isearch.fantastigames (searchqu in Hitman)

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Nightkil13r, Feb 14, 2013.

  1. Nightkil13r

    Nightkil13r Private E-2

    Ok so here is my issue, i went to download CCleaner from this site but i wasnt paying attention and instead of clicking one of the links to the downloads hosted on this page i clicked on an ad hosted by google on this site for it, well to my dismay it was a bad copy that had the SearchQU piggy backing on it, i have run numerous programs to try to pick it up and delete it the only one that has had success was Hitman, but it wouldnt delete it unless i paid for a copy. Any other solution i have found had me going through the registry to delete its specific entries, which i have found to be different than what has been posted online, so im back to square one, how to get rid of this thing, i am currently compiling my logs as per the Read and run me first walk through, i will be posting those shortly once i have them all. i do have some(5 years) expierence with IT work so dont feel like you need to dumb it down for me.
     
  2. Nightkil13r

    Nightkil13r Private E-2

    Ok so the scans are done again and here are the log files for them, im at a loss at this point, this thing has added an icon to my desktop also, which has no corresponding info under program management, but here is the basics of my system. Any help at this point is going to be benefiting me.

    PS there will be another post shortly to upload the other logs, i have 7 in total
     

    Attached Files:

  3. Nightkil13r

    Nightkil13r Private E-2

    Here are the final logs
     

    Attached Files:

  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Re run Hitman and have it delete Potential Unwanted Programs


    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    • O2 - BHO: DataMngr - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL
    • O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SETTIN~1\Datamngr\DATAMN~1.EXE

    After clicking Fix exit HJT.


    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Tell me what issues remain.
     
  5. Nightkil13r

    Nightkil13r Private E-2

    Just noticed your response, Running the scans now
     
  6. Nightkil13r

    Nightkil13r Private E-2

    Ok so Hitman is unable to delete the unwanted items, its saying that it cannot delete malware unless it is a licensed copy, also, im still showing everything is still there, the same SearchQU(as Hitman calls it) and Funmoods. i found the isearch.fantastigames addon in firefox and removed it. im going to try a restart to see if it stays out of my browser.

    Everything i ran showed success with the exception of Hitman, which only was able to delete the tracking cookies i had.

    Attached is the latest hitman log that i ran after completed the Steps as directed.
     

    Attached Files:

  7. Nightkil13r

    Nightkil13r Private E-2

    Im doing some digging based on what the Extension in FireFox showed as the name this malware was using "DataManager" and have found a process running with this name and description, i ended the process, and traced it back to my program files folder File path "C:\Program Files (x86)\Settings Alerter\Datamngr" i am pretty sure this is where the malware is hiding itself, partially because i have never seen this program folder before, i have never installed anything that created the settings alerter and it was created the same day and about the time that i got this malware, inside the Settings Alerter folder is an uninstall.exe but im hesitant to run this.


    After removing the Data Manager extention from firefox i am no longer having my browser redirected everytime i open a new tab, so that takes care of part of this malware. im going to work on at least disabling this Pain in my Behind.
     
  8. Nightkil13r

    Nightkil13r Private E-2

    Ok, So i think i have gotten rid of most of this malware, it does not appear to be running at least, Hitman is picking up some of it still though, which it is point to Reg Keys that i am not sure if it is safe for me to delete or not, At this point it is not redirecting my web browser anymore.

    Here is what i did,

    I found the Settings alerter under Programs and features and uninstalled it from there, then i checked to make sure there wasnt anything that was suspect to auto run at start up under MSCONFIG, i didnt see anything under that at all that i didnt recognize and that shouldnt have been there. I then ran CCleaner and ran the registry fix making sure to back up all registry changes first.

    As of now it looks like all that is left is to remove all of the registry entries manually that Hitman is picking up for this program, I would like Your input before i just barrel ahead into this though Just in case one of these keys is reading a false positive and messes something up.

    I do very much appreciate the help with this, it has gotten me to step back and take a different approach to this issue and has so far been successful at least it appears to be that way.
     

    Attached Files:

  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now rerun Hitman, is it still finding those entries or not?
     
  10. Nightkil13r

    Nightkil13r Private E-2

    The Reg came up with a Success, but hitman is still finding the entries.
     
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.

    Does Hitman now still detect those items??
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds