ie seems to be hijacked- any suggestions on what to do?

I am working on a client's computer that it seems his internet explorer has been hijacked. If you try to do a search or even try to type in a website it goes to an add website and this happens over and over.
I ran superantispyware pro and it found 1,896 adware but it will not get rid of this problem. I even ran it in safe mode
the browser is still hijacked
I ran malwarebytes and it found nothing
I ran ccleaner prior to running the two antispyware programs
Got any ideas how to fix this?
I had to download superantispyware and malwarebytes on a flash drive and bring it over to the computer because ie kept looping and looping and would not go to any of the program websites
I did this also with Avast free which i also ran and states no viruses no nothing
robin

 

try a Force Breach with Hitman Pro.... and then try Norton Power Eraser

 

Hi robinB

People will laugh, but you should try system restore - seriously!

I tried to help an elderly relative with an IE redirect issue only last week. I found, suspended and removed the bad processes using Process Explorer and Autoruns but then scans with Prevx and MBAM kept throwing up new suspect files after every manual clean up and reboot, mostly in %temp%.

After several hours of amateur sleuthing, chasing re-spawning files and start-up entries, I tried system restore for the hell of it and it worked.

Just try it, worth a shot - I felt a right lemon not having done the simple thing first.

philby

EDIT You've probably already done so, but check IE for an unwelcome proxy setting under Tools > Internet Options > Connections...

 

Check the hosts file. Had a similar issue recently, even after removing all malware, issue persisted. Had to unlock and reset the hosts file.

 

Run a scan with DrWeb Cureit in Safe Mode to see if it detects anything.

 

I would also try DrWeb and Avira from CD without starting Windows.

 

Just for kicks, check what DNS server is being used. Perhaps try OpenDNS or Norton or something and see if that changes things.

 

Have you checked the proxy settings?

 

DNS cache, Router DNS.
If you set DNS at the computer you can disable DNS caching in services of Admin Tools.
If it's the router, reset with pin on back, create all new passwords set router DNS to something like OpenDNS.

There is a batch script at Geeks to Go for checking the router.
Check their cleaning forum for "Google redirect .bat".

Is there a good firewall installed?
OA and Comodo Firewalls/HIPS have different qualities of protection for networking. OA is the stronger of the two but not impervious.

Just for fun rename mbam.exe in the Malwarebytes folder, run a FULL scan.
I had a malware file sitting on my desktop, wasn't detected during quick scan but was detected during full scan.

 

I had the same problem on a clients system. Ended up running tdsskiller from Kaspersky and that solved it.
http://support.kaspersky.com/viruses/solutions?qid=208280684

 

ask experts at one of the volunteer sites listed
https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3

 

i tried all your suggestions and still nothing

this laptop is 6yrears old and has a very hardware problems on top of it and i advised my client to purchase a new one because for what i would charge to reformat this drive he could purchase a new computer, and with the cd not working and some of the keys keep popping out- and the age since it is running xp home, it is just worth the non aggrivation and price it would cost for him to fix this and find that once it is reformated and everything put back on, something else could go on it
I did backup his data and scanned it on my test machine for viruses/trojans, etc
thanks anyway for all your help
robin

 

Very interesting indeed. Some stealth malware might be there. It might be a fun to find it.