Search us.com (start.search.us.com)

[Colin Goss]

I got hijacked today.

Despite AVG (paid for version) Malware bytes etc etc, the above nasty got through and made Firefox and IE default to its own search engine.

I went into control panel and deleted the .com file that had intruded.

IE was OK on reset to default but Firefox couldn't lose the beggar. I had to go back to a previous profile using mozbackup restore.

It must have slipped in on the back of a program to try to delete the 5000 temp files in Windows/Temp

WIZ - as the resident guru, how can I be sure that I have eliminated it completely?

[Dave Potter]

It must have slipped in on the back of a program to try to delete the 5000 temp files in Windows/Temp

That's confusing to me. There are several "temp" folders, and anytime I want to clean house, I just open the folder in Explorer, "select all", and press "delete". They all disappear except the occasional one that Windows is using.

Why would one need a "program" to delete temp files?

[Earnest Bovine]

I don't see how mozbackup would help. Mozbackup just saves (or restores) your data (profile) from Thunderbird or Firefox.

[Wiz Feinberg]

Colin;
Please read this thread on Mozilla support, where a rep from that company shows how to remove and reset your search and home page.

[Wiz Feinberg]

Apparently, this can be a stubborn search hijacker to remove. However, in addition to using the uninstaller from the company, try resetting Firefox to its default settings, which includes both home page and search provider.

At the top of the Firefox window, click the "Firefox" button, go over to the "Help" sub-menu (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".

Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.

Click "Reset Firefox" in the confirmation window that opens.

Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

[Colin Goss]

OK - I mentioned three topics

Firefox is now working fine - The reset to default lost all my bookmarks etc which is why I reset from mozbackup.

In my C:/Windows/Temp folder there are over 5000 .tmp entries all with zero bytes and they cannot be deleted. Windows 8 says they cannot be deleted - hence my search for a utility that would do it. They are still with me.

My last query is how do I ensure that I am completely clear of the US Search virus?

[Wiz Feinberg]

OK - I mentioned three topics

Firefox is now working fine - The reset to default lost all my bookmarks etc which is why I reset from mozbackup.

In my C:/Windows/Temp folder there are over 5000 .tmp entries all with zero bytes and they cannot be deleted. Windows 8 says they cannot be deleted - hence my search for a utility that would do it. They are still with me.

My last query is how do I ensure that I am completely clear of the US Search virus?

Go to this Bleeping Computer forum and open a new case. Carefully read the terms of service. Do not interject into any other existing topics. A trained malware removal expert will be assigned and will assist you until your computer has been proven to be clean of this and any other threats, or out-dated, vulnerable 3rd party software.

Note, you will be instructed to download and run various tools in a particular sequence. Specialized scripts may be written just for you. Logs will need to be compiled and submitted. Do as requested and maintain the dialog until the assistance has completed. Do not try to anticipate the order. It will throw a wrench into the process.

A vulnerability allowed your search hijacker into your computer. That underlying vulnerability must be located and fixed.