How do I get rid of Claro Search engine.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by RainbowDash, Aug 12, 2012.

  1. RainbowDash

    RainbowDash Private E-2

    Attached Files:

    • OTL.Txt
      File size:
      250.2 KB
      Views:
      4
  2. thisisu

    thisisu Malware Consultant

    Welcome to MajorGeeks, RainbowDash

    [​IMG] From Programs and Features (via Control Panel), please uninstall the below:
    • Babylon Toolbar (if present)
    • Java(TM) 6 Update 31

    [​IMG] Fix items using OTL by OldTimer

    Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
    Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
    Copy the text in the code box below and paste it into the [​IMG] text-field.
    Code:
    [COLOR="DarkRed"]:otl[/COLOR]
    IE - HKU\S-1-5-21-1802727379-3288547721-2823175230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-search.com/?affID=112542&tt=090812_clr_3212_2&babsrc=HP_ss&mntrId=50d20b0f00000000000090e6ba4daec6
    IE - HKU\S-1-5-21-1802727379-3288547721-2823175230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.roblox.com/Default.aspx
    IE - HKU\S-1-5-21-1802727379-3288547721-2823175230-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=112542&tt=090812_clr_3212_2&babsrc=SP_ss&mntrId=50d20b0f00000000000090e6ba4daec6
    IE - HKU\S-1-5-21-1802727379-3288547721-2823175230-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1802727379-3288547721-2823175230-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1802727379-3288547721-2823175230-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1802727379-3288547721-2823175230-1000\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    [2012/08/11 22:40:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Babylon
    [2012/08/11 22:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1
    [COLOR="DarkRed"]:files[/COLOR]
    dir "C:\Program Files (x86)\Vid-Saver" /c
    [COLOR="DarkRed"]:commands[/COLOR]
    [reboot]
    [resethosts]
    
    Now click the [​IMG] button.
    If the fix needed a reboot please do it.
    Click the OK button (upon reboot).
    When OTL is finished, Notepad will open. Close Notepad.
    A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
    Attach this log to your next message. (How to attach)
     
  3. RainbowDash

    RainbowDash Private E-2

    here it is and should I re download java? if you could put a link (if needed to redownload) so I dont get viruses again :s
     

    Attached Files:

  4. thisisu

    thisisu Malware Consultant

    [​IMG] Now install the current version of Sun Java from: here

    __

    Are you still experiencing Claro Search engine problems or any other malware related issues?
     
  5. RainbowDash

    RainbowDash Private E-2

    No I am not!
    Thank you x 9001

    Thank you Thank you Thank you_____Thank you_________Thank you
    _________Thank you________________Thank you______Thank you
    _________Thank you ________________Thank you____Thank you
    _________Thank you ________ _________Thank you_Thank you______
    _________Thank you________________________Thank you__________
    _________Thank you________________________Thank you
    _________Thank you________________________Thank you__________
    _________Thank you________________________Thank you__________
    _________Thank you________________________Thank you__________

    sorry for spam :3 but really thank you.
     
  6. thisisu

    thisisu Malware Consultant

  7. RainbowDash

    RainbowDash Private E-2

    hang on
    Claro search popped up again
    My browser is google chrome I already went into settings set it to google removed claro and re set home page
    halp :<
     
  8. thisisu

    thisisu Malware Consultant

    Since it's Chrome you should try uninstalling and reinstalling Chrome.
     
  9. RainbowDash

    RainbowDash Private E-2

    I promise ill never get another searchengine again
    I got Mystart downloaded on accident and I tried uninstalling and reinstalling chrome . so once more Please help.
     
  10. thisisu

    thisisu Malware Consultant

    Rescan with OTL and attach the latest log.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds