HELP! Browser Hijacker in My System

Hello,

I sent the following message to support (see below), and they replied with instructions on what to do. And so I did everything they asked me to do to the letter, but sadly, the problem persisted. I still got this WARNING window coming up the minute I connected to the internet. And so I sent another query to Support and they asked me to connect with this forum. Strangely enough, I’ve been online about 15 minutes now and that WARNING has not come up, it usually hits me up every five minutes!

Please take a look at the correspondence below, and kindly do your best to assist me.

Thank you,

Anthony

====LETTER TO SUPPORT=====

Hello,

I am constantly being attacked it would seem, because Avast alerts me every time with the following message. Please help!

OBJECT

hxxp://fitovitnatural.com/tmp/dll.exe

INFECTION

URL: Mal

PROCESS

C:\Windows\System32\svchost.exe

====REPLY FROM SUPPORT====

Hello Anthony,

Please accept my apologies for the delay in handling your request.

We’re sorry to hear that you’ve been getting detection messages from Avast. Please note that these are correct and the accessed URL is actually malicious.

It seems that there’s a browser hijacker present in your system. Could you please try to clean it up? You can do so by following these steps:

First please make sure that you have the most recent version of Avast - 17.3.2291:
Open Avast and go to > Settings > Update > Program > Update and update your Virus definitions as well.

Then please turn on scanning of Potentially Unwanted Programs (PUPs):
In Avast, go to > Settings > General > check the option ‘Scan for potentially unwanted programs (PUPs)’ > OK.

After that please perform a Boot-time scan:
Please open Avast and go to > Protection > Antivirus > Other scans > Boot-time scan > Run on next PC reboot.
This will reboot your machine and perform the Boot-time scan.

Then that please reset your web browser to its default settings:
Google Chrome: https://support.google.com/chrome/answer/3296214?hl=en
Mozilla Firefox: https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

Finally please run an Avast Cleanup scan:
Open Avast and go to > Performance > Cleanup > Start Cleanup.

Please let me know if you encounter any issues.

Best Regards,
Prokop

The Avast Support Team

https://forum.avast.com/index.php?topic=194892.0

I’ve taken a look at your “guideline” link. :frowning:

You should do more then look :wink:

A tad overwhelming first instance, but I’m giving it a go today. Thanks!

Hello Eddy,

Thanks for the help. I downloaded Malwarebytes and did the scan and here’s the mbam.txt file attached herewith for you. Please let me know if I should go ahead and do the Next… Farbar Recovery Scan Tool.

Anthony

Yes, we need the two logs from Farbar also (FRST.txt and Addition.txt)

I tried both files, and a warning comes up that says “This type of file can harm your computer. Do you want to keep FRST64 anyway?” What do I do now? Please advise.

This is normal, just continue

Hi,

Here we are. Done! Files attached herewith. Awaiting you news.

Thanks!

Anthony

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

DefaultTab
FlvPlayer
MyFreeCodec
Settings Manager
Yahoo! Search Protection
Yahoo! Toolbar

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Hello,

Is this meant for me after my last post that all was done? Just checking. And I checked your FIRST item and none of these are present:

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

DefaultTab
FlvPlayer
MyFreeCodec
Settings Manager
Yahoo! Search Protection
Yahoo! Toolbar

Anthony

Is this meant for me after my last post that all was done?
Yes, nothing has been done yet, this is your fix instructions

I Can’t find these

DefaultTab
FlvPlayer
MyFreeCodec
Settings Manager
Yahoo! Search Protection
Yahoo! Toolbar

Do I go ahead with…

SECOND >>>>

Fix with Farbar Recovery Scan Tool

Oops! I FOUND them. Uninstalling now!

I have Uninstalled everything but it is refusing to uninstall Yahoo! Toolbar and now the THREAT HAS BEEN DETECTED Avast Window is back… and I’m being promoted to do the Avast Cleanup. Please advise?

Have you run FRST fix he made for you? when done attach fix log

@dbrisendine will be back online tomorrow

I haven’t got to that stage yet. Like I said, the delete process in Segment #1 is not complete. Yahoo! Toolbar is REFUSING to Uninstall.

The dropp that and go to next step

Hello,

I’ve finished FRST and here’s the Fixlog.txt. attached herewith. Awaiting your news.

Many thanks.

Anthony