Kdirectory.co.uk - pelase help

Discussion in 'Computer Security' started by NZ Kris, Jun 14, 2011.

  1. NZ Kris

    NZ Kris Nibble Poster

    56
    1
    15
    Hi everyone, has anyone encountered this browser hijacker?
    It redirects links from google searches to kdirectory.co.uk

    It is an intermittent problem. Have ran virus scan with malwarebytes which found and removed a virus. But this problem returned 3 days later.

    Had anyone else had success removing this one?
     
    Certifications: A+ 2009, Network+, MCDST, MCTS, MCSA
    WIP: MCSA
  2. dales

    dales Terabyte Poster

    2,005
    51
    142
    I'd probably try a system restore to a point before the problem occured first just to see if that works. If it does, disable reboot and reenable system restore again to ensure the infected restore points are deleted.

    Otherwise typical Runs of Ccleaner and malwarebytes should assist you in removal.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  3. NZ Kris

    NZ Kris Nibble Poster

    56
    1
    15
    thanks, have previsouly tried malwarebytes (which found infections on the quick scan), left on the full scan but i have a feeling the user closed his machine at the end of the day before the scan had completed.

    So re doing the full system scan, also have scrubbed history and temp files with CCleaner.

    There is no strange entries to the host file, and the DNS server still is correct to it hasn't hijacked that.

    A system restore is not ideal as it the user has a lot of programs and profile settings for AUTOCAD which may be lost, but as a last resort I will do that.

    Any further idea's from anyone, particularly if they have seen this one before, please let me know
     
    Certifications: A+ 2009, Network+, MCDST, MCTS, MCSA
    WIP: MCSA
  4. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    check your browsers folders. I had a one a while back and it kept setting my home page to something called searchq.co.uk. No matter how many times I removed it with my anti virus apps it kept coming back. The only way I got rid of it was to go into my browsers folders and delete any reference to it and then do a virus scan.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  5. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    A wise man once told me

    1) Run rkill.exe
    2) Run malwarebytes
    3) Run rkill.exe
    4) Run Virus Scan
    5) Run hijackthis
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  6. dales

    dales Terabyte Poster

    2,005
    51
    142
    When you say user, do you mean this is a corporate machine if so then nothing short of ripping it out of the network and reimaging the machine will do. If the infection has only be on there a day or two I would still recommend a system restore back to just before the infection.

    But as ThomasMc rightly says you cannot go far wrong with that process.

    I always work under the assumption that once a machine is compromised it cannot be trusted at all. Perhaps now would be a good time to verse the user in the delights or running as user instead of admin.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.