SO some how I have something called Search.us.com and TNT2user.exe I hope I am posting in the correct forum, if not please move this to the correct forum or instruct me how to.
I discovered this when comodo informed me that these were attempting to connect to another computer and gain access to some important part of my computer. and if I didn’t want this or want to allow this I should block it or allow to partially open in sand box. I choose sand box. well now that was a mistake because for 10 days now I have been blocking the request. However it continues to come up and running a virus scan does not locate it or remove it! Frustrating!
I searched in Control panel and add or remove programs, and found a program called search.us.com and I choose to remove it, but that has not completely happened for some reason, and i am now getting TNT2user.exe !!
Plus, I now have at the top of my screen , every time I go online, an area the size of a tool bar that will not fill with the page I am currently viewing, but instead shows a part of my desktop image.?? I’m very concerned, and unsure what to do!..and so I am here at this forum seeking answers and guidance.
HELP! what is happening and what can I do to remove this and get back to normal?
Obviously, I am not a comp. expert but a novice and just a home desk top user. Yet I can follow directions if they are detailed and laid out in steps. Thanking you all now for your assistance!
Try scanning with the following scanners and see if they can get rid of it:
Malwarebytes Anti Malware
Super Antispyware
Hitman Pro
Norton Power Eraser
Let us know if that did the trick for you or not.
I have been chasing this problem for two days, and have tried all those virus/malware programs including several more not mentioned. The closest I got to a fix was to backup the reg, then delete every reference to TNT2User, and reboot. Then found the default profile this monster created:
C:\users[name]\Appdata\roaming\mozilla\firefox\profiles\user.js
opening that file with notepad and it directed the hijacked homepage to
start.search.us.com and set the new tab to TNT2User.exe.
I deleted this file [with FF closed] and reopened. It went to the hiacked home page, but I reset it to my choice. Then change new tab. This worked perfectly, and closed\reopened FF. Perfect.
But…closed opened again, and the hijacked pages are back. i have no idea what to try next.
Now for An update.
I have downloaded and run the programs suggested. Only super anti spy ware fond anything! I still have the original issue!
And every time I log onto the internet, and before my home page will lad, Comodo comes on and informs me off the attempts that search.us.com wants to connect to the internet shall I allow it to do so or not? and I always choose block. then immediately the same question is out to me about TNT2user.exe and I choose to block. only then am I allowed access to the web. ?
Should I just allow these, and then deal with them if I don’t want them or they are malicious? help.
And Is the reason I am having this trouble simply because I chose to open them in sand box and i have not completed the steps for sand box?.. I don’t understand how to properly use sand box…help.
I’m attaching screen shots of my monitor so that you can see what my screen looks like. perhaps it wil help you with helping me. Can I attach any thing else that would help?
[attachment deleted by admin]
Additional update info.
SO right after I posted my update, the internet took me to a comodo forum page where I read about a program called PSC.exe posted by M_____, I believe a comodo guru, general.
I read the great replies about it. So I down loaded it to a folder on my desk top, and ran it, the program ran really fast, all I saw was a black screen! then it was over. but I am not seeing any log that it says it created and placed where I launched from ? {which would be the folder on my desk top} please advise.
Thank you
PS: on my earlier posting I forgot to explain that when you look at the ‘screen shot of my monitor’, look at the top and around the comodo icon, you should see several words, sentences etc of programs I just used and closed! plus other unidentifiable images, which are the very top portion of my desk top image!..which is a picture of a steam loco. this is the missing tool bar sized area that started my search to discover what is wrong with my computer.
Search us.com is a browser hi-jacker.
Here are some instructions…
Strangely, Emsisoft doesn’t seem to consider it dangerous…
http://isthisfilesafe.net/sha1/EBFDCB83A6D2D93C8C6F32995E5C27F9C5485F46_details.aspx
http://isthisfilesafe.net/company/Search.Us.com_details.aspx?company=Search.Us.com
Also, I would also do a system restore.
Click on the Start button and type - system restore - into the search pane
Choose - restore system files and settings from a restore point
Choose - choose a different restore point -
Click the little box that says “Show more restore points” to open a list of restore points
Choose a point before you started to have your problem
and then proceed to restore your system
Thanks for your help! the issue is now corrected!. and I’m happy ! 