X
Tap here to go to the mobile version of the site.

Support Forum

How to remove malware

Posted

My son downloaded MSPaint but it appears the download was infected with malware. It downloaded several programs that weren't approved including the Bucksbee Loyalty plugin. I thought that when I removed it I would be able to use Google once again as my default search engine. But somehow Bucksbee is still the default. Google is also listed as my default search engine in about:config. SO somehow the malware has hijacked that setting as well.

When I do some searches by clicking on Google search results it takes me to sites like Match.com rather than this site for example.

I've found the MSPaint software in my Windows/System 32 folder. When I try to delete it I get an error saying Trusted Installer won't permit it.

I ran my Spybot software hoping it would catch & remove the program. But it didn't.

Anyone have any idea about how to neutralize & remove this nasty bit of malware?

My son downloaded MSPaint but it appears the download was infected with malware. It downloaded several programs that weren't approved including the Bucksbee Loyalty plugin. I thought that when I removed it I would be able to use Google once again as my default search engine. But somehow Bucksbee is still the default. Google is also listed as my default search engine in about:config. SO somehow the malware has hijacked that setting as well. When I do some searches by clicking on Google search results it takes me to sites like Match.com rather than this site for example. I've found the MSPaint software in my Windows/System 32 folder. When I try to delete it I get an error saying Trusted Installer won't permit it. I ran my Spybot software hoping it would catch & remove the program. But it didn't. Anyone have any idea about how to neutralize & remove this nasty bit of malware?

Chosen solution

I will comeback and post further info but first of all

Resolution will break down into a number of stages and may necessitate require obtaining advice from specialist malware sites/forums (I can make a suggested listing of sites/tools)

  1. identify and quarantine or remove original malware files
  2. change or reset settings & alterations caused by the malware
  3. preventing this from re-occurring
Read this answer in context 1

Additional System Details

Sites Affected

http://

Installed Plug-ins

  • Shockwave Flash 11.4 r402
  • Google Talk Plugin Video Accelerator version:0.1.44.16
  • Version 3.6.1.9117
  • Adobe Shockwave for Director Netscape plug-in, version 11.6.6.636
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.4
  • Google Update
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 10.5.1 for Mozilla browsers
  • Adobe Shockwave for Director Netscape plug-in, version 11.6.5.635
  • 5.1.10411.0
  • iTunes Detector Plug-in
  • Unity Player 3.5.1f2
  • Picasa plugin
  • VLC media player Web Plugin 2.0.0
  • GEPlugin
  • RealJukebox Netscape Plugin
  • RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
  • RealPlayer(tm) HTML5VideoShim Plug-In
  • RealPlayer(tm) LiveConnect-Enabled Plug-In
  • 12.0.1.666
  • Google Updater pluginhttp://pack.google.com/
  • getplusplusadobe16291
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Logitech Harmony Remote Plugin
  • Office Authorization plug-in for NPAPI browsers
  • Delivery Network Acceleration by BitTorrentâ„¢
  • DRM Netscape Network Object
  • DRM Store Netscape Plugin
  • Npdsplay dll

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0

More Information

John99
  • Top 10 Contributor
  • Moderator
747 solutions 10204 answers

Chosen Solution

I will comeback and post further info but first of all

Resolution will break down into a number of stages and may necessitate require obtaining advice from specialist malware sites/forums (I can make a suggested listing of sites/tools)

  1. identify and quarantine or remove original malware files
  2. change or reset settings & alterations caused by the malware
  3. preventing this from re-occurring
I will comeback and post further info but first of all *have you seen ** [[Troubleshoot Firefox issues caused by malware]] ** [[Remove a toolbar that has taken over your Firefox search or home page]] * do you know whether ** This is affecting only Firefox, or also other browsers and other aspects of the computer ** do you think all original malware has now been successfully removed Resolution will break down into a number of stages and may necessitate require obtaining advice from specialist malware sites/forums (I can make a suggested listing of sites/tools) # identify and quarantine or remove original malware files #change or reset settings & alterations caused by the malware #preventing this from re-occurring

Question owner

Thanks. I downloaded Malwarebytes as suggested at the link you posted & it found a bunch of Trojans and other vulnerabilities. After I restarted the computer AVG also detected something which I removed. Now Firefox & my search engines are performing as usual.

Thanks so much.

Thanks. I downloaded Malwarebytes as suggested at the link you posted & it found a bunch of Trojans and other vulnerabilities. After I restarted the computer AVG also detected something which I removed. Now Firefox & my search engines are performing as usual. Thanks so much.
JoachimM 0 solutions 1 answers
http://technet.microsoft.com/en-us/library/cc512587.aspx
John99
  • Top 10 Contributor
  • Moderator
747 solutions 10204 answers

Thanks for posting back. Glad you solved the problem. Sometimes you may also later need to reset some things, as depending what you had settings may have been messed up by the malware.

Thanks for posting back. Glad you solved the problem. Sometimes you may also later need to reset some things, as depending what you had settings may have been messed up by the malware.

Question owner

One added issue I noted that wasn't fixed by Malwarebytes. As you noted above, I did need to fix a setting altered by the virus. It had changed my about:config settings so that keyword.url was set to serp.freecause.com the BucksBee search engine URL. Annoying.

Now BucksBee is blessedly gone!

One added issue I noted that wasn't fixed by Malwarebytes. As you noted above, I did need to fix a setting altered by the virus. It had changed my about:config settings so that keyword.url was set to serp.freecause.com the BucksBee search engine URL. Annoying. Now BucksBee is blessedly gone!

Modified by Richard Silverstein