safesear.ch web browser rerouting virus and tune up

Started by Doxiemrs, January 07, 2017, 06:54:43 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Doxiemrs

Yes, that was a very nice surprise. I am still having problems with my computer, unfortunately.
On Google chrome, in settings and then search, the settings cannot be changed. It says "Set which search engine is used when searching from the omnibox." Then if I select manage search, it says my default is safesear.ch and will not give me the option to change it. Also, I did a search in "computer" for chromium, which wasn't showing up in my control panel. Low and behold, it was in several files. I placed it in the trash but didn't delete it yet. But I am really frustrated about this still being in there. Other than that, everything else is great...to include going through internet explorer. no problems there. Thank you for what you have already helped me with.

Corrine

Let's try resetting Chrome:  Open Chrome and in the top right, click the Chrome menu.  Click Settings.  At the bottom, click Show advanced settings.  Under the section "Reset settings," click Reset settings.  In the box that appears, click Reset.

Next, please download Malwarebytes version 3 from here and install it on your computer.

  • Right-click on the Malwarebytes icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.  (A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish and it will not diminish the scanning and removal capabilities of the program.)
  • Once the Malwarebytes dashboard opens, on the right detail pane under "Scan Status", click the word "Current" to update the tool´s database.
  • On the left menu pane click the Scan tab.  Select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to check all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the content of the log in your reply.

Note: If asked to restart the computer, please do so immediately.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Doxiemrs

-Log Details-
Scan Date: 5/23/17
Scan Time: 6:17 PM
Log File: Malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1976
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DOXIE\debra humphrey

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357099
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 6 min, 25 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES (X86)\PC_SUPPORT\PCINST.EXE, Quarantined, [1019], [399708],1.0.1976
PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS_MIGRATED\ByteFence, Quarantined, [616], [391769],1.0.1976
PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS_MIGRATED\ByteFence Scan, Quarantined, [616], [391769],1.0.1976

Physical Sector: 0
(No malicious items detected)


(end)

Corrine

Did you reset Chrome and did the redirect stop?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Doxiemrs


Corrine

Can you provide a screen copy of the Search engines in Chrome, please.  Open settings > Settings and under "Search", click "Manage search engines...".  Attach a copy of the image with your next reply.

No shortcuts for safesear.ch showed up in your logs.  However, if you have a shortcut for Chrome, it wouldn't hurt to double-check.  Right-click the icon and select properties.  Click the Shortcut tab.  The target field should only show "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe".  If it includes "http://safesear.ch", select that text and delete it.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Doxiemrs

I have 2 attachments one of the manage search and one of the default browser. I had the appropriate web address in the shortcut.

Corrine

Hi, Doxiemrs.

The second image, "manage search.png" shows that SafeSearch is selected as the default search engine.  Please return to Chrome settings and select "Manage search engines".  In the top part of the Search engines box, click a different search provider (e.g., Google or Bing) and select "Make default".  Then click Done to close.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Doxiemrs

Yes, I have tried that before but it will not let me change the default. You can't see it on the image, but it has a little window that reads, "You setting is enforced by your administrator". I am signed in as the administrator and I went to internet settings in the control panel to change the home page, because it says safesear.ch. I deleted it and put google, but it did not do a thing. :-\

Doxiemrs

http://www.tomsguide.com/answers/id-2617458/remove-safesearch-search-engine-chrome.html

I wanted to share this i found, and it took off the safesear.ch from chrome. By deleting registry.pol from this folder it allowed access to settings and did not limit access from the default-administrator. Once it rebooted, make sure you go back into settings and delete the search choice safesear.ch option. Thank you for your help.

QuoteI was hit with this ridiculous browser hijacker today.....well my wife was but I got to do the fun removal part. After an hour and a half of reading and trying different things that also carried with them the threat of irreparably damaging my system; I finally stumbled onto a Google thread on this subject and the simplest solution ended up working for me.

and what worked for me was this:
"Very Simple solution:
Press and hold Windows key and R (Win+R)
Copy and paste: %systemroot%\System32\GroupPolicy/Machine
Delete : Registry.pol

Restart the computer.
All done"

It would appear that the author of this scourge has made modifications over time as they have discovered that those infected are finding solutions. So who knows how long this method will work. What's clear is that all the "best" malware and adware solutions (including the Chrome cleanup tool) are not able to eradicate this things from peoples systems. Hope someone finds this helpful!

Corrine

Thank you for sharing the solution.  Now that it has been solved, let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore

  • Click Run
The program will run for a few moments and then notepad will open with a log.   Please paste the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.