Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Portalsepeti & iStartSurf two stubborn browser hijackers

  1. #1
    Guest
    Join Date
    May 2015
    Posts
    6

    Default Portalsepeti & iStartSurf two stubborn browser hijackers

    Hi Folks!

    http: // search.portalsepeti.com http: // iStartSurf.com

    Portalsepeti and iStartSurf are two stubborn browser hijackers. Very annoying! They stick to the Win system and cannot be found easily most of the time. Probably, they change their file names to be hidden.

    Any workarounds for those?

    Many thanks!

    Admin Edit -Link to this forum's FAQ: https://forums.spybot.info/showthrea...tance)-Updated
    Last edited by Juliet; 2015-07-01 at 14:07.

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please back up your registry!

    Backup the Registry:
    Credit: Dakeyras

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    • Please download the installer for Registry Backup from here or here and save to your desktop.
    • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
    • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
    • Once the GUI(graphical user interface) has appeared/loaded:-



    • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-



    • Close Tweaking.com - Registry Backup

    Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

    A tutorial for Registry Backup explaining the various features be viewed HERE


    ``````````````````````````````````````````````````````
    Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs

    Farbar Log

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note:
    You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    (A simple way to check your system: Start --> Computer (right click) --> Properties
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Please make sure All Users is checked


    • Do not check
      *List BCD
      *Drivers MD5
      *Shortcut txt

    Or your logs will be too long to post.


    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"
    • Please copy and paste log into your topic.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach that along with the FRST.txt into your reply.



    aswMBR Log

    Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.

    Please download aswMBR to your desktop.


    • Double click the aswMBR icon to run it.
    • If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) log.



    If the infection prevents you from obtaining logs please start a topic and make note of the situation, provide details of the computer's current symptoms and wait for a response.
    Do not post other logs or use "code wrap" unless requested in that format.


    ---------------------------------------------------------------------------------------------------------------
    ---------------------------------------------------------------------------------------------------------------

    When Spybot - Search & Destroy version 1.6.2 is installed

    TeaTimer needs to be disabled so that its protection does not interfere with fixes.

    How Spybot - Search & Destroy protects against the installation of Spyware/Malware.

    TeaTimer can be re-enabled once the computer is clean.

    1. Open Spybot - Search & Destroy in Advanced Mode.
    2. If it is not already set to do this go to the "Mode" menu and select "Advanced Mode".
    3. On the left hand side, click on "Tools".
    4. Then click on the Resident Icon in the List.
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.

    A Spybot - Search & Destroy Log is Optional

    If Spybot - Search & Destroy has detected items it cannot remove, and you want to show this please produce the top of the log showing the items flagged and the version of Spybot - Search & Destroy.
    Please do not attempt to post the entire log as it won't fit into the one post and is not needed unless requested.

    • Open SpyBot.
    • Check for problems.
    • When the scan completes, right click on the results list, select "Copy results to clipboard".
    • Paste (Ctrl+V) those results into your new topic, along with your Farbar (FRST) and aswMBR logs.

    `````````````````````````````````````````
    Questions regarding Spybot - Search & Destroy support can be asked here: Spybot - Search & Destroy Forums

    Note:
    During the running of a Spybot scan ("Check for problems") the status bar in the lower left hand corner of the screen displays the products Spybot - Search & Destroy is currently searching for.

    It does not mean that these items are on your PC and is no reason to post a log based solely on the status bar.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Corporate, Government, Small Business or Institutional machines? Please see: Personal computers

    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Guest
    Join Date
    May 2015
    Posts
    6

    Default

    Dear Juliet,

    I thank you very much for your detailed information provided.

    I'll keep it.

    However, I made a full scan (with latest updates installed), Chrome asked me to reset, and I did, and they are gone for now.

    Best,

    Erkan

  4. #4
    Guest
    Join Date
    May 2015
    Posts
    6

    Default

    I am using a Win 8.1 64-bit operating system.

    FYI, Farbar Recovery Scan Tool X64 gives a program error, while x32 contains a virus according to 360 total Security.

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Quote Originally Posted by CharleZ BronZone View Post
    I am using a Win 8.1 64-bit operating system.

    FYI, Farbar Recovery Scan Tool X64 gives a program error, while x32 contains a virus according to 360 total Security.
    360 total Security is giving a false positive report. Many antivirus do this and what we suggest is to temporarily disable it to run the tools.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Guest
    Join Date
    May 2015
    Posts
    6

    Default

    I am so sorry, but Malwarebytes Anti-Malware found the two easily!

    SPYBOT should make refinements!

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Good deal

    I can help you further if you will post the logs requested
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Guest
    Join Date
    May 2015
    Posts
    6

    Default

    Dear Juliet,

    They are gone from the Registry within minutes! There was 65 entries only! All connected to the Portalsepeti.com. They have EULA records so they are legal.

    Tested several times, no residue! Malwarebytes has an amazing engine.

    Also, Spybot resets the Chrome Settings when Scan & Fix are done.

    Best,

    Erkan

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    DelFix

    -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Glad we could help.

    Since this issue appears resolved ... this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •