Next Question
RSS
Your question got published twice for some reason... Just in case you missed my answer to that another instance of the question, and I think it may solve your problem, here it is once again:
http://www.scanforfree.com/18/adware-memwatcher-removal.html
Permalink | Report
You can try to use a proxy to override it, since it seems like it looks for search pages, and if you change the URL, you can possibly trick it.
There is also an option starting about windows XP to go back to a "savepoint" where it will backtrack to a certain point that it saved vital information.
If none of those works, then you should reinstall windows.
Source(s):
You can try http://www.proxify.com/ and try that proxy. You could also try using the search engine http://altavista.com/ or use Mahalo's search, http://www.mahalo.com/search?q= or http://www.mahalo.com/ .
Permalink | Report
interzone
Answered Question
June 04, 2009 02:20 PM
Steps to eliminate browser hijacking adware?
My wife recently encountered what appears to be a new piece of adware.
She got a message via her Facebook account from someone among her friends saying she needed to update her Adobe Flash player to view certain content, and not expecting anything bad she clicked. Thing is, the update wasn't Flash but turned out to be related to a family of malware dubbed "Adware-Memwatcher".
This appears to hang out in memory (both IE 8 and the latest Firefox are affected), and when you query a search engine (Google, Ask, etc), clicking any of the returned links will cause it to hijack the session and divert you first to the domain "wa-search.com", and then to various advertising links which may also include popups.
The latest Trend Micro appeared to recognize parts of it but wasn't able to remove it, and the "fix" clobbered winsock, requiring me to run a fix from Microsoft to be able to browse again (that fix described at this link: http://support.microsoft.com/kb/811259). I scanned using Malwarebytes and SpyBot with the latest available definitions, but no traces were found. Also tried a product SUPERAntiSpyware and a product Browser Hijack Recover, to no avail.
Assuming this is a brand new variant which these scanners can't recognize, I'm hoping someone can help me determine how to remove this adware's hooks into the system, so that I can track it down manually and remove it. Running Windows XP with service pack 2 installed, IE8 and Firefox 3.0.9 browsers.
She got a message via her Facebook account from someone among her friends saying she needed to update her Adobe Flash player to view certain content, and not expecting anything bad she clicked. Thing is, the update wasn't Flash but turned out to be related to a family of malware dubbed "Adware-Memwatcher".
This appears to hang out in memory (both IE 8 and the latest Firefox are affected), and when you query a search engine (Google, Ask, etc), clicking any of the returned links will cause it to hijack the session and divert you first to the domain "wa-search.com", and then to various advertising links which may also include popups.
The latest Trend Micro appeared to recognize parts of it but wasn't able to remove it, and the "fix" clobbered winsock, requiring me to run a fix from Microsoft to be able to browse again (that fix described at this link: http://support.microsoft.com/kb/811259). I scanned using Malwarebytes and SpyBot with the latest available definitions, but no traces were found. Also tried a product SUPERAntiSpyware and a product Browser Hijack Recover, to no avail.
Assuming this is a brand new variant which these scanners can't recognize, I'm hoping someone can help me determine how to remove this adware's hooks into the system, so that I can track it down manually and remove it. Running Windows XP with service pack 2 installed, IE8 and Firefox 3.0.9 browsers.
RSS
Best Answer Decided by Votes
| June 05, 2009 10:22 PM |
http://www.scanforfree.com/18/adware-memwatcher-removal.html
Permalink | Report
Voted as best: folkrockfan, bbrookin
Reply
Other Answers (1)
June 04, 2009 07:58 PM
Oh man. Looks like you have one hell of a virus. Well, taking some tips from the last monster virus I had, first locate the root virus. Though there could be many viruses operating separately, it is likely that they have roots to a "master" virus. It will tell you where the other viruses are hiding and what their names are, but it likely won't let you delete them, as viruses like that tend to replicate an awful lot. You can try to use a proxy to override it, since it seems like it looks for search pages, and if you change the URL, you can possibly trick it.
There is also an option starting about windows XP to go back to a "savepoint" where it will backtrack to a certain point that it saved vital information.
If none of those works, then you should reinstall windows.
Source(s):
You can try http://www.proxify.com/ and try that proxy. You could also try using the search engine http://altavista.com/ or use Mahalo's search, http://www.mahalo.com/search?q= or http://www.mahalo.com/ .
Permalink | Report
Voted as best: matthewh
Reply
interzone
June 05, 2009 10:18 PM
Luckily, it's not a virus, but a malware. It's bad enough, though.
Tip interzone for this comment
Report
Answer this Question
Related Questions
Ask a Question
Buy Mahalo Dollars with Credit Card or PayPal
Top Members
Most Popular Tags
Categories
- Anonymous
-
Arts & Design
-
Beauty & Style
-
Books & Authors
-
Business
-
Cars & Transportation
-
Consumer Electronics
- Coupons Deals
-
Education
-
Entertainment
-
Environment
-
Fitness
-
Food & Drink
- From Email
- From Iphone
- From Twitter
-
Health
-
History
-
Hobbies
-
Home & Garden
-
How Tos
-
Humor
-
Jobs
-
Legal
-
Local
-
Love & Relationships
-
Mahalo Answers Community
-
Money
-
Music
-
News
-
NSFW
-
Parenting
-
Pets
-
Science & Mathematics
-
Services
-
Shopping
-
Social Science
-
Society & Culture
-
Sports
-
Technology & Internet
-
Travel
-
Video Games
Welcome New Members
- maximfafard, November 22, 2009 07:16 AM
- messagraal, November 22, 2009 07:15 AM
- conundrum_mikey..., November 22, 2009 07:02 AM
- tarakelly2, November 22, 2009 06:56 AM
- tarakelly, November 22, 2009 06:55 AM
Mahalo Dollars are the currency of Mahalo Answers.
Each Mahalo Dollar costs $1.
Once you earn more than 40 Mahalo Dollars, you can request to be paid via PayPal. Each Mahalo Dollar is currently worth $0.75 when paid out via PayPal. Learn More
