Jump to content

Change Mode

I know Im infected but none of my security programs find it...


Recommended Posts

I have been infected by a search engine highjacker, start.funmoods.com I have run Avira, Malware bytes and the microsoft online scanner. None have helped. Admittedly I know I downloaded something that it was attached to but Im not sure what. Everytime I search in google chrome it takes over and redirects me. I thought about just uninstalling google chrome, but when I did a search of start.funmoods.com the results said it could have already attached to other things so I am afraid to do anything. I found some removal tools online but since I dont know anything about those sites Im afraid to download anything there either...please help!
Link to post
Share on other sites

Thank you for responding.. Here is the log from the full scan I just ran:

 

 

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

 

Database version: v2012.08.25.01

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Suzi :: PC279151865318 [administrator]

 

8/25/2012 11:30:31 AM

mbam-log-2012-08-25 (11-30-31).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 251798

Time elapsed: 1 hour(s), 5 minute(s), 5 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

As soon as I finished the scan I went to google chrome and entered pc pitstop in the search bar and this popped up in my address bar:

 

hxxp://start.funmood...0FtN0D0Tzu0CtBt

Edited by Y kawika
broke the link
Link to post
Share on other sites

Thank you for fixing the link..didn't know how to go back and do that.. :)

 

No problem, just didn't want any unsuspecting souls to click there accidentally. ;)

 

Best bet would be to find out what is going on behind the scenes and have a DDS log analyzed.

Take a look here: http://forums.pcpits...orum-read-this/

 

Once you've got a DDS log saved, then start a new thread in this forum: http://forums.pcpits...-been-hijacked/

 

:) Y

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...