Default tab search here bug


Wizard of Wires
I wish I had never seen this computer. My desk clerk's daughter who is 14 and downloads anything and everything has this system so ate up with some real baddies that I'm about to call her mom and tell her to bring me her win7 disc. Starting over is an option but if I can get rid of the baddies, that would work too.
After confirming system restore points were deleted, I disabled SRP's.
I started off in my bag of tricks with combofix. It's so ate up it would not let it run. Hmm
Next up was spybot2. No joy there either.
Next up malwarebytes. Took an hour to run and finish. 157 baddies found. Got rid of those.
Back to spybot2. Took 90 minutes to run. 156 baddies found. Got rid of those.
Back to combofix. Loaded up but whining about Norton running. Disabled Norton till next reboot. Finally got her going. Oh my stars and garters the stuff that it found. Took an hour. Cleared that out.
CCleaner up next. Jeeze...
Findjunkfiles up next. Not too bad. Finished pretty quick.
Just for S&G's stinger was brought in. Here's where it got ridiculous. Run time 15 hours, 8 minutes. Found nothing. Hmm the plot thickens.

Now all that was from normal mode. Keep in mind the best results come from running scans in safe mode. So that's where I went.
Same drill and got even more results. Cleared those out also.
So now I reboot and run them again. Just to be sure. Now here's the little trouble maker rearing it's unwanted head up again. It's called Default Tab Search Here. I have followed MS's instructions and several others in what to do to get rid of it. NO SOAP! There are so many games and *** useless programs on here that it's got to be hiding out in one of them. It has all the earmarks of a fairly smart virus. Hides, returns, and is annoying as it can get.
Problem is I don't know which game it came down in or I'd blow it to hades and back toot sweet. Last thing left to run is a root kit scan. Hopefully that will spot where it's hiding out so's I can kill it.
Other wise everything on this system will be considered contaminated and subject to being formatted in to oblivion.
Sad... I just put win7 on that 3 short months ago. "sigh"


Wizard of Wires
Nuke it and start fresh.
That's the plan now. I'll make another sandbox and put her artwork and document files in it. Then I'll cut NOD loose on it. I bet if that system had ESET's Security Suite 6 on it this would have never happened. Mine scans the downloaded file and lets me know if it's clean. It appears the version of Norton on her system doesn't do that.
But I think most of the problems on her system comes from her not stopping to read the install boxes. The ones that say it's going to install Google Chrome and the toolbar for example. There's far worse that come bundled in that you don't know about until it's way too late. Then you wind up with a box that is phoning home with every minor detail of what you do online including your banking.
I forgot to mention I did find a keylogger. I took it apart and got the email addy where the data goes to. They're going to be real unhappy next email they open. Instant brick. Just add a nasty little bios corruptor. Don't ask...
Needless to say mom is real unhappy.


Fully Optimized
Is this at work? Why not lock the machine down so she can't download crap? At the very least, give her a non-admin account on the local machine.


Wizard of Wires
It's the home system. Mom bought a laptop for herself and lets the kid use the desk system to play around on. Mom just called and said she can't find the win7 disc.
So I'm going to nuke Norton and install Security Suite 6. If that doesn't get it then they're out of options. I either wipe it or they take it to a shop and pay some one to tell them the same thing.
As for making a secondary account mom and I talked about it. Have to get the thing cleaned up first.


Daemon Poster
If you are bound to help them from time to time, might as well take a snapshot of it. Bad habits are more persistent than keyloggers and malwares and trojans, etc...


Wizard of Wires
Norton found nothing. Nuked.
ESET is still doing full function trials so put that in it's place. Security Suite 6. Same as I run on my rigs. All of them.

Updated database and opened a full system scan. I was not surprised. 27 items found. I had set the cleaning to strict. Which means when it finds something it terminates then deletes.
I think we're good now. Maybe. Now to set up the parental controls.