I need help removing a browser hijacker.

Discussion in 'Miscellaneous' started by tinkao, Aug 18, 2014.

  1. I am running on windows 8 64 bit installed onto a current 27" iMac. Somehow I have obtained a malicious file that has hidden itself and rooted it's way into the inner workings of the OS.

    Whenever I go to use the "Omnibar" on google chrome, my search gets redirected to a fake yahoo search. First of all, I would like to ask if I can provide the link to the site that I get redirected to, as it violates the terms and conditions of EMC to intentionally provide malicious code or software. (It would not be intentional... just dont visit the link if I am allowed to post it which I probably won't be. It may help. Anyways, I have installed the free version of Malwarebytes and Anvisoft Smart Defender. They tried to quarantine minecraft :p but I whitelisted it and it only. I allowed them to quarantine any other files. They both found a file called "Trojan.agent" in the my JVM and JDK. I have uninstalled both and reinstalled only JVM (which is actually still installing at the moment).

    I request help from anyone who can give it to me. I would not like to completely delete windows 8 off my drive, but it is a last minute possibility.
  2. " Anyways, I have installed the free version of Malwarebytes and Anvisoft Smart Defender" :p
    tedrocker likes this.
  3. Wait: Did you say Windows on an iMac???
  4. It's possible :p BootCamp or Parallels.
    tedrocker likes this.
  5. You shouldn't have to reinstall windows 8. I imagine that malwarebytes or some other virus protection thing can find it and remove it. I would recommend booting into safe mode. Hold down shift while you restart the computer and find the safe mode option. Here is some more detailed help. I would recommend running your virus scanners from within there to find anything that may be hiding. Another cool thing is the restore or refresh features. The restore lets you go back to a previous time and remove anything that was installed after the time. Refresh will remove all programs except those that came with your computer and will keep personal files safe.

    Edit: Take a look at this. It is something from Google on how to remove those types of things from your computer.
  6. Perhaps take a screenshot of the URL in question and post it as a non-clickable image.
    boozle628, PenguinDJ and chickeneer like this.
  7. On the google forums people are saying this specific malicious software can be obtained just by visiting cnet's website... It is also supposedly bundled with their downloads.



    I would rather wait for an administrator to come on just to make sure thats okay, but good idea.
  8. One idea, boozle, is that it added it's search engine into your search engines. I've seen programs try that before. Try going to the settings of your Google Chrome and go to the part where it lists your active search engines. If you see the one you're speaking of, remove it.
    Jake_bagby and PenguinDJ like this.
  9. Got rid of everything but Google. It was not in there, but I dont use any other search engines :p
    Oooh, Just noticed that the search engine is called "Looksafe browser"

    I search "w" and the title of the page is "w - Looksafe Yahoo Search"
  10. What's wrong with [PLAIN] in front of the URL? Or [FONT=verdana] in the middle of the URL?
  11. Because it is just the same as linking it in my perspective, I would be providing a url that has malware on it.
  12. Okay try it from avast.com then...
  13. Another thought. Check your Google Extensions and see if a program you didn't install/don't want is in there.
  14. This. Or at least on Win 7, sometimes you have to uninstall these pieces of junk from the control panel(or Win 8 equivalent)
    607 likes this.
  15. The process of uninstalling would be the same. You likely have some program that you don't want installed. Malwarebytes or some other antivirus will likely remove it, but you may have to do it with the control panel.
    Check out this url: http://forums.anvisoft.com/viewtopic-45-13917-0.html
  16. I remember a time when you could actually trust cnet, but that was a long time ago. It wouldn't surprise me if it's actually the real yahoo that 'hijacked' your browser, they've been known to do that A LOT. Cnet bundles in yahoo with most of it's 'software packages'. Yahoo are just so desperate to get customers they do this and I find it disgusting, I will never ever use Yahoo. It's happened to me many times in the past, but now I don't go anywhere near cnet and it's not a problem. :)
    tedrocker likes this.
  17. CNET is absolutely fine as long as you don't just click "next" while installing, and avoid using their downloader program. Those are just the basic things you do for any file hosting site.
    607 likes this.