PDA

View Full Version : Veerboo.com search hijacking (landing.savetubevideo.com)



Kalarm
2010-11-19, 02:13
Hello, I have sadly installed a program named "SaveTubedVideo" which I DLed in haste for my sister.

Sadly, the program install an annoying search hijacker (who seem to also hide my hidden files).

I have done some research, and felt on http://forums.spybot.info/showthread.php?t=60043

I followed most indications that were said to have fixed the problem, but it STILL happen. There is also instructions that seem to be for windows XP *IE, combofix doesn't work on vista 64*.

How do I get rid of this? I did the OTL script given in the post and here is my results.


All processes killed
========== OTL ==========
Prefs.js: "www.google-feed.net" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.order.2
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://www.veerboo.com/results.php?q=" removed from keyword.URL
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Maxime
->Temp folder emptied: 19448174 bytes
->Temporary Internet Files folder emptied: 29173452 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 45635069 bytes
->Google Chrome cache emptied: 189658951 bytes
->Flash cache emptied: 62012 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67400 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 28474707 bytes

Total Files Cleaned = 298,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11182010_184636

Files\Folders moved on Reboot...
C:\Users\Maxime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KEKPZTJ2\ADSAdClient31[1].txt moved successfully.
File move failed. C:\Windows\SC6BDB14B.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...



Also, I just tried to do a search in firefox, and it seem to not be redirecting now. It still does it in google chrome tho *which is my main browser*.

tashi
2010-11-19, 02:18
Hello Kalarm,

In case you missed it please see the forum FAQ which includes guidelines for this forum and also instructions on posting a preliminary DDS log.
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic, copy paste the DDS.txt log into it and a volunteer analyst will advise you when available. :)

Reminder,
"Note that all instructions given are customized for that member's personal computer only, the tools used may cause damage if run on a machine with different specs/infections. Please do not take fixes given to another user and apply to your own machine."

Best regards.

tashi
2010-11-19, 02:30
Log split off to new topic: http://forums.spybot.info/showthread.php?t=60473 ;)