Computer Help (Hijacker)

[chaosyoshimage]

It appears I've got a computer virus of sorts, but none of my anti-virus programs are detecting it. It's apparently a hijacker called Abnow and it takes me to a site of the same name anytime I try to Google something (Or Bing even). I've been up all night trying to get rid of this thing to no avail. I have another computer to search out stuff with, but I haven't been able to get any of it to work. Hopefully someone on here can help me...

 

[Thee Prisoner]

Abnow is a nasty piece of malware! Do you have malwarebytes installed on your computer? You might be able to install it in safe mode. If not, you can burn it on a disk from the other computer and then install on the infected computer. Do this is soon as possible. Abnow can really screw up your machine!.

ALso, here is a link that will help out. http://www.computerspywarescanner.com/how-to-remove-abnow-com-easy-ways-for-removing-abnow-com/

 

[chaosyoshimage]

I tried those two programs and they haven't found anything so far. Avast apparently did pick up some infections in its scan, but Google still brought me to Abnow site. Maybe I have to restart my computer again? I've tried searching for the files in those lists, but I can never find any of them. Wait, I haven't tried the Registry Editor thing, hopefully I can figure this out...

 

[chaosyoshimage]

Okay, I think my computer is good again, when I rebooted it had to go back to before the virus hit, so now everything seems to be working fine. I hope it's gone for good...

 

[chaosyoshimage]

It's still not going away! Malwarebytes says it finds two infections called Rootkit.Zeroaccess, I'm wondering if these could be it. Malwarebytes tells me to restart, so I hit the restart button and well, after awhile Abnow starts screwing up my search results again. This is so frustrating...

 

[aPod]

I've had something like this. I had to go into my regedit and remove the infected file or alter the values of the program manually. You just need to use google to see what files it adds or modifies in the registry. Just did a quick search and these are the files and steps that need to go:

1. Stop the following processes from your system: (go into your taskmanager to do this)(ctrl+alt+delete)
[random name].exe of Abnow.com
2. Delete the following Abnow.com registry entries from your systemrun and then regedit)

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ?.exe?
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings ?CertificateRevocation? = ?0′
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings ?WarnonBadCertRecving? = ?0′
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ??
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations ?LowRiskFileTypes? = ?/
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ?DisableTaskMgr? = ?1′

3. Remove the below given files related to Abnow.com:

%AllUsersProfile%Application Data~
%AllUsersProfile%Application Data.dll
%AllUsersProfile%Application Data.exe
%UserProfile%Start MenuProgramsAbnow.comAbnow.com.lnk
%AllUsersProfile%Application Data
%UserProfile%Start MenuProgramsAbnow.com
%UserProfile%Start MenuProgramsAbnow.comUninstall Abnow.com.lnk

Look careful when doing anything in your registry if you aren't familiar with it, when in doubt check it out. Use google on your phone or something if you're unsure about removing a file and see what it does.

 

[JesterRaiin]

It's still not going away! Malwarebytes says it finds two infections called Rootkit.Zeroaccess, I'm wondering if these could be it. Malwarebytes tells me to restart, so I hit the restart button and well, after awhile Abnow starts screwing up my search results again. This is so frustrating...

Damn...

1. Download this :
http://www.bleepingcomputer.com/download/anti-virus/combofix
- save it to c:\ (main directory of your system partition)

2.Enter safemode by pressing F8 key a few times before Windows 7 starts.
- You should see this picture :
http://www.online-tech-tips.com/wp-content/uploads/2008/06/windows-safe-mode.png
- Enter Safemode

3. Run combofix.
- don't install repair console
- agree to everything else
- pray

WARNING : Combofix is intrusive tool. It may break a few things, but there's VERY low possibility for this scenario. Still, it's possible.

 

[chaosyoshimage]

I'm running that right now, but I didn't go into safe mode. Should I re-start my computer and try it in safe mode now or wait for it to finish? It's been at this for over 20 minutes now and on Stage 41.

 

[JesterRaiin]

First of all : use reply/quote function.

I'm running that right now, but I didn't go into safe mode. Should I re-start my computer and try it in safe mode now or wait for it to finish? It's been at this for over 20 minutes now and on Stage 41.

If it's still frozen, you have no choice but to restart your computer.
There's probability that your AV software conflicted with ComboFix. God Almighty knows what will happen next.

Why didn't you follow my advice about running it in safemode ?

 

[chaosyoshimage]

First of all : use reply/quote function.

I'm running that right now, but I didn't go into safe mode. Should I re-start my computer and try it in safe mode now or wait for it to finish? It's been at this for over 20 minutes now and on Stage 41.

If it's still frozen, you have no choice but to restart your computer.
There's probability that your AV software conflicted with ComboFix. God Almighty knows what will happen next.

Why didn't you follow my advice about running it in safemode ?

Sorry, I didn't use the reply function. I was on my Kindle Fire and I couldn't get it to work right for some reason.

I didn't run it in safe mode at first, because I installed and ran ComboFix BEFORE I read your comment. I saw it somewhere I else, so I thought I'd try it and I wasn't told to use Safe Mode. It stopped at about 48, so I restarted in Safe Mode and ran it. It seems to have worked, but that's what I thought last time. Hopefully, it's gone for good, not sure how to know for sure.

Stuff is coming up on Google right, but it didn't that at first all the other times I rebooted. A quick scan from Malwarebytes says no malicious items were detected. I think this nightmare is finally over. I'll have to be more cautious next time I look up weird porn...