Hijacked?!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by timw128, Nov 19, 2012.

  1. timw128

    timw128 Corporal

    Please Help!... I have read everything I could in the forums and found no solution to my dilemma.
    I ran Spybot S & D and it found some stuff- adware and potential hijacker- and got rid of it. Next, I downloaded Ad Aware, and this is when the problems began. A Claro Search was installed along with a Lavasoft Safesearch and I can't get rid of either of them in IE or Chrome. I use Chrome 95% of the time. I have changed the settings in Chrome, cleared the cache and cookies, flushed the DNS in cmd and I am still having this browser issue. When I open Chrome, two tabs open simultaneously- one the Lavasoft, the other the Claro.
    Could someone please help me out of this mess?
    Thanks in advance for any and all help!
    Regards-
    timw
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.

    Now please follow these instructions:

    READ & RUN ME FIRST. Malware Removal Guide
     
  3. timw128

    timw128 Corporal

    Thanks, Tim- It is 2 am here. I'll get it running, go to bed, and deal with it in the morning. Sure appreciate your help!
    timw
     
  4. timw128

    timw128 Corporal

     
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, you need to disable your AV software. Then after running JRT, see if using Revo Uninstaller to remove that other program.
     
  6. timw128

    timw128 Corporal

    Now I am confused!... what other program do you refer to?... safesearch.lavasoft?...
     
  7. timw128

    timw128 Corporal

    OK, it doesn't matter whether the AV is enabled or disabled. I can NOT download JRT from your highlighted text. Please note the attached screenshot, lower left hand corner and you'll see what I mean. The Claro search and the Lavasoft Safe Search are both raising havoc with my services.msc and my browser(s) settings. I have googled and googled to no avail. I really need help with whatever has a hold on my system.
    Thanks-
    tim
     
  8. timw128

    timw128 Corporal

    OK, after some quick research, I was able to figure out that JRT and Chrome do not mix. So, I downloaded from IE8, closed, disconnected AV prog and Ran.
    You'll find the JRT.txt file attached here.
    Thanks-
    tim
     

    Attached Files:

  9. timw128

    timw128 Corporal

    I have ran the other diagnostics, in order, from the bottom of your initial response to me. ( READ & RUN ME FIRST. Malware Removal Guide) These I shall now attach in order. Kaspersky TDSS found nothing, and HitmanPro defined JRT.exe as a trojan. MBRCheck log is from another part of RRMF and has a code in it. As far as the services.msc go, there are items in there where their start up type has changed to boot(?).
    Sure hope I did this right! :confused
    I am grateful for all of your assistance, TimW- Thank-you!
    tim
     

    Attached Files:

  10. timw128

    timw128 Corporal

    Hello?... Anybody home?...
     
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Lavasoft.

    I need the log from running C:\MGTools.exe --- C:\MGLogs.zip

    Can you go into msconfig and stop those services?
     
  12. timw128

    timw128 Corporal

    Hey TimW- Not sure which services you refer to. I am having all sorts of OS issues and was on the verge of a repair install. Something was/is raising havoc with my system. I rebooted to 'Last known Good...' and the DNS Client and SENS are now back in Services.msc.
    I thought I attached the MGTools log in my last post. I, at present, have no record of them. Would you like me to run MGTools again and submit?...

    I did write some DOS line commands to the registry to fix the missing services, to no avail. The final element was the 'Last known Good...'
    All seems well, at present, but I don't trust the system. Anytime that I have things being changed without my help within System32 makes me wonder.
    I'll run the MGTools again and attach log.
    Thanks a bunch for your assistance regarding this matter.
    tim
     
  13. timw128

    timw128 Corporal

    Here are the MGTools log.
    Thanks!
    tim
     

    Attached Files:

  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not finding any evidence of malware. I think you may need to post in the software forum for your system issues. Are you still having issues with Claro,etc?
     
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can use Hitman to remove these:
    C:\Documents and Settings\All Users\Application Data\blekko toolbars\ (Blekko)
    C:\Documents and Settings\All Users\Application Data\blekko toolbars\toolbar.txt (Blekko)
     
  16. timw128

    timw128 Corporal

    No, I think I have gotten rid of the Claro and AdAware search issues.
    Thanks!
     
  17. timw128

    timw128 Corporal

    Will do, that is if I can get it activared again. Having issues with that.
     
  18. timw128

    timw128 Corporal

    OK, got it reactivated and removed those 2 items, plus the last scan found 4 more items that were malware. I have no idea how this is getting past my AV. Maybe it is time to try something other than avast! when this subscription expires.
    Thanks for all of your help- it's greatly appreciated!
    tim
     
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    2. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work thru the below link
    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds