Jump to content
Sign in to follow this  
newbie101

Web browser hijack problems 'imesh'

Recommended Posts

Hi guys,

 

As of yesterday, I am having issues with IE8. My girlfriend listens to a lot of music online and has downloaded something called 'imesh' by accident which has a very similar name to a music site she listens to online. Horrible piece of software which now prevents ie8 going to many websites from addresses typed in the address bar. The web browser comes up with the white screen you get when you have no connection and the option to 'diagnose connection problems' etc. It also installed something called 'media bar' which I noticed in add-ons and Windows7 says is disabled but no remove option is allowed.

 

I have deleted/removed what I can via uninstall programmes in windows and also scanned normally and in safemode with KIS 2011 but it detects nothing. I have also tried Combofix but it has also not rectified the problems with the browser.

 

 

Link is:

 

http://www.getsysteminfo.com/read.php?file...b5abb463fa7602a

 

Many thanks

 

sysinfo.zip

Share this post


Link to post
Share on other sites
richbuff   
I have also tried Combofix but it has also not rectified the problems...
Please do not run Combofix unless/until you are individually instructed by a malware removal person.

 

Since you already did, did it complete the scan? If yes, please attach the combofix log.

 

Also, scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php Update it first, scan and attach its log, but Please Don't remove anything yet, until the log is reviewed.

 

 

 

 

Share this post


Link to post
Share on other sites
Please do not run Combofix unless/until you are individually instructed by a malware removal person.

 

Since you already did, did it complete the scan? If yes, please attach the combofix log.

 

Also, scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php Update it first, scan and attach its log, but Please Don't remove anything yet, until the log is reviewed.

 

 

Please find enclosed both logs as requested. The Combofix scan did complete!

 

 

Many thanks

ComboFix.txt

mbam_log_2011_04_30__20_40_48_.txt

Share this post


Link to post
Share on other sites
richbuff   

Combofix and Malwarebytes did not detect anything.

 

Uninstall Combofix by: pause Kaspersky > Start > run > type combofix /uninstall > ok. Restart Kaspersky.

 

Please post a screenshot of the issue that you are seeing.

 

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or

png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.

Edited by richbuff

Share this post


Link to post
Share on other sites

1st screenshot is what appears after typing in the website required in address bar and pressing enter. It doesn't go to the website but lists in Google as suggestions.

 

I then click on the top search suggestion as it is the same as required and Screenshot2 shows the result.

 

SS3 and SS4show the media bar that I cannot remove and didn't have previously.

 

Due to upload size restrictions I have posted multiple related posts with the screenshots.

 

Many thanks

post-127558-1304226536_thumb.jpg

Share this post


Link to post
Share on other sites

 

RB,

 

I have tried this and it doesn't work. In Windows 7 you cannot uninstall IE8 and reinstall it. A reset for Win7 has also changed, it is now not possible to delete add-ons from a reset as it used to be in XP and Vista, but merely disable which doesn't help I have tried this today. I am still having the same interference in searches from what I believe is this mediabar.

 

Having searched the internet extensively today it appears that many people have had this malware problem for a number of years. I am surprised it is not being detected by KIS or the other heavyweights such a Combofix or Malwarebytes by now.

 

Would you please advise on a next course of action to try and remove it as I am not prepared to do a system restore for a stupid add-on! :dash1:

 

Many thanks.

Edited by newbie101

Share this post


Link to post
Share on other sites
richbuff   

Please create and attach a new avz.zip, but open your browsers before you create it, so all of your browsers are open and running when the new sysinfo.zip is created.

Share this post


Link to post
Share on other sites
richbuff   

You're welcome. Please clear the contents of the Temp folder located at C:\Users\UserA\AppData\Local\temp

Show hidden folders in Windows folder options to view.

 

Also, please create a new avz .zip, created when all of your browsers are open and running. Attach the new avz .zip.

Share this post


Link to post
Share on other sites
You're welcome. Please clear the contents of the Temp folder located at C:\Users\UserA\AppData\Local\temp

Show hidden folders in Windows folder options to view.

 

Also, please create a new avz .zip, created when all of your browsers are open and running. Attach the new avz .zip.

 

Rich,

 

A couple of things:

 

Could you please tell me how I go about clearing the temp files you mention?

 

Also open all browsers- please specify what you mean. IE8 when I go through search problems as in the above screenshots or just when IE is open alone?

 

What also is the avz.zip? Is this the file created via the 'get system info' software?

 

Thanks again

Edited by newbie101

Share this post


Link to post
Share on other sites
1) Please see: http://support.kaspersky.com/kis2011/error...p;qid=208279128

 

2) Run AVZ to create a new avz sysinfo.zip, but please have IE running when you run AVZ to create it. Double click the IE desktop shortcut > minimize the IE window > run AVZ to create a new avz sysinfo.zip > attach the new avz .zip/

 

 

Rich,

 

Emptied temp files although a few wouldn't delete. Then checked database for AVZ and ended up downloading the software AVZ4 and running that following the KAS database instructions which I thought was what you meant, waiting for a log! First time it froze but I could see the whitened out log with a few red files mixed in with the black. Secondtime it completed before I had another look at the help database and found the create AVZ log via KIS2011 support help files and the inbuilt video type stuff on how to do it!. So the log I have uploaded is that one which is probably what you requested to start with! Oh and IE was open during this.

 

Apologies if it was wrong, but I'm not used to having to do this often!

AVZ_file.zip

Edited by newbie101

Share this post


Link to post
Share on other sites
richbuff   

Nothing untoward appears in your log. Microsoft Internet Explorer extension modules (BHOs, Toolbars ...) Elements detected - 5, recognized as trusted - 5

 

Combofix and Malwarebytes did not detect anything.

 

Kaspersky Settings > Advanced settings (cardboard box icon) > Threats and exclusions > Settings > enable all threat categories > ok>ok and scan again.

 

After that, delete the imesh folder from C:\Program Files.

Share this post


Link to post
Share on other sites
Nothing untoward appears in your log. Microsoft Internet Explorer extension modules (BHOs, Toolbars ...) Elements detected - 5, recognized as trusted - 5

 

Combofix and Malwarebytes did not detect anything.

 

Kaspersky Settings > Advanced settings (cardboard box icon) > Threats and exclusions > Settings > enable all threat categories > ok>ok and scan again.

 

After that, delete the imesh folder from C:\Program Files.

 

 

Rich,

 

I have done what you said. I have also checked the add-ons in IE and the 'mediabar' has gone!!! I can only conclude that the accidental use of AVZ4 has got shot of it even though it froze! IE appears at the moment to be searching correctly too on a few quick searches! If not I'll let you know.

 

.jpg shows the IE add-on screen shot of all add-ons!

 

Would you please recommend/advise either with Win7 or KIS2011 settings what I should do to make it more difficult to have such software download itself with 1 accidental click of the mouse? Is it also possible to block certain websites e.g. imesh.com :) with KIS?

 

Your suggestions and help would be appreciated and thank you very much for your help throughout.

post-127558-1304335379_thumb.jpg

Share this post


Link to post
Share on other sites
richbuff   

You're welcome. Kaspersky Settings > Advanced settings (cardboard box icon) > Threats and exclusions > Settings > enable all threat categories > ok>ok. This could help prevent.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×