Help removing Claro Search

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by SingingSam, Oct 10, 2012.

  1. SingingSam

    SingingSam Private E-2

    I need help removing the Claro Search on Firefox.
    I've worked through the Malware removal guide and here are the logs.
     

    Attached Files:

  2. thisisu

    thisisu Malware Consultant

    Welcome to MajorGeeks, SingingSam :)

    [​IMG] From Programs and Features (via Control Panel), please uninstall the below:
    • Java(TM) 6 Update 31
    • Java(TM) 7 Update 5
    • Savings Sidekick

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Please save the work in your browsers before proceeding.
    • Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
    • Right-click JRT.exe and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Please attach JRT.txt to your next message. (See: HOW TO: Attach Items To Your Post )
     
  3. SingingSam

    SingingSam Private E-2

    Thanks for the welcome. This is an amazing forum :)

    I've done all you asked and here is the JRT log file.
     

    Attached Files:

    • JRT.txt
      File size:
      2.6 KB
      Views:
      3
  4. thisisu

    thisisu Malware Consultant

    I would prefer if you ran this fix while in Safe Mode for the highest chance of success.
    See: How to start your computer in Safe mode

    Attached is OTLfix.txt
    Download and save this to your desktop.


    [​IMG] Please download OTL by OldTimer to your desktop.
    Now open OTL by double-clicking it.
    Then drag OTLfix.txt into the [​IMG] text-field.
    You should see a bunch of text transferred over into the text-field.
    Now click the [​IMG] button.
    The fix will need a reboot. Allow the PC to reboot into Normal Mode.
    Click the OK button (upon reboot).
    When OTL is finished, Notepad will open. Close Notepad.
    A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
    Attach this log to your next message. (How to attach)

    __

    [​IMG] Now rescan with OTL using the Run Scan button.
    Two logs will be created.
    Attach both Extras.txt and OTL.txt to your next message.

    __

    Let me know what problems remain after completing these steps.
     

    Attached Files:

  5. SingingSam

    SingingSam Private E-2

    Thank you! It all seems to be working now.

    It did post up an error box while running the scan :

    To fix this app you must first install one of the following versions
    of the .NET framework
    v4.0.30319

    I pressed ok each time (about 5?) and then it continued.

    Here are the logs.
     

    Attached Files:

  6. thisisu

    thisisu Malware Consultant

    Are the problems gone from FireFox? According to your latest OTL scan, they are still present.

    One more OTLfix I would like you to run. Run it from Normal Mode this time and attach the latest log from the C:\_OTL\MovedFiles folder.
     

    Attached Files:

  7. SingingSam

    SingingSam Private E-2

    Here's the latest log. There's no sign of Claro search when I start Firefox and it's not shown as the preferred search.
     

    Attached Files:

  8. thisisu

    thisisu Malware Consultant

    Great :)

    If you are not having any other malware related problems, it is time to do our final steps:
    • Any programs we had you download and/or install can be removed at this time.
    • If we had you download and run ComboFix, here is how to uninstall it:
      • Press and hold the Windows key [​IMG] and then press the letter R on your keyboard.
      • This opens the Run dialog box.
      • Copy and paste the below text inside the text-field:
        • "%userprofile%\desktop\ComboFix" /uninstall
      • Now press ENTER
      • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
    • You can re-enable your Disk Emulation software at this time via DeFogger.
    • If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
    • Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
    • Now we will toggle System Restore to remove any infected system restore points.
    • Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
    • Be safe :)
     
  9. SingingSam

    SingingSam Private E-2

    Thanks for all your help :)
     
  10. thisisu

    thisisu Malware Consultant

    You're welcome :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds