Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 08-15-2013, 03:04 PM   #1
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Default tab search here bug

I wish I had never seen this computer. My desk clerk's daughter who is 14 and downloads anything and everything has this system so ate up with some real baddies that I'm about to call her mom and tell her to bring me her win7 disc. Starting over is an option but if I can get rid of the baddies, that would work too.
After confirming system restore points were deleted, I disabled SRP's.
I started off in my bag of tricks with combofix. It's so ate up it would not let it run. Hmm
Next up was spybot2. No joy there either.
Next up malwarebytes. Took an hour to run and finish. 157 baddies found. Got rid of those.
Back to spybot2. Took 90 minutes to run. 156 baddies found. Got rid of those.
Back to combofix. Loaded up but whining about Norton running. Disabled Norton till next reboot. Finally got her going. Oh my stars and garters the stuff that it found. Took an hour. Cleared that out.
CCleaner up next. Jeeze...
Findjunkfiles up next. Not too bad. Finished pretty quick.
Just for S&G's stinger was brought in. Here's where it got ridiculous. Run time 15 hours, 8 minutes. Found nothing. Hmm the plot thickens.

Now all that was from normal mode. Keep in mind the best results come from running scans in safe mode. So that's where I went.
Same drill and got even more results. Cleared those out also.
So now I reboot and run them again. Just to be sure. Now here's the little trouble maker rearing it's unwanted head up again. It's called Default Tab Search Here. I have followed MS's instructions and several others in what to do to get rid of it. NO SOAP! There are so many games and *** useless programs on here that it's got to be hiding out in one of them. It has all the earmarks of a fairly smart virus. Hides, returns, and is annoying as it can get.
Problem is I don't know which game it came down in or I'd blow it to hades and back toot sweet. Last thing left to run is a root kit scan. Hopefully that will spot where it's hiding out so's I can kill it.
Other wise everything on this system will be considered contaminated and subject to being formatted in to oblivion.
Sad... I just put win7 on that 3 short months ago. "sigh"
__________________

setishock is offline   Reply With Quote
Old 08-15-2013, 04:26 PM   #2
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Default tab search here bug

Rootkit Revealer won't run. Guess that's it for this system.
__________________

setishock is offline   Reply With Quote
Old 08-15-2013, 06:54 PM   #3
Daemon Poster
 
dale's Avatar
 
Join Date: Mar 2012
Location: Taiwan
Posts: 1,008
Default Re: Default tab search here bug

You need to go for the source of the problem: get rid of the daughter
__________________
distrACT -- an open community
● It helps to ask questions effectively
● Please join Server admins social group if you are into servers
dale is offline   Reply With Quote
Old 08-15-2013, 07:03 PM   #4
Fully Optimized
 
OhSnapWord's Avatar
 
Join Date: Jan 2012
Location: USA
Posts: 1,853
Default Re: Default tab search here bug

Nuke it and start fresh.
__________________
FX-8350 @ 4.7 cooled by H80, 32GB Mushkin Enhanced Blackline 2133, Asus Sabertooth 990FX, 2x Radeon HD 7850 2GB in X-fire, 500GB Samsung 850 Evo, 4TB Seagate, 3TB WD Black, 2x 1TB WD RED in RAID 0
OhSnapWord is offline   Reply With Quote
Old 08-15-2013, 08:13 PM   #5
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Default tab search here bug

Quote:
Originally Posted by OhSnapWord View Post
Nuke it and start fresh.
That's the plan now. I'll make another sandbox and put her artwork and document files in it. Then I'll cut NOD loose on it. I bet if that system had ESET's Security Suite 6 on it this would have never happened. Mine scans the downloaded file and lets me know if it's clean. It appears the version of Norton on her system doesn't do that.
But I think most of the problems on her system comes from her not stopping to read the install boxes. The ones that say it's going to install Google Chrome and the toolbar for example. There's far worse that come bundled in that you don't know about until it's way too late. Then you wind up with a box that is phoning home with every minor detail of what you do online including your banking.
I forgot to mention I did find a keylogger. I took it apart and got the email addy where the data goes to. They're going to be real unhappy next email they open. Instant brick. Just add a nasty little bios corruptor. Don't ask...
Needless to say mom is real unhappy.
setishock is offline   Reply With Quote
Old 08-15-2013, 08:29 PM   #6
Fully Optimized
 
OhSnapWord's Avatar
 
Join Date: Jan 2012
Location: USA
Posts: 1,853
Default Re: Default tab search here bug

Is this at work? Why not lock the machine down so she can't download crap? At the very least, give her a non-admin account on the local machine.
__________________
FX-8350 @ 4.7 cooled by H80, 32GB Mushkin Enhanced Blackline 2133, Asus Sabertooth 990FX, 2x Radeon HD 7850 2GB in X-fire, 500GB Samsung 850 Evo, 4TB Seagate, 3TB WD Black, 2x 1TB WD RED in RAID 0
OhSnapWord is offline   Reply With Quote
Old 08-15-2013, 10:21 PM   #7
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Default tab search here bug

It's the home system. Mom bought a laptop for herself and lets the kid use the desk system to play around on. Mom just called and said she can't find the win7 disc.
So I'm going to nuke Norton and install Security Suite 6. If that doesn't get it then they're out of options. I either wipe it or they take it to a shop and pay some one to tell them the same thing.
As for making a secondary account mom and I talked about it. Have to get the thing cleaned up first.
setishock is offline   Reply With Quote
Old 08-15-2013, 10:28 PM   #8
Daemon Poster
 
dale's Avatar
 
Join Date: Mar 2012
Location: Taiwan
Posts: 1,008
Default Re: Default tab search here bug

If you are bound to help them from time to time, might as well take a snapshot of it. Bad habits are more persistent than keyloggers and malwares and trojans, etc...
__________________
distrACT -- an open community
● It helps to ask questions effectively
● Please join Server admins social group if you are into servers
dale is offline   Reply With Quote
Old 08-16-2013, 12:53 AM   #9
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Default tab search here bug

Norton found nothing. Nuked.
ESET is still doing full function trials so put that in it's place. Security Suite 6. Same as I run on my rigs. All of them.

Updated database and opened a full system scan. I was not surprised. 27 items found. I had set the cleaning to strict. Which means when it finds something it terminates then deletes.
I think we're good now. Maybe. Now to set up the parental controls.
__________________

setishock is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 07:46 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0