Not what you were looking for? Ask our experts!
Reply
Contributor
iNeedHelp1004
Posts: 21
Registered: ‎06-05-2013

Re: sureonlinefind.com HIJACKING

ok everything ran fine, and no restart occured just FYI. file should be attached

Contributor
iNeedHelp1004
Posts: 21
Registered: ‎06-05-2013

Re: sureonlinefind.com HIJACKING

[ Edited ]

[Double Message]

 

 

 

Edited by Quads

Contributor
iNeedHelp1004
Posts: 21
Registered: ‎06-05-2013

Re: sureonlinefind.com HIJACKING

ignore above double post fail -_-

Bot Obliterator
Quads
Posts: 16,540
Registered: ‎07-21-2008

Re: sureonlinefind.com HIJACKING

Combofix took the leftover registry key I wanted

 

- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-KHCONF - c:\users\Jeremy\AppData\Local\KHCONF\dimruouw.dll

 

 

Are you getting redirected / hijacked now??

 

Quads

Contributor
iNeedHelp1004
Posts: 21
Registered: ‎06-05-2013

Re: sureonlinefind.com HIJACKING

i tested with several searches, and no hijacking. however, i am receiving a message upon some sites loading which states:

 

"you are about to leave a secure internet connection. it will be possible for others to view information you send. do you want to continue"

 

no idea what that is. i did turn all securities back to defualt or the searches, i hope that was ok

Bot Obliterator
Quads
Posts: 16,540
Registered: ‎07-21-2008

Re: sureonlinefind.com HIJACKING

Are you using Internet Explorer  (IE)?? 

 

"you are about to leave a secure internet connection. it will be possible for others to view information you send. do you want to continue"  I have seen in IE as part of it's security settings.

 

Quads

Contributor
iNeedHelp1004
Posts: 21
Registered: ‎06-05-2013

Re: sureonlinefind.com HIJACKING

yes i am. i think i understand it now to be just the option to never show that message having refreshed to allow it, and i forgot it was normal. so all in all testing shows no problems then :)

Bot Obliterator
Quads
Posts: 16,540
Registered: ‎07-21-2008

Re: sureonlinefind.com HIJACKING

OK  time ti remove all of combofix's files and OTL cleanup.

 

Disable Norton / Symantec for say 30mins 

 

Start OTL,  (Right click and from the menu choose "Run as Administrator")

Click the Scan All Users checkbox.

Change file age to 60 days

 

 

Press the 

 

 

A new OTL.txt  will be created to attach

 

Quads

Contributor
iNeedHelp1004
Posts: 21
Registered: ‎06-05-2013

Re: sureonlinefind.com HIJACKING

the new OTL file is not showing on the desktop. but there is now one open in a notepad window. do i simply save to desktop and attach that one?

Bot Obliterator
Quads
Posts: 16,540
Registered: ‎07-21-2008

Re: sureonlinefind.com HIJACKING

It should just overwite the old log, same name.

 

Quads