As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options
searchqu, am I fucked?
Casual
Wiggle Wiggle Wiggle Flap Flap Flap Registered User regular
Wiggle Wiggle Wiggle Flap Flap Flap Registered User regular
I booted up my PC just now, went into firefox and I noticed I have a new addition, a toolbar called searchqu its also now my default search engine and I can't seem to uninstall it from the program list.
Looking through my downloads I can see where I made my fuckup, I went to download some minecraft stuff last night and wasn't paying much attention to what I was doing. I think I clicked one of the adverts download links instead of the actual download link, a pretty major fuckup I know.
I have two questions.
1) How fucked am I?
2) How do I get rid of it?
Looking through my downloads I can see where I made my fuckup, I went to download some minecraft stuff last night and wasn't paying much attention to what I was doing. I think I clicked one of the adverts download links instead of the actual download link, a pretty major fuckup I know.
I have two questions.
1) How fucked am I?
2) How do I get rid of it?
Casual on
0
Posts
Have you tried booting into Safe Mode and uninstalling it?
What operating system are you running? What browsers are you using?
Back up anything you value, wipe out everything on the drive, and reinstall Windows. If you don't, you'll never really trust the thing again. You don't know what other stuff came in with that thing.
The quick scan ended in two minutes and found nothing which I do not think bodes well even slightly. Trying a full scan now.
No I haven't done that.
OS is windows 7 64 bit. I use firefox 99% of the time and chrome the rest.
Try Microsoft Security Essentials next. Then, SuperAntiSpyware.
Well... Last week I got one of those dumb fake antivirus programs installed on my laptop, and after several tries of trying to run MalwareBytes (Which according to the web it was the program that could get rid of "Win 7 Home Security 2011) so I nuked my windows installation from orbit.
I would say that if you use your PC for sensitive stuff (Online Banking, using email, playing on Steam) I would just nuke it and change all of your passwords, just to be sure.
And backing what Thanatos has already recommended, always try doing your scans on safe mode.
Not necessarily, but I would recommend disconnecting it entirely from the internet (or just leaving it turned off) until it _is_ sorted. There really is no telling what a given piece of malware is going to do and it could do something to cause you headaches even if you're not typing in passwords or credit card numbers. For all we know your computer could now be part of a bot-net distributing child pornography.
I am not an expert but I'd make sure the thing is disconnected from the network at least, and probably just keep it turned off till I could work on it.
0431-6094-6446-7088
If that fails, nuke from orbit.
After nuking (because honestly cleaning an already dirty machine is really annoying and difficult), you want to get a firewall, and the noscript firefox add-on. Also, since you clicked an advert, you may want to pick up adblock for firefox as well.
*sigh*
I guess this computer is due a wipe anyway, its just with lans coming up now is not a great time. Backing up steam is so tedious and time consuming.
For what it's worth a full scan in safe mode still found nothing, the toolbar still showed up in the browser in safe mode too.
Well thanks for the advice guys, I'm just going to keep it offline untill next week and then nuke it. This thread can close.
Just wanted to comment on this, since I see it a lot. Malwarebytes sometimes does need to do its thing from safe mode, but the developers themself have commented that it's not designed to work that way
If it is a rootkit, absolutely and without question. The nature of a rootkit makes it impossible for you to have any confidence that you've removed the infection without a reformat, and also explains why you're not able to see it while scanning. Rootkits are seriously bad news. Full stop. Reformat. Change all passwords.
If reformatting is positively not an option there are alternatives, but none will give you the assurance of a reformat and reinstall, and I wouldn't recommend them.
You can certainly salvage files if you're careful. The main issue here is that the rootkit now owns your computer. Think of your system as a building with a series of floors, each of which is separated by a one-way mirror. Stuff on the upper floors can see all the way down, but no one can see up. The rootkit now lives on the top floor, so your operating system and antivirus can't see it. In addition, it can issue orders to your operating system, antivirus scanners, and anything else it wants. To those programs, the orders are transparent and legitimate. So if the rootkit says "Ignore this trojan I'm installing right now", everything in the system says "What trojan?". That's a gross oversimplification, but the point is that once the rootkit is in place, you can't trust the system.
Copying your files to some variety of removable media, then reformatting and reinstalling the operating system will restore a trustworthy environment. Before you put your files back, you should update the operating system completely, and then install and update security software (antivirus and Malwarebytes). Since you'll be backing up from an infected machine, there's a high likelihood that the removable media will become infected in this process. USB media get infected just by plugging them into other infected machines, and I'm pretty sure burned DVDs can be tainted the same way. Actually, you ought to scan the backup files regardless, just to be sure none of the nasty stuff carried over.
To get around this, I recommend using a Linux LiveCD or some other bootCD to access your machine and backup your files. The infection ought to be toothless in a Linux environment. If this isn't to your liking, you can always backup to the removable media, disable autorun/autoplay on the newly installed OS, and then scan the media before restoring files. Actually, you ought to scan the backup files regardless, just to be sure you're not carrying over anything nasty. Most files you'd want to preserve are probably not infected themselves, though. It's the media and executables you want to be wary of. I rambled on too long about the specifics of such an operation over here recently, in terms of backups from infected machines and file types.
Just out of general curiosity, how do you do this? Is there an option to reset the MBR when reinstalling Windows or something?
When reinstalling Windows, just be sure to format the HDD you'll be installing the OS to. Delete all existing partitions, and create new ones, rather than selecting existing partitions.
If you want something a bit more extreme, there's always Darik's Boot and Nuke. Burn the image to a disk, boot from it, and let it do its thing. Then you can boot from your OS installation disk, repartition, and reinstall. DBAN is more of a method to wipe out data you don't want others recovering, so it might be a little overkill, but it'll destroy anything living on the HDD including malware.
I guess what I'm asking is, would it be possible to be sure the disk is clean but leave behind the recovery partition?
0431-6094-6446-7088
It's available straight from Microsoft.
Typically the computer that comes with an OS installed will have an OEM key of Windows 7 that won't activate any of the copies you can download on that website.