The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    Reocurring browser hijacker -.-

    Discussion in 'Windows OS and Software' started by Bassface, Apr 6, 2009.

  1. Bassface

    Bassface Newbie

    Reputations:
    0
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    5
    Yeah, I have a browser hijacker... Any search engine link generally redirects me to random shopping sites (shopica, shopzilla iirc, ect.).

    cabine.dll is the particular malicious software in question.

    I deleted it using The Avenger last night, but now it has returned, I tried unlocking the file to delete, no such luck :(

    Any help is gratefully accepted. kthxbainao!
     
    Bassface, Apr 6, 2009
    #1
  2. flipfire

    flipfire Moderately Boss

    Reputations:
    6,156
    Messages:
    11,214
    Likes Received:
    68
    Trophy Points:
    466
    Are you sure you host file isnt poisoned?
     
    flipfire, Apr 6, 2009
    #2
  3. Bassface

    Bassface Newbie

    Reputations:
    0
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    5
    And a host file is...?
     
    Bassface, Apr 6, 2009
    #3
  4. JohnnyFlash

    JohnnyFlash Notebook Virtuoso

    Reputations:
    372
    Messages:
    2,489
    Likes Received:
    11
    Trophy Points:
    56
    JohnnyFlash, Apr 6, 2009
    #4
  5. Bassface

    Bassface Newbie

    Reputations:
    0
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    5
    If I read correctly, this is, in no way, a poisoned host file, unless cabine.dll is a host file.

    this isn't cabinet.dll
    This is cabine.dll Just for clarification
     
    Bassface, Apr 7, 2009
    #5
  6. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    Have you tried the free version of MBAM?
    Download the installer and rename it to ABC.exe.
    Then install it but don't let it update yet.
    Close the just installed MBAM program and go to the map C:\Program Files\Malwarebytes' Anti-Malware.
    Rename MBAM.exe to ABCD.exe, then start the program (by clicking on ABCD/MBAM.exe, update the program and only then let it do a full scan.
    Cheers.
     
    Baserk, Apr 7, 2009
    #6
  7. Bassface

    Bassface Newbie

    Reputations:
    0
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    5
    here is the log.

    I've done it 3 times, no luck. Cabine and the other infections refuse to give up.

    Malwarebytes' Anti-Malware 1.36
    Database version: 1949
    Windows 5.1.2600 Service Pack 2

    4/7/2009 7:40:20 PM
    mbam-log-2009-04-07 (19-40-20).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 6974
    Time elapsed: 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bef6f4ef-d757-4350-a373-973a44088cd9} (Trojan.BHO.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{bef6f4ef-d757-4350-a373-973a44088cd9} (Trojan.BHO.H) -> Delete on reboot.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\cabine.dll (Trojan.BHO.H) -> Delete on reboot.
     
    Bassface, Apr 7, 2009
    #7
  8. Carrot Muncher

    Carrot Muncher Notebook Evangelist

    Reputations:
    71
    Messages:
    463
    Likes Received:
    0
    Trophy Points:
    30
    You tried superantispyware, I'd also uninstal current av and install the nod32 trail, disable system restore and maybe scan in safe mode.
     
    Carrot Muncher, Apr 7, 2009
    #8
  9. Bassface

    Bassface Newbie

    Reputations:
    0
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    5
    nod32 didn't do a thing either... It says it has, but when I look in system32, it's still there. The registry is also infected and those havent been removed either.
     
    Bassface, Apr 9, 2009
    #9
  10. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    Check this thread; it describes (among others) the same trojan you are having problems with.
    The solution will take some time but post your problem there and follow the suggested steps and I'm pretty sure you'll get it solved.
    Cheers.
     
    Baserk, Apr 10, 2009
    #10