Bidvertiser hijack

I have some problems with a very persistent hijack. Both Chrome and Firefox show a banner in the right bottom corner of the screen, even on Google.com. On top of that every few clicks I get redirected to a Bidvertiser domain.

Attached are the OTL, Malwarebytes and aswMBR logs.

I’ve been trying to get rid of this nasty virus for over a few weeks now. Any help would be greatly appreciated!

no malwarebytes log attached ?

Hi you appear to have a zero access infection

Also your Host file has been hijacked

Re-Run aswMBR

Click Scan

On completion of the scanClick the Fix Button

http://dl.dropbox.com/u/73555776/aswMBR_Zero.png

Save the log as before and post in your next reply

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from “Start with Windows”
Reboot and then run OTL

http://i1224.photobucket.com/albums/ee362/Essexboy3/mbamstop.jpg

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks for your help so far. Attached is the log file.

When I try to run the OTL fix I get the following message: “Cannot create file C:\Windows\System32\drivers\etc\hosts”.

Tsk they think they can escape that easily… OK we will work on the Host file manually. Any questions then please stop and ask

Download Take Ownership to your desktop
Unzip the reg file to the desktop
Right click it and select Merge
Accept the warnings

Go to Control Panel
Select Folder Options
Select the view tab

Show Hidden files and Folders

Deselect Hide Protected Systems files

http://dl.dropbox.com/u/73555776/Set%20files%20to%20show%20host.JPG

Accept all warnings and click apply

Using Windows explorer go to
C:\Windows\System32\drivers\etc
Right click the file named Host
Select take ownership
Double click the Host file and select notepad to open the file with

Delete the following lines :

109.163.226.208 www.google-analytics.com.
109.163.226.208 ad-emea.doubleclick.net.
109.163.226.208 www.statcounter.com.
67.215.245.19 www.google-analytics.com.
67.215.245.19 ad-emea.doubleclick.net.
67.215.245.19 www.statcounter.com.
.

Save the Host file
When you save it, it will try to rename it to Host.txt
In the drop down box at the bottom select All files
Allow it to overwrite

http://dl.dropbox.com/u/73555776/Save%20Host.jpg

Then could you run a fresh OTL scan please