Please help me remove Claro search

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by gjprice, Aug 15, 2012.

  1. gjprice

    gjprice Private E-2

    I have been through the Read & Run Me First (Malware Removal) Guide and nothing is working to remove the Claro search home page. I have attached all logs. Any help is greatly appreciated.

    Thanks
     

    Attached Files:

  2. thisisu

    thisisu Malware Consultant

    Hello gjprice :)

    [​IMG] From Add/Remove Programs (via Control Panel), please uninstall the below:
    • BabylonObjectInstaller
    • BitComet 1.29
    • Browser Manager
    • Coupon Printer for Windows
    • Java(TM) 6 Update 33
    • Swag Bucks Toolbar

    __

    Reboot your computer

    __

    Delete the following items if they still exist:
    • C:\Documents and Settings\G Price\Application Data\Babylon <== Folder
    • C:\Documents and Settings\G Price\Local Settings\Application Data\Swag_Bucks <== Folder
    • C:\Documents and Settings\G Price\Local Settings\Application Data\dt.dat <== File
    • C:\Documents and Settings\All Users\Application Data\Babylon <== Folder
    • C:\Documents and Settings\All Users\Start Menu\Programs\Coupons <== Folder

    __

    [​IMG] Please download and run ComboFix and attach its log.
    Read these instructions on how to use it: How to use ComboFix
    Do not uninstall ComboFix yet as we may need it to fix remaining malware issues.
     
  3. gjprice

    gjprice Private E-2

    I've followed all your directions . . . and here is the combofix log. Thanks
     

    Attached Files:

  4. thisisu

    thisisu Malware Consultant

    [​IMG] Please download Disable/Remove Windows Messenger to your desktop.
    • Double-click MessengerDisable.exe to run it.
    • Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
    • Click Apply
    • Click Exit

    __

    [​IMG] Fixing items using ComboFix
    Make sure that ComboFix.exe that you downloaded earlier -- but do not run it.
    If it is not on your desktop, the below will not work.
    Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
    Open Notepad and copy/paste the text in the below code box into Notepad:
    Code:
    [COLOR="DarkRed"]KillAll::[/COLOR]
    [COLOR="DarkRed"]ClearJavaCache::[/COLOR]
    [COLOR="DarkRed"]FireFox::[/COLOR]
    FF - ProfilePath - c:\documents and settings\G Price\Application Data\Mozilla\Firefox\Profiles\7fcpva8i.default\
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.claro-search.com/?affID=115131&tt=120812_bandext_3312_4&babsrc=HP_iclro&mntrId=9809dff70000000000000016764b1b7f
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.claro.id, 9809dff70000000000000016764b1b7f
    FF - user.js: extensions.claro.instlDay - 15566
    FF - user.js: extensions.claro.vrsn - 1.6.4.1
    FF - user.js: extensions.claro.vrsni - 1.6.4.1
    FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.119:35
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - iclaro
    FF - user.js: extensions.claro.instlRef - sst
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    [COLOR="DarkRed"]FileLook::[/COLOR]
    c:\windows\system32\drivers\cbfs3.sys
    [COLOR="DarkRed"]Registry::[/COLOR]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "adaware"=-
    "adaware_XP"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "20454:TCP"=-
    "20454:UDP"=-
    
    Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.exe on your desktop.
    Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
    [​IMG]
    This will launch ComboFix.
    Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Allow ComboFix to update itself if prompted.
    When ComboFix finishes, a log will be produced at C:\ComboFix.txt
    Attach this log to your next message. (How to attach)

    __

    [​IMG] Now run C:\MGtools\GetLogs.bat by double-clicking it.
    This updates all of the logs inside MGlogs.zip.
    When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

    __

    Make sure you let me know how things are running after you have completed the above steps!!
     
  5. gjprice

    gjprice Private E-2

    Things are running well, better than they have for a while . . . Thanks. Attached are the files you requested.
     

    Attached Files:

  6. thisisu

    thisisu Malware Consultant

    Uninstall:

    My.Freeze.com NetAssistant (Adware)

    __

    The rest of your logs are clean. :)

    If you are not having any other malware related problems, it is time to do our final steps:
    • Any programs we had you download and/or install can be removed at this time.
    • If we had you download and run ComboFix, here is how to uninstall it:
      • Press and hold the Windows key [​IMG] and then press the letter R on your keyboard.
      • This opens the Run dialog box.
      • Copy and paste the below text inside the text-field:
        • "%userprofile%\desktop\ComboFix" /uninstall
      • Now press ENTER
      • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
    • You can re-enable your Disk Emulation software at this time via DeFogger.
    • If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
    • Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
    • Now we will toggle System Restore to remove any infected system restore points.
    • Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
    • Be safe :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds