Ook.gg malware removal

A

Avbob se stoep

Expert Member
Joined
Oct 19, 2020
Messages
1,141
Reaction score
1,136
Hi Guys,

So my dad somehow managed to get this malware which attaches itself to all your browsers and anytime you search for something it redirects you through the Ook.gg "browser/search engine".

I did run a malwarebytes antivirus check and everything and nothing was found. I also removed all extensions from chrome but the problem persists.

When searching for how to remove this problem on google all the videos are like 2 days old and websites with "solutions" are random 2 day old websites. So im schetched out now. The one video of which, seems like it might be, a reputable channel, provides me with a bunch of code which I need to execute in order to remove it. - im no coder but this seems schetchy. The video link is below. If someone smarter in the coding department than me can just read the description and perhaps confirm if this is a legit fix or not, it would be appreciated. OR even beter provide me with another fix.

 
Avbob se stoep said:
Hi Guys,

So my dad somehow managed to get this malware which attaches itself to all your browsers and anytime you search for something it redirects you through the Ook.gg "browser/search engine".

I did run a malwarebytes antivirus check and everything and nothing was found. I also removed all extensions from chrome but the problem persists.

When searching for how to remove this problem on google all the videos are like 2 days old and websites with "solutions" are random 2 day old websites. So im schetched out now. The one video of which, seems like it might be, a reputable channel, provides me with a bunch of code which I need to execute in order to remove it. - im no coder but this seems schetchy. The video link is below. If someone smarter in the coding department than me can just read the description and perhaps confirm if this is a legit fix or not, it would be appreciated. OR even beter provide me with another fix.

Click to expand...
Please don't do what the description of that video tells you to do.. it's just going to steal your browser information which is likely to include stored passwords etc..

That said, I also don't have a solution to the malware other than a fresh install of the OS..
 
Malicious Software Removal Tool 64-bit

It normally works well but I would format the system if i was you. Get a Linux live DVD and boot with it. Reason why you use a DVD is the Virus can't write itself to it. Once in linux watch a video to do a format once done plug in your Windows USB and reparation and format the drive it will be fine then.
 
I use windows antivirus along with McAfee and that works. I know McAfee isn't all that good but it actually does a good job for me. The Windows removal tool does a good job BUT it is slow.
 
Bleepingcomputer website was our go to for tools. Seeing Comboxfix again brings back good memories.

The video you posted has the manual solution in the description. I watched that video and all of it is above board.

It's registry entries being added /deleted. All three (I think) .reg and the .bat files code which try to find and delete GPOs and also cleans out the Registry, are legit.

I would also uninstall Chrome and install a proper browser like Firefox with a few recommended Add-ons/Extensions like uBlock Origin, etc...

Edit: this video :

Edit 2: also look at some recommended Britec videos



 
Last edited:
Most free Antivirus software will give you reasonable protection but don't just use Microsoft Antivirus. That said you are battling something that you can't win due a hidden setting in both win10 and win 11.

1697773726528.png

This is how most viruses can auto install on your system without even asking and once they live in your TSR and will not unload from your memory. This means it is active yet passive at all times. It is very hard to deal with so keeping the PC clean is actually easier all things considered.

What makes Firefox good is it runs "not trusted code" in a sandbox but this is not always the case. But if you want to be extra safe and this is what I recommend is run VM with this Live CD. justbrowsinglinux.com It just works.

I do recommend looking at the start guide.
 
1697777850277.png

Remote Registry is the important one, this service should be disabled by default for personal use computers. If it is not then the attacker can do essentially what they want. The same goes for most remote Access services. It shouldn't be active on a personal computer.

Your startup should look something like this.

1697778152610.png

I set mine up so that almost nothing boots automatically. The main reason is faster boot time but it gives you more control of what each TSR do. If you see something you don't know what it is Google it. But always leave the Security Health Systray.exe on. Not only is this service needed but it is also the first service a virus will close down/disable.
 
Willy Strong said:
Bleepingcomputer website was our go to for tools. Seeing Comboxfix again brings back good memories.

The video you posted has the manual solution in the description. I watched that video and all of it is above board.

It's registry entries being added /deleted. All three (I think) .reg and the .bat files code which try to find and delete GPOs and also cleans out the Registry, are legit.

I would also uninstall Chrome and install a proper browser like Firefox with a few recommended Add-ons/Extensions like uBlock Origin, etc...

Edit: this video :

Edit 2: also look at some recommended Britec videos



Click to expand...
Man alive. What have you just awakened inside of me?

Combofix was the bomb.
 
FFS
10:10 said:
Most free Antivirus software will give you reasonable protection but don't just use Microsoft Antivirus. That said you are battling something that you can't win due a hidden setting in both win10 and win 11.

View attachment 1604546

This is how most viruses can auto install on your system without even asking and once they live in your TSR and will not unload from your memory. This means it is active yet passive at all times. It is very hard to deal with so keeping the PC clean is actually easier all things considered.

What makes Firefox good is it runs "not trusted code" in a sandbox but this is not always the case. But if you want to be extra safe and this is what I recommend is run VM with this Live CD. justbrowsinglinux.com It just works.

I do recommend looking at the start guide.
Click to expand...
So what you are actually saying is that this problem is more difficult to fix than your normal virus... "sighs"
 
Willy Strong said:
Bleepingcomputer website was our go to for tools. Seeing Comboxfix again brings back good memories.

The video you posted has the manual solution in the description. I watched that video and all of it is above board.

It's registry entries being added /deleted. All three (I think) .reg and the .bat files code which try to find and delete GPOs and also cleans out the Registry, are legit.

I would also uninstall Chrome and install a proper browser like Firefox with a few recommended Add-ons/Extensions like uBlock Origin, etc...

Edit: this video :

Edit 2: also look at some recommended Britec videos



Click to expand...
Thank you for the extra trouble you went through. I appreciate it, will try it and report back.
 
Avbob se stoep said:
FFS

So what you are actually saying is that this problem is more difficult to fix than your normal virus... "sighs"
Click to expand...
We can thank stuxnet for that, see normally driver certificates are impossible to get BUT there are ways around that and because one idiot did it the rest will follow. It is The gift that keeps on giving
 
Last edited:
To remove a virus from a SSD without ROM media is essentially impossible. Thankfully there are very few viruses that does this but I will leave the steps bellow.

What you will need:
USB 3.0 External DVD RW Optical Drive
DVD+R Dual Layer 10 (Spindle) Printable
Try Ubuntu before you install it

Go on YouTube find the steps you need to DELETE the partitions on your SSD. Here is why, the virus copies itself in the hidden partition that is normally used as part of the recovery process. Now this can be done with a Wndows USB drive BUT there is a SMALL risk that the virus moves itself to the ram and lives there. This however is rare.

But if you want to zero your drive use Ubuntu, it does a great job and you can create a windows install media within Ubuntu have access to the internet and it is just a great tool to have.

But this is for extreme cases. It is always a good idea to create Windows install media from a known Good computer. Meaning a computer that you know has no infections. Also Rom Backup is a lot harder to corrupt. So all those important photos should live on at least one DVD along with all your other backups.

To me personally live CDs is the best tool ever because no virus can handle them. Also if it is a windows virus that tries to make a copy of itself on to your RAM this cannot happen with a live CD because the Live CD clears the ram for itself. Essentially zeroing your ram. Now you have clean ram and can zero the hard drive and start over.

Yes for now it is cheaper to just buy a new SSD but if it happens once it will happen again so why not get the tools and help yourself or you can spend R500 an hour for someone else to do it. I run a small business I deal with viruses all the time.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X