Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
Got a search hijack thing on the computer.
Can someone have a search about and link me to some pages to sort this?
If I try here it redirects, can't get any information about it.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
Webplains.net belongs to a category of websites that are usually defined as browser hijackers but actually it's just a part of very well organized scheme to capitalize on the success of legitimate search engines. The website is not malicious but it has a very poor reputation on mywot.com and traffic is also very suspiciously high for a site that has only four backlinks, according to Alexa. Besides, domain webplains.net belongs to "Onwa Ltd." This company was previously involved in selling and monetizing stolen clicks, according to Trend Micro. The following domains belong to this company and can be used to hijack search results as well:
Thenewstoday.net
Thewebtimes.net
Newsranch.net
Frontwebpage.net
Thenightrain.com
Thewebplane.com
Thealltimes.com
101news.net
Businessite.net
Bywill.net
Goingonearth.com
Webplains.net
Whatsinnews.com
Whatsinstores.net
Such browser hijackers as webplains.net are very popular because search result clicks convert well. Whenever you try to open search results from Google to let's say Wikipedia it will redirect you to webplains.net on then to completely unrelated websites. It can display a blank page too. You web browser has nothing to do with this, so re-installing it won't help you. If your search results are being redirected then your PC is infected with malicious software. It could be the ZeroAccess/Max++ rootkit or a Trojan horse. To remove the malware from your computer, you'll have to use several malware removal tools. First of all, run TDSSKiller and ZeroAccess removal tool. Then scan your computer with anti-malware software, for example Malwarebtes Antimalware and SUPERAntispyware. And finally, run a full system scan with updated antivirus software. For more information, please follow the Webplains.net removal instructions below. If you have any questions, please leave a comment below or just email us. Good luck and be safe online!
Webplains.net removal instructions
1. Download TDSSKiller and run it. Click Start scan.
2. Click Continue to remove found infections.
3. Reboot your computer to completely remove found malware.
4. Download and run ZeroAccess rootkit removal tool.
5. Download free anti-malware software from the list below and run a full system scan.
MalwareBytes Anti-malware
SUPERAntispyware
Spybot S&D
Hitman Pro 3.5
NOTE: With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
6. If the problem persists, please read this web document and follow the steps carefully: http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html
|
Gary
Premium Member
Registered: 22nd Nov 06
Location: West Yorkshire
User status: Offline
|
Webplains.net removal instructions
1. Download TDSSKiller and run it. Click Start scan.
2. Click Continue to remove found infections.
3. Reboot your computer to completely remove found malware.
4. Download and run ZeroAccess rootkit removal tool.
5. Download free anti-malware software from the list below and run a full system scan.
•MalwareBytes Anti-malware
•SUPERAntispyware
•Spybot S&D
•Hitman Pro 3.5
NOTE: With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
6. If the problem persists, please read this web document and follow the steps carefully: http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html
|
Gary
Premium Member
Registered: 22nd Nov 06
Location: West Yorkshire
User status: Offline
|
Had images too, just copied and pasted
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
http://support.kaspersky.com/faq/?qid=208280684
http://anywhere.webrootcloudav.com/antizeroaccess.exe
Then the usual hitman, mbam etc.
|
Gary
Premium Member
Registered: 22nd Nov 06
Location: West Yorkshire
User status: Offline
|
Damn you John!
|
Sam
Moderator
Premium Member
Registered: 24th Dec 99
Location: West Midlands
User status: Offline
|
What dodgy site you been on then eh Ian? 
|
Gary
Premium Member
Registered: 22nd Nov 06
Location: West Yorkshire
User status: Offline
|
fap fap fap fap fap 
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
Been off the porn for a while, trying to get my dopamine levels back up
No idea where this has come from, usually run NoScript anyway so nothing gets through unless I accept it. Probably be one of these video player things which have content from loads of domains.
Going for reboot now.
|
Jake
Member
Registered: 24th Jan 05
User status: Offline
|
is it one of them that redirects you to another site if you click on a search link on google etc?
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
Yeah except NoScript stops it actually going somewhere else, just goes back to Google front page.
|
Jake
Member
Registered: 24th Jan 05
User status: Offline
|
its an utter twat. had loads of fun with it, i think in the end i used malware bytes which located the main file but wouldnt delete it so had to delete it manually by going through regedit
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
Yeah just run some scanners and it's still doing it.
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
Just do system restore to a date
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
That's useless if it's a rootkit.
|
Sam
Moderator
Premium Member
Registered: 24th Dec 99
Location: West Midlands
User status: Offline
|
Personally I would boot into safe mode, run CCleaner to delete the temp files/recycle bin files from your PC and then run the registry scanner a few times (once is not enough).
Once that is done, run a full scan with SuperAntiSpyware on a USB stick and then install Malwarebytes and run a full scan with that.
Lots of info/tips etc. on the bleepingcomputer.com website Ian, go check it out.
|
Andrew
Member
Registered: 5th May 04
Location: Skoda Octavia Estate, Ford Puma
User status: Offline
|
Malware Bytes, Super AntiSpyware and hijack this are my favorites for attacking these things.
|
