respond to me.

If the above does not work please respond to me so we can continue troubleshooting :)
Expert:  Jeremy replied 2 years ago.
Hi Deborah I just seen your latest question :)

Let's try this.

Turn off your computer

Turn the computer back on.

Rapidly press F8 on your computer when it turns back on. It should bring up a menu with different choices

You want to choose Safe Mode use your arrow keys and the enter key on the keyboard to select this.

If it asks which user name you want to login to choose your own account.

Double click the Malwarebytes and run a full scan in Safe Mode

Reboot and everything should be A-OK :)
Customer: replied 2 years ago.
Thanks. I'll be in touch after I try this.
Customer: replied 2 years ago.

This is not good. I performed the full scan in safe mode and it came back clean. I know it is still there, because when i was logging off to follow your instructions, I got the pop off and re-direct. this is also on my work computer. It only hijacks my Igoogle page, which is my home page. Not g-mail, or anything else google...


What now?

Expert:  Jeremy replied 2 years ago.
Have you added any Gadgets to Igoogle lately that could of cause this issue?

Take a look at this Deborah, this is your iGoogle settings.

See if there is anything strange in here, if so delete it

http://www.google.com/ig/settings
Customer: replied 2 years ago.

OK...there was one thing that looked kinda funky. I did remove it. Let me give it a couple of hours and I'll be in touch.


 


thanks!

Expert:  Jeremy replied 2 years ago.
Sounds great, Thanks Deborah, i'll be standing by
Customer: replied 2 years ago.

IT IS STILL THERE! It just popped up. And no, I didn't add anything to my iGoogle. it has been the same for some time.


what now?

Expert:  Jeremy replied 2 years ago.
Deborah, can you test something for me while I try to duplicate your problem?

Download and install Firefox from this like

http://tinyurl.com/jeremyfirefoxdownload

If it asks to run or save choose Run

I want to see if the issue is IE related or if it occurs in Firefox as well to better narrow it down.
Customer: replied 2 years ago.
ok...going to install. but it will be a little while before it happens...if it happens. it is sneaky. it won't hijack on the first attempt or even the second or third...and it's not always on the same attempt. Very sneaky...
Expert:  Jeremy replied 2 years ago.
Sounds like it :)

You may even want to scan Malwarebytes once again in Normal Mode (the mode you are currently booted into) to see if it picks it up again
Expert:  Jeremy replied 2 years ago.
Also on Internet Explorer let's disable all plugins to see if that helps

Click Tools then choose Internet Options (if you do not see tools press alt on the keyboard to reveal this menu)

Click the Programs Tab

Click Manage Addons

Disable everything EXCEPT Microsoft Items, Adobe Items, Sun Microsystem Items, and Apple Items

Then click the Search Providers on the left

Make sure nothing strange is set as your default provider, if it is click on a trusted provider then choose Set as Default

Then you want to click on the strange provider (if applicable) and press Remove to delete it
Customer: replied 2 years ago.
don't know if you received my message about firefox, because I didn't get returned to the "waiting room." if you did get it, read no further, If you didn't here's what I send.
I went to set igoogle as my home page and got a certificate warning. when I opted for exception, I got another warning that said the certificate was for a different site. I backed out. Is this my issue???
Expert:  Jeremy replied 2 years ago.
(just seen your message as I was writing this below)

A certificate error could either be from an incorrect date, time or timezone set on the computer, (double click the clock in the bottom right hand corner of the screen to check this, if it's incorrect manually adjust to fix this)

Or it could be the malware trying to redirect and Firefox is preventing it.

We need to run 2 different scanners

One scanner we should use that I was thinking of is TDSS Killer

Click this link http://tinyurl.com/jeremytdss

If it asks to run or save choose Run

When it opens Double click the TDSSKiller.exe file and press open

When it opens press the Start Scan button

Reboot

Then click this file http://tinyurl.com/jeremyhitman

If it asks to run or save choose Run

This program is a 30 day trial, but it will work for what we need it to do today, I would recommend just using the trial, but that's just me (I'm cheap :) )

Scan with both above tools and see what happens.

