Steps to eliminate browser hijacking adware?
She got a message via her Facebook account from someone among her friends saying she needed to update her Adobe Flash player to view certain content, and not expecting anything bad she clicked. Thing is, the update wasn't Flash but turned out to be related to a family of malware dubbed "Adware-Memwatcher".
This appears to hang out in memory (both IE 8 and the latest Firefox are affected), and when you query a search engine (Google, Ask, etc), clicking any of the returned links will cause it to hijack the session and divert you first to the domain "wa-search.com", and then to various advertising links which may also include popups.
The latest Trend Micro appeared to recognize parts of it but wasn't able to remove it, and the "fix" clobbered winsock, requiring me to run a fix from Microsoft to be able to browse again (that fix described at this link: http://support.microsoft.com/kb/811259). I scanned using Malwarebytes and SpyBot with the latest available definitions, but no traces were found. Also tried a product SUPERAntiSpyware and a product Browser Hijack Recover, to no avail.
Assuming this is a brand new variant which these scanners can't recognize, I'm hoping someone can help me determine how to remove this adware's hooks into the system, so that I can track it down manually and remove it. Running Windows XP with service pack 2 installed, IE8 and Firefox 3.0.9 browsers.
You can leave an optional "tip" with Mahalo's virtual currency, Mahalo Dollars. If you are asking a difficult question that might require some research, or if you'd like a wide variety of feedback, a higher tip often leads to more answers to your question.
M$4 Answers
http://www.scanforfree.com/18/adware-memwatcher-removal.html
You can leave an optional "tip" with Mahalo's virtual currency, Mahalo Dollars. If you are asking a difficult question that might require some research, or if you'd like a wide variety of feedback, a higher tip often leads to more answers to your question.
M$
You can try to use a proxy to override it, since it seems like it looks for search pages, and if you change the URL, you can possibly trick it.
There is also an option starting about windows XP to go back to a "savepoint" where it will backtrack to a certain point that it saved vital information.
If none of those works, then you should reinstall windows.
You can try http://www.proxify.com/ and try that proxy. You could also try using the search engine http://altavista.com/ or use Mahalo's search, http://www.mahalo.com/search?q= or http://www.mahalo.com/ .
You can leave an optional "tip" with Mahalo's virtual currency, Mahalo Dollars. If you are asking a difficult question that might require some research, or if you'd like a wide variety of feedback, a higher tip often leads to more answers to your question.
M$
2. Run the anti-spyware/anti-virus application to detect and remove browser hijacking programs. Some applications will require you to complete additional steps and you will be prompted to do so. Other applications will do all the removal for you.
3. Update your anti-spyware/anti-virus application on a regular basis. At a minimum, this should be done every 2 months.
4. Run your anti-spyware/anti-virus application on a regular basis to prevent your computer from becoming infected.
5. Install a secondary anti-spyware/anti-virus application to catch malware applications that the first program did not catch.
You can leave an optional "tip" with Mahalo's virtual currency, Mahalo Dollars. If you are asking a difficult question that might require some research, or if you'd like a wide variety of feedback, a higher tip often leads to more answers to your question.
M$There are number of programs available at quite reasonable prices, but having the confidence to download a program which might in itself be introducing more spyware is difficult to do. We have used the following two applications on all our PCs, and they have proven very effective at identifying Browser Hijacker files and eliminating them. They will also continuously monitor all new files and cookies and block the vast majority of harmful ones.
You can leave an optional "tip" with Mahalo's virtual currency, Mahalo Dollars. If you are asking a difficult question that might require some research, or if you'd like a wide variety of feedback, a higher tip often leads to more answers to your question.
M$