How do I get rid of a web hijacker when malwarebytes cant detect it

MiloshDr

Commendable
Jul 12, 2016
19
0
1,560
Google redirects me to Yahoo, multiple google chrome process's are in task manager when nothing is open and I cannot end the tasks for some of them. Web browsers keep going unresponsive.

I ran malwarebytes and it couldn't find anything. Well it did before, but then the next day I boot up my computer it keeps coming back.

Only web browsers are affected, I tried reinstalling but it still didn't solve the problem.

Is resetting the pc my only option since I don't have a restore point?
 
Solution
Combofix is non-functional on both Win 8.1 and Win10...

Make sure this is not simply home page redirects or shortcut hijacks...

Set your homepage as desired, and launch the true location of Chrome thru the command line....if that works, perhaps make a new shortcut.....

freefixer is also quite effective at showing assorted processors, browser helper objects, hostile tasks, etc...; but be careful of what you delete...!

Chicano

Distinguished
Aug 29, 2011
193
2
18,910
For the same problem I've used AdwCleaner and it fixed it everytime... and you still have another option with Combofix (suggested just in case though I think AdwCleaner should get rid of it).
 

mdd1963

Distinguished
Combofix is non-functional on both Win 8.1 and Win10...

Make sure this is not simply home page redirects or shortcut hijacks...

Set your homepage as desired, and launch the true location of Chrome thru the command line....if that works, perhaps make a new shortcut.....

freefixer is also quite effective at showing assorted processors, browser helper objects, hostile tasks, etc...; but be careful of what you delete...!
 
Solution

Chicano

Distinguished
Aug 29, 2011
193
2
18,910
I didn't have trouble running Comofix in Windows 10 but in case you do, this version should have no trouble running in 10.
https://windows10portal.com/download-combofix/

Setting the homepage doesn't work when a browser hijacker is redirecting your browser.
 

mdd1963

Distinguished
http://combofix.org/combofix-windows-8-110-compatibility.php

http://combofix.net/

It has been well known for years that CF is outdated....

Running it, and having it actually accomplish removal of anything might be two different animals....although it certainly can't hurt of one has exhausted the normal gamut of tools. (I'd just never try it, knowing in advance it is not supported or effective, given the assortment of other tools for tracking down mysterious processes/startups/BHOs)
 

Chicano

Distinguished
Aug 29, 2011
193
2
18,910
That's not the only web page talking about Combofix. I read it before and searched for more information I never take for granted what one page says. Besides I've used Combofix when other software have failed and it has worked. I may have been lucky I guess... or I may know a trick or more than you.


https://windows10portal.com/download-combofix/
 

Chicano

Distinguished
Aug 29, 2011
193
2
18,910
Well, Combofix was a secondary suggestion which I don't expect will have to be used as AdwCleaner should do the job.. so arguing about the use of Combofix is unnecessary.

What I noticed is the Combofix search results misslead you saying it is compatible with Windows 8.1 and 10 to lead you to their website and once there they push an alternative software and then tell you Combofix doesn't work with Windows 8.1 and 10. But they say it does work in Windows 8 which is the same as 8.1 except for the Start Menu in 8.1.. so Combofix should work the same in 8.1 but they probably tricked it not to work so they can push their new replacement antimalware.




 

mdd1963

Distinguished
So, to clarify....Combofix , per it's maker and 19 out of 20 websites that actually deal with malware, "... is non-functional on both Win 8.1 and Win10"...

It's maker, sUBS, hangs out at Bleepingcomputer, and also claims it does not work. (Win8 and 8.1 are not the same as far as Combofix is concerned)

It was only your win10portal that sort of misleads folks, and does imply it is compatible, despite, all other competent trusted websites reflecting it not working...

I assumed you had used it successfully at least once on Windows 10, and perhaps were on to something no one else was aware of yet...

 

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
Browser hijackers are annoying indeed. It can happen that anti-malware software doesn't detect it but in rare cases. Additionally, I had Malwarebytes and Windows Defender both struggle to remove adware in Windows normal mode, so the following should help you:

1. Restart your Windows in "Safe mode with networking"
2. Check your browser for any add-ons or extensions you do not recognize and remove them.
3. Check your installed programs and see if there isn't anything suspicious that was installed lately (If there is, simply remove them).
4. Install any popular antivirus and do a quick scan (Majority of the providers do have free versions of their software). Or just use Windows Defender. It works really well in most cases.
5. Install and scan your PC with Malwarebytes and Hitman Pro to clean most adware (You could try ADWCleaner as well if this doesn't work).
6. Restart your Windows and do an additional thorough scan to confirm that you removed any malware.

After this, in most cases, the issues of malware should be solved. As for my advice, the best way to remove adware is not to contract it. Be very careful with the links that you are browsing and the files you are downloading. That should prevent a majority of commonly spread issues. Good luck!
 

Avast-Team

Estimable
Mar 3, 2017
225
1
5,165


This is a good recommendation and an excellent path to take. It can depend on whether this is a malicious extension or if it's actually malware/adware residing somewhere else on the machine. You should definitely try scanning for malicious or potentially unwanted extensions (Disclaimer: Avast can do this with Browser Cleanup)

Another thing I would do is, after performing the regular scan and removal steps, try doing a boot-time scan. Often these malware programs/nagware/browser hijackers simply repropagate themselves when you have an active Internet connection; a boot time scan may help to remove them completely. I have seen many cases of "no matter how many times I remove it it keeps coming back! (Disclaimer: Avast Free can do this)

Hope that helps and good luck in your removal.
 

Chicano

Distinguished
Aug 29, 2011
193
2
18,910

Well to be perfectly honest, I did run Combofix sometime in the last month and half to two and it did run... What I don't recall is which OS I was using that day since I havent used Windows 7 for months and have been using Windows 10 and Windows 8.1 during the last few.

What makes me think Combofix has been tricked to not run in Windows 8.1 & 10 is the message that pops up.. software that isn't compatible pops up different messages from the system stating it's not a valid 32/64bit Windows software, etc. etc.... but in this case it's a message from the Combofix developer... what I gather is they are using the Combofix reputation to offer the alternative antimalware which would go unnoticed otherwise... unless they spend on promoting it but who knows if their finances allow it.

Compatibility mode is said to run Combofix on some Windows 8.1 and 10 editions.. but this doesn't make it run in Win 10 which I've just updated to Creators Update so that may be a factor.

http://combofix.org/combofix-windows-8-110-compatibility.php
 

mdd1963

Distinguished
compatibility mode was a half-baked attempted workaround found by a few users to at least make it 'run' years ago, but, Windows was changed enough beginning at 8.1 onward to make it 'not compatible/effective'...

All websites specializing in combating malware still reflect this...; Combofix is dead from 8.1 onward...

It's perfectly understandable to have possibly mixed up whether or not you had run it on Windows 10 if dealing with numerous OS's...

With today's high speed M.2 NVME storage solutions, it takes as little as 4-5 minutes to do a nuke and pave, based on my last Win10 Pro install anyway...; anyone could make a pristine image of less than 128 GB Windows plus Office, top 3-4 games, utilities, etc freshly installed), and roll from external storage to an SSD and go from infected to pristine in...10 minutes?

The checking/testing of 20 different malware removal identification/ tools is merely an entertaining puzzle to solve, usually....

 

Chicano

Distinguished
Aug 29, 2011
193
2
18,910
I've just run Combofix in compatibility mode with Windows 7 selected, run the program checked as administrator, and launched it As Administrator.. it took a second attempt to run and on a third launch minutes later it started no problem... it's version 11.8.22 though.
 
@MiloshDr


Have you been able to look at the Hosts file?

References:

https://www.computerhope.com/jargon/h/hostsfil.htm

https://www.lifewire.com/how-to-edit-the-hosts-file-153661

For now just take a look to see what may be in there. No immediate need to edit.

The objective is to determine if anything seems amiss.

Also, take a look at your DNS server IP settings.

Other thoughts:

Just one device or multiple networked devices?

Try turning off all other networked devices. See if the problem continues.