Let's see if this helps :)



Customer: replied 2 years ago.
OK...Kaspersky found nothing. hitman (btw, I needed 64 bit Cool) Anyway, hitman found 5 cookies and removed them all, though 3 were allegedly from Microsoft, 2 from Firefox. So...let's wait and see
Expert:  Jeremy replied 2 years ago.
Ahh sorry about that Sealed

Let's see what happens.
Customer: replied 2 years ago.
OK...i just got the same thing on firefox. this is insidious!
Expert:  Jeremy replied 2 years ago.
Can you check something for me?

Click Start, then choose Run

In the runbox type notepad

Click File then open

In the filename box type C:\windows\system32\drivers\etc\hosts then push enter

Can you copy and paste the contents to me?
Customer: replied 2 years ago.
# XXXXX (c) 1993-2009 Microsoft Corp.
#
# XXXXX is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# XXXXX file contains the mappings of IP addresses to host names. Each
# XXXXX should be kept on an individual line. The IP address should
# XXXXX placed in the first column followed by the corresponding host name.
# XXXXX IP address and the host name should be separated by at least one
# XXXXX
#
# XXXXX comments (such as these) may be inserted on individual
# XXXXX or following the machine name denoted by a '#' symbol.
#
# XXXXX example:
#
# 102.54.94.97 rhino.acme.com # XXXXX server
# 38.25.63.10 x.acme.com # XXXXX client host

# XXXXX name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Expert:  Jeremy replied 2 years ago.
Let's check something else.

In Internet Explorer
Click Tools then Internet Options

Click the connections tab

choose Lan Settings

What information do you see under here?
Customer: replied 2 years ago.
nothing. no options are selected on anything
Expert:  Jeremy replied 2 years ago.
Try this one Deborah

http://tinyurl.com/jeremytdss2

This is a stubborn little bugger :)
Expert:  Jeremy replied 2 years ago.
I would also check this

Open Internet Explorer.

Click Tools then choose Internet Options

Click the Advanced Tab

Click Restore Advanced Settings press Apply

Click Reset click Reset again to confirm

Click the General Tab

Click Delete under browser history

Click Delete to confirm

Click this link http://tinyurl.com/jeremytfc

If it asks to run or save choose Run

Use this to delete all temporary files then Reboot
Customer: replied 2 years ago.
OK...all temp files removed. Hope this gets the bugger! I'll be in touch
Expert:  Jeremy replied 2 years ago.
Thanks Deborah, if I dont hear from you the rest of the night have a wonderful night :)
Customer: replied 2 years ago.
you too! hope this does the trick!
Expert:  Jeremy replied 2 years ago.
Me too Sealed
Customer: replied 2 years ago.

You won't believe this. yes, it is still here. Let's deal with this tomorrow.


 


Good night.

Expert:  Jeremy replied 2 years ago.
Deborah I have came to the conclusion it must be an add-on on IGoogle's end.

Mind if we test something? we'll backup your Igoogle first, but I think something addon or Gadget has been hacked into causing this re-direct.

http://www.google.com/ig/settings

Visit this page.

Click Backup

Then click the Reset button

This will reset Igoogle to defaults.

You can restore it by visiting the same page

http://www.google.com/ig/settings

Then choosing a previous backup.

If it works after the Reset I would recommend restoring it to the previous backup and manually delete each addon/gadget to narrow it down.

The good news is the malware is not actually on your computer, somehow a gadget got hacked and it redirects you.
Customer: replied 2 years ago.
I just rebuilt it from scratch. Time for a change anyway. We'll give this a whirl, and I'll be in touch. Thanks for your patience and persistence!!!!
Expert:  Jeremy replied 2 years ago.
No problem Deborah :)
Customer: replied 2 years ago.
Holy Moley...I think we've got it! Haven't been slammed all day! That little bugger just wouldn't let go. We deleted the malware (2 of 'em) on the initial scan, but it still left something behind. Whatever, it's gone now. Thanks again for your persistance and patience. You're a good one!
Expert:  Jeremy replied 2 years ago.
I try my hardest and never give up :)

Thanks for sticking with me

Tongue out

If you get a sec make sure to rate the question and choose excellent service ;)

Thanks Deborah!

