johnwc741
Had this question 2
Question
johnwc741 asked on
| 1100 views

How to delete "blekko" browser Hi-jack

running Win XP Pro, using MSN Essentials, Ad-aware, and Malwarebytes-antimalware as virus dection... None of these picked this up....

From what I gather, this is a pretty "nasty" virus, and will porbably require a "manual" removal... I do have a pretty good set of computer skills, so any help would be greatly appreciated...

Any attempts to change browser to a different browser through normal means does not work...  I've even attempted to do a "system restore" to a point byond where I beleive I picked this up, picking dateas as far back as three months, and all these attempts fail.

Cameron O
Found this helpful 1
Answer
Cameron O replied on
MVP

Reply

Here is another option that may help shed some light.
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

https://ocdcomputing.wordpress.com/
Brian M-
Found this helpful 0
Brian M- replied on
Hi John,

Try following Step 1 and 2 in this virus/malware removal guide: http://www.selectrealsecurity.com/malware-removal-guide

It contains instructions that will remove most malicious software. If you have any questions, just ask me. I hope this helps you.

Brian
johnwc741
Found this helpful 0
johnwc741 replied on

Reply

Sure wish I could say that solved it, but it didn't... Went through both the suggested steps to no avail... Even looked at what appeared to be a closely related problem on "BleepingComputer.com the following URL:

http://www.bleepingcomputer.com/forums/topic453529.html

And went through most the troubleshooting examples sited there, to no avail...

I'm quite certain that this is ONLY a Browser/Homepage Hi-jack, as my only issue is when I invoke I.E. 8 (My Browser) it takes me to a "Blekko" search window, as opposed to MSN which is what I had my Homepage set for.. As I've stated, attempting to change this through normal means i.e. "internet options > delete the "blekko" homepage info > hit "select default" (which does contain the MSN homepage info),> Apply, > Ok > then exit "internet options", then re-invoke I.E.8, it takes you right back to the "Blekko" Search page....   I( can work around this by simply deleting the "Blekko" URL, and tyrping in The URL for MSN, then I can continue my activities as befor, it is just "Frusterating as He--" to have to re-type the desired URL every time you want to exit to your designated "HomePage"... 

Cameron O
Found this helpful 0
Cameron O replied on
MVP

Reply

If you go into your Control Panel, Add Remove Programs and uninstall it you should be fine.
https://ocdcomputing.wordpress.com/
johnwc741
Found this helpful 0
johnwc741 replied on

Reply

Uninstall WHAT??? There is no program in the "add remove programs" that has any reference to "Blekko", or any "toolbar" that refers to "Blekko", nor is there any installed program that I do not recognize.  While there, I did go ahead and uninstall three (3) of the anti-malware/anti-virus programs that I had picked up through my troubleshooting efforts, as they were of no help..

This is something that has gotten "embedded into the registry", and doing a "regedit" then looking for any kind of reference to "blekko" or some derivitave yields a "No results found"... I've even investigated the "Hosts" file in C:\WINDOWS\SYSTEM32\DRIVERS\ETC
  hopes there was a recent change there... There wasn't... So, I'm still at "square one"...

Cameron O
Found this helpful 1
Answer
Cameron O replied on
MVP

Reply

Here is another option that may help shed some light.
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

https://ocdcomputing.wordpress.com/
johnwc741
Found this helpful 0
johnwc741 replied on

Reply

That is exactly what I was looking for!!!  Thanks so much!!! Problem solved!!  Running the "Command Line" version of Autoruns, and adding the -h qualifier immediatley pulled out Two (2) registry entries, that otherwise would not be identifiable with this "hijack" virus.. Deleting those entries eliminated the problem...   Again, "Kudos, and thanks".   
Cameron O
Found this helpful 0
Cameron O replied on
MVP

Reply

Excellent! Glad I could help!
https://ocdcomputing.wordpress.com/
Flash278
Found this helpful 0
Flash278 replied on

Reply

Here is another option that may help shed some light.
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx


Worked for me also. Thanks.