• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
madopal

Interesting detail about res:// / HSAssistent

1 post in this topic

Hey all,

I'm cross-posting this from Malware Removal. I've got a bit of interesting info about the nasty <5 random>.DLL / Home Search Assistent hijack.

 

My friend got nailed pretty bad, so I went over there to troubleshoot. I took the intstructions from the pinned message about it, and I begun my cleaning. I also installed a copy of FireFox to help them stay away from MSIE.

 

Anyway, I cleared stuff once in safe mode, popped back to normal, ran MSIE, checked and saw that it had partially returned. I cleared stuff out and it *appeared* to be gone.

 

So then I did a google search in Firefox to help debug a little problem they were having with their install of MS Picture It (totally unrelated to the hijack). While searching, I found a post on the Wine HQ site that looked like it might help.

 

When I clicked on the link and opened it in a new tab, the browser just hung there. On the bottom in the status bar, it said it was waiting for a doubleclick URL. This was odd to me as the URL I was hitting was winehq.org, and I doubted that a .org would have a doubleclick banner ad. Sure enough, when I checked HijackThis, the nasty had returned.

 

The *troubling* thing to me was that it returned and affected OTHER browsers. I therefore believe that a) the redirect occurs as the MS system level somewhere, and b) that one of the intents of this baddie is to increase someone's ad hit totals.

 

Now, the page never came up, and after I cleaned the machine off and found a few more things, I went back to that page to confirm, and there were NO doubleclick ads to be found. Since the doubleclick page didn't respond, I could only assume that it was either being overloaded with traffic or being blocked by doubleclick. If this is true, can anyone contact doubleclick and find out who's paying for the ad that's getting pounded by this?

 

Also, I cleaned my friend's machine off, and I didn't feel like experimenting with him, so I can't confirm any of this. If anyone else is investigating, I recommend they try hitting google on an infected machine with a browser OTHER than MSIE. Also, a packet sniffer would be able to tell where exactly at doubleclick this thing could be hitting.

 

One other question: does anyone know yet how/where this hijack is spreading from? I've seen lots of info on how to clean it, but I haven't seen many posts discussing where it comes from and how it gets on a system.

 

Good work, all...I couldn't have cleaned my friend's machine without your hard work.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0