Jeremy
Jeremy, Computer Repairer
Category: Computer
Satisfied Customers: 3126
Experience: Computer Issues? Let my 14 years experience work to solve your toughest issue. Simple and Fast.
Jeremy and 5 other Computer Specialists are ready to help you
Customer: replied 2 years ago.

Hi Jeremy,


 


I tried to read your response to my question about your rating and my tip, but when I clicked the link, it was "locked by customer service." can we try again? I want to make sure you get credit..and the bucks


 


Deb

Expert:  Jeremy replied 2 years ago.
I made sure, I closed out the other question so you would not be double billed :)
Customer: replied 2 years ago.
OK. Thanks! You're the best!
Expert:  Jeremy replied 2 years ago.
Not a problem at all, come see me if you ever need anything Deborah :)

JustAnswer in the News:

 
 
 
Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.
 
 
 

What Customers are Saying:

 
 
 
  • My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed. One Happy Customer New York
< Last | Next >
  • My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed. One Happy Customer New York
  • I am very happy with my very fast response. Eric is very knowledgeable in the subject area. Thank you! RP Austin, TX
  • Hi John, Thank you for your expertise and, more important, for your kindness because they make me, almost, look forward to my next computer problem. After the next problem comes, I'll be delighted to correspond again with you. I'm told that I excel at programing. But system administration has never been one of my talents. So it's great to have an expert to rely on when the computer decides to stump me. God bless, Bill Bill M. Schenectady, New York
  • The Expert answered my Mac question and was patient. He answered in a thorough and timely manner, keeping the response on a level that could understand. Thank you! Frank Canada
  • Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help. Mary C. Freshfield, Liverpool, UK
  • This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!! Alex Los Angeles, CA
  • Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult. GP Hesperia, CA
 
 
 

Meet The Experts:

 
 
 
  • Andy

    Computer Consultant

    Satisfied Customers:

    5311
    11yr exp, Comp Engg, Internet expert, Web developer, SEO
< Last | Next >
  • http://ww2.justanswer.com/uploads/EN/Engineer1010/2012-6-9_132423_jaj12a.64x64.jpg Andy's Avatar

    Andy

    Computer Consultant

    Satisfied Customers:

    5311
    11yr exp, Comp Engg, Internet expert, Web developer, SEO
  • http://ww2.justanswer.com/uploads/BA/barrenrock/2011-10-19_215925_JamesJAFinal.64x64.jpg James's Avatar

    James

    Sr. Computer Support Expert

    Satisfied Customers:

    8376
    20 years of experience building, fixing and servicing PCs and operating systems.
  • http://ww2.justanswer.com/uploads/zeyank/2009-09-26_154244_P8110079.png Ryan H.'s Avatar

    Ryan H.

    Computer Support Specialist

    Satisfied Customers:

    1741
    A+ Certified Technician - 10 Years experience working with all types of computer systems.
  • http://ww2.justanswer.com/uploads/JA/jadedangel57/2011-11-8_193134_janenewsm.64x64.jpg Jane Lefler's Avatar

    Jane Lefler

    Sr Prog Analyst / Technician

    Satisfied Customers:

    0
    Computer Programmer / Technician/ Consultant 16+ years
  • http://ww2.justanswer.com/uploads/RO/robmpreston/2013-9-23_233814_mijiFZm.64x64.jpg RPI Solutions's Avatar

    RPI Solutions

    Support Specialist

    Satisfied Customers:

    3476
    5+ Years in IT, BS in Computer Science
  • http://ww2.justanswer.com/uploads/BA/barunrath/2012-7-5_201954_Profilepic2.64x64.jpg B. Rath's Avatar

    B. Rath

    Computer Support Specialist

    Satisfied Customers:

    8671
    Certified Computer/Networking Support Specialist.
  • http://ww2.justanswer.com/uploads/FS/fszcze/2012-6-18_181848_500test.64x64.jpg Frederick S.'s Avatar

    Frederick S.

    Computer Specialist

    Satisfied Customers:

    7240
    Computer technician and founder of a home PC repair company.
 
 
 

Related Computer Questions