HiWire Posted June 11, 2017 Report Posted June 11, 2017 (edited) My computer got hit by malware yesterday, which took all day to eliminate. Since there wasn't a lot of specific info online, I thought I'd post this in case it hits anyone else. Most of the web results point to 2012 recommendations that are out of date. This particular redirect hijacks your address bar and search results (for all your browsers) to SearchMagnified or SearchingMagnified, obvious bogus domains that will no doubt take you to further exploit sites. It also redirected direct links and bookmarks to these sites. I looked through the list of browser settings and add-ons (I don't run any), running processes, installed software, and even the hosts file and DNS settings, after dumping cache files and cookies in the browsers and refreshing them. Nothing obvious showed in the list of add-ons, processes, startup entries, or the Registry. It went right through Avira Antivirus and Malwarebytes Anti-Malware – neither was able to detect anything wrong with a full scan. Windows Defender was, of course, useless. First, I downloaded and installed (sequentially) a bunch of free antivirus apps, all of which have relatively good standing in their industry – Bitdefender, Avast, AVG, Kaspersky. I updated definitions and ran a full scan with each, which took all day and turned up nothing. I also uninstalled each app before trying the next one, which meant a lot of restarting. I also used the following anti-malware apps – Malwarebytes AdwCleaner and Spybot Search & Destroy. No results there, either. Eventually, I found a general help page on browser hijacks at the MalwareTips website (dodgy-sounding, I know, but I was at my wits' end by that point). Going directly to the applications the page referenced (rather than clicking through their links), I followed their recommendations step by step: 1. Kaspersky TDSSKiller (rootkit detection and removal) – no results 2. RKill (process blocker removal) – no results 3. Malwarebytes Anti-Malware – no results 4. HitmanPro – we have a winner! HitmanPro listed a small number of tracking cookies (low threat), and removed 1 malware from a 2016 archive file. Deleting these fixed the browsers. 5. Zemana Anti-Malware – did not try 6. Reset browser to default settings – already tried. No effect Takeaway lessons and reminders (most of these are pretty obvious): 1. Have up-to-date backups of your critical data as well as a system image 2. Make sure you know if System Restore is working if you have to revert Windows 3. Consider changing your user level down from Administrator 4. None of the browsers were safe. Modern hijacks are able to affect all of them. Windows 10 is obviously still vulnerable to drive-by website exploits 5. Have a second computing device, and at least a large flash drive or external hard drive to boot from in extremis 6. Hard drives are slow... the painful process of scanning the entire system (many hours) would have been much less painful on an SSD 8. Hybrid vigor: if you have the resources, experiment with multiple operating systems and virtualization to reduce your exposure 9. Keep a variety of these free anti-virus and anti-malware tools on an easily-accessible disk, and update them regularly. None of them are guaranteed to find all your viruses, spyware, adware, malware, and ransomware by themselves, so keep your options open. Paid security software (Norton, McAfee, premium versions of the vendors listed above) probably has the same pitfalls. 10. Update all your passwords and login information after an attack. Scan other volumes (e.g., external and networked drives) to ensure data security 11. Using cloud services reduces your reliance on a single device/system, but can introduce new weaknesses 12. Prepare for the worst-case scenario. Know what steps you would take if you lost all your data and possibly the entire computer (e.g., comparable to a theft, loss, or hardware failure) Conclusions: I suspected from the start that it was a simple browser hijack, but doing a thorough inspection with multiple programs confirmed the system and its data is essentially clean (I am running free Sophos Home now). I hadn't heard of a lot of the tools listed above, but they obviously vary in their effectiveness. In the end, I didn't lose any data and I only lost a day. It is important to act as quickly as possible against system security problems. You can't always rely on a previous set of security tools, so stay up to date and limit your vulnerabilities. Edited June 11, 2017 by HiWire 1
HiWire Posted June 11, 2017 Author Report Posted June 11, 2017 (edited) Testing almost every free anti-virus/malware app wasn't exactly my plan for the weekend – it definitely woke me from a state of complacence. I've seen friends, family, and co-workers suffer though this kind of stuff and I'm glad the damage wasn't much worse. There's no way I would have thought an app called HitmanPro would be legit Running all the security software also seemed to uncover various little creepy-crawlies that crept into my system and data over the years... some of my files go back to the 1990s. Edited June 11, 2017 by HiWire
Jon L Posted June 11, 2017 Report Posted June 11, 2017 15 minutes ago, HiWire said: Testing almost every free anti-virus/malware app wasn't exactly my plan for the weekend – it definitely woke me from a state of complacence. I've seen friends, family, and co-workers suffer though this kind of stuff and I'm glad the damage wasn't much worse. There's no way I would have thought an app called HitmanPro would be legit Running all the security software also seemed to uncover various little creepy-crawlies that crept into my system and data over the years... some of my files go back to the 1990s. Have you tried uninstalling Hitman Pro? I found people complaining they cannot uninstall it: "Cons I can't remove it! The online advice on how to do so is all wrong. It doesn't appear in control panel, nor is there a visible folder on the C drive anywhere, nor is it listed anywhere in msconfig, nor does it appear in All Programs, contrary to the advice of those attempting to assist others in my position. "Cons and I cannot find a way to uninstall this without buying their version of "#1 uninstall"
HiWire Posted June 11, 2017 Author Report Posted June 11, 2017 (edited) Good question – the version I downloaded (HitmanPro 3.7 x64) gave me an option to run the program as a one-shot deal or as a perpetual scanner. I chose the one-shot option and it seems to be completely gone from my system. The only thing it left was the scan log I saved on my desktop. I didn't realize it was a Sophos product, either. The screenshot on the MalwareTips site shows the SurfRight name, which Wikipedia says Sophos acquired in 2015. Maybe they realized the original product was too much like malware itself – they'll probably lose the questionable name as they incorporate the technology into their other products. Edited June 11, 2017 by HiWire
enanaviai Posted June 13, 2017 Report Posted June 13, 2017 I always use Chrome browser and i have save a professional instruction to deal with browser issues. 1. Download the Chrome policy remover. 2. Right click it and select Run as administrator. 3. Click Yes at the confirmation prompt and allow the process to complete. If you see a message saying that Windows protected your PC, click More info > Run anyway. I would also recommend that you carry out the following steps: 1. Install and run the Chrome Cleanup Tool (Windows only). 2. Scan your computer for malware/adware using malware removal tool 3. Uninstall unfamiliar or suspicious extensions. 4. Uninstall suspicious programs from your computer that you don't remember installing (Start > Control Panel > Add or Remove Programs/Programs and Features). 5. Reset your browser settings.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now