I need some tech support...

[jomar]

freewalls.com somehow sneaked in and sometimes when I refresh the page is redirected to their site. When I google how to get rid of it all things firewalls comes up.

I deleted the cookies and ran ad-aware, spybot, malwarebytes, avira, cc cleaner and a registry repair program and the bastard is still there.

Anybody know anything about it? Or can direct me to the proper kill it site?

 

[Darkniciad]

Did you try all those programs from safe mode? Turn off system recovery checkpoints? Doing those two things can often let malwarebytes or ccleaner mitigate the problem enough for them to subsequently finish the job in a regular boot.

If all else fails, and nobody else has a solution, take the problem here:

http://www.spywareinfoforum.com/

Follow the posting instructions in the malware removal forum and post your problem along with the logs requested in the instructions.

It will take the experts there a couple of days to get to you most likely, but once they do, the problem will be resolved if it is at all possible.

 

[jomar]

Of course not! How could I surf the web and read Lit and stuff if I was in safe mode? But that's a good suggestion. I'll try that and if that doesn't get it, and no one has any other ideas, post it on the site you linked. Thanks Dark, I appreciate it.

 

[bronzeage]

That sounds like a free wall paper site. I can't think of any use of something like that, except to get into your hard drive and never leave.

 

[jomar]

That sounds like a free wall paper site. I can't think of any use of something like that, except to get into your hard drive and never leave.

I know, the fuckers.

 

[Darkniciad]

Of course not! How could I surf the web and read Lit and stuff if I was in safe mode? But that's a good suggestion. I'll try that and if that doesn't get it, and no one has any other ideas, post it on the site you linked. Thanks Dark, I appreciate it.

No worries -- been there *laugh* Once by my own mistake, and once through an attack built into an ad on an otherwise innocent site.

One thing to remember is that as soon as you get that "something's wrong" feeling, IMMEDIATELY hit ctrl-alt-del and open Task Manager. A lot of malware attempts to disable it, but it takes the stuff a while to install itself, and usually gives away what it's doing with some sort of pop-up or something beforehand.

If you can get task manager open, you can stop weird looking processes and programs, close windows safely without clicking them anywhere ( even the X close button can be a malware link ) and possibly stop some of the malware's components from completely installing.

That gut feeling and opening task manager was all that saved me from a system wipe and reinstall last time when that attack ad got me. I managed to head enough parts of it off at the pass for malwarebytes to kill the critical stuff from safe mode, and finish it off on reboot.

Fortunately, yours just sounds like a simple browser hijack. Annoying, hard to remove, but otherwise not too harmful. The one that almost got me disabled task manager, virtually every well-circulated anti-virus and anti-spyware, deleted malwarebytes, hijack this, ccleaner, and blocked access to virtually every website that could have helped.

Keep back-up install files of malwarebytes and ccleaner + rename the version installed, too.

Doesn't hurt to have multiple browser options, too. Sometimes, one browser will be hit and the exploit won't work on others. The initial safe mode clean from my last attack only managed to free up Firefox. IE and Chrome were both still blocked. I was able to download the Malwarebytes update with Firefox to finish the job.

 

[jomar]

Dark

Good advice, but to be honest I have no idea what most of those task manager processes are so I don't know what looks odd, but the popup is something to look for. But it does open. And your right, this one seems to be an annoying redirect. All the malware programs updated ok.

But I have a "dead" desktop I haven't gotten around to addressing that is what you talk about - all kinds of things got hijacked and I couldn't open task manager. And unfortunately it was my son's and the protection programs weren't updated so safe mode wasn't helpful.

 

[Darkniciad]

Well, if it's possible to fix without doing a wipe and reinstall, that forum will get you there. Those guys are good, to say the least. They know every tool and every trick in existence to outwit even the latest, most insidious malware.

Even when they recommend a reinstall, I've always seen them get the system to a point where you can recover all of your documents/pics/etc and back them up before you nuke the OS ( provided they weren't infected, which usually doesn't happen with the browser hijack sort of bugs )

 

[JAMESBJOHNSON]

JOMAR

Its possible to go online in SAFE-MODE. I've done it 1000s of times. You forfeit audio and the best graphics but you can surf and email and most things. In MSCONFIG, General Tab, there should be a SAFE-MODE/Internet connection option. Click it, save, and reboot.

 

[jomar]

Well, if it's possible to fix without doing a wipe and reinstall, that forum will get you there. Those guys are good, to say the least. They know every tool and every trick in existence to outwit even the latest, most insidious malware.

Even when they recommend a reinstall, I've always seen them get the system to a point where you can recover all of your documents/pics/etc and back them up before you nuke the OS ( provided they weren't infected, which usually doesn't happen with the browser hijack sort of bugs )

Sounds promising. I get anxious when I hear wipe....

JOMAR

Its possible to go online in SAFE-MODE. I've done it 1000s of times. You forfeit audio and the best graphics but you can surf and email and most things. In MSCONFIG, General Tab, there should be a SAFE-MODE/Internet connection option. Click it, save, and reboot.

I've not gone online in safe mode. Thanks, JBJ.

 

[jomar]

.....

 

[R. Richard]

You fail to state what operating system you're running. A need to know item.

 

[ravenmx]

Did you check add\remove? Sometimes those types of programs will install without your knowledge. The other thing to try is to download HIJACKTHIS and run it.

You have to be careful what you remove but the program will tell you what it is and then you can make the call to remove or not. It works great on programs that hijack your web browser and registry and it is free. It also makes a backup so if something doesn't work you can undo what you did.

HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

IMPORTANT: HijackThis does not determine what is good or bad. Do not make any changes to your computer settings unless you are an expert computer user.

Advanced users can use HijackThis to remove unwanted settings or files.

 

[Darkniciad]

Hijack this is the first thing that the spywareinfo forum will ask you to run -- but only in a reporting capacity. It's not something to toy around with if you don't know exactly what you're doing. You can cripple your OS if you delete the wrong thing.

It's a powerful tool, but one best left to experts when it comes to actually deleting items.

 

[jomar]

You fail to state what operating system you're running. A need to know item.

XP Pro

No joy on the add/remove. I can't imagine that the programmers would highlight their program for Hijack This - probably give it some inscrutable and indecipherable name. Haven't taken time to do the safe mode yet, but will report back. Thanks.