MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 08-23-12, 12:22
dstern dstern is offline
Private First Class
 
Join Date: Mar 2006
Posts: 66
Thanks: 5
Thanked 0 Times in 0 Posts
Default Snap.do browser hijack

I am have been infected with the snap.do browser toolbar. It is affecting both Google Chrome and IE. (I do not have Mozilla or other browsers). I worked through the browser re-direct solutions, but these did not solve the problem. I have run through the Read Me and Run Me First malware removal procedures for Windows 7. The logs are attached.

Thanks for your help!
Attached Files
File Type: log HitmanPro_20120823_1143.log (1.3 KB, 2 views)
File Type: txt mbam-log-2012-08-23 (11-17-54).txt (1.8 KB, 3 views)
File Type: txt RKreport[1].txt (1.8 KB, 3 views)
File Type: txt TDSSKiller.2.8.7.0_23.08.2012_11.30.20_log.txt (136.3 KB, 4 views)
File Type: zip MGlogs.zip (294.5 KB, 9 views)
Reply With Quote
Sponsored links
  #2  
Old 08-23-12, 13:33
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,715
Thanks: 449
Thanked 4,656 Times in 4,395 Posts
Default Re: Snap.do browser hijack

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
Quote:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=Snapd...pe=hp&exp=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Snapd...q={searchTerms}
After clicking Fix, exit HJT.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).
Then attach the below logs:
* C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #3  
Old 08-23-12, 14:45
dstern dstern is offline
Private First Class
 
Join Date: Mar 2006
Posts: 66
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Snap.do browser hijack

Thanks, Tim. I deleted the registry lines, and ran the C:\MGtools\GetLogs.bat file. It ran through to the end, but did not generate a log file. I have no idea why this should be the case, since when I generated and attached the log files it generated when I first worked through the Malware removal procedures. Now there is no MGlogs zip file to be seen.

Snap.do is still affecting my browsers.

What's next?
Reply With Quote
  #4  
Old 08-23-12, 15:25
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,715
Thanks: 449
Thanked 4,656 Times in 4,395 Posts
Default Re: Snap.do browser hijack

What version of IE are you using?
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #5  
Old 08-23-12, 15:40
dstern dstern is offline
Private First Class
 
Join Date: Mar 2006
Posts: 66
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Snap.do browser hijack

I am using IE 8 and Chrome 21.0.1180.83 m Actually, I almost never use IE. In opening it just now to check the version, Snap.do did not appear. But it does continue to load with Chrome.
Reply With Quote
Sponsored links
  #6  
Old 08-23-12, 15:51
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,715
Thanks: 449
Thanked 4,656 Times in 4,395 Posts
Default Re: Snap.do browser hijack

See if THIS fixes it.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #7  
Old 08-23-12, 16:27
dstern dstern is offline
Private First Class
 
Join Date: Mar 2006
Posts: 66
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Snap.do browser hijack

YES. Thanks. Any final steps I need to take?
Reply With Quote
  #8  
Old 08-24-12, 13:56
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,715
Thanks: 449
Thanked 4,656 Times in 4,395 Posts
Default Re: Snap.do browser hijack

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
  2. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  5. Go to add/remove programs and uninstall HijackThis.
  6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
    related to MGtools and some other items from our cleaning procedures.
  7. After doing the above, you should work thru the below link:


Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Browser Hijack? robbigfalls Malware Removal 2 09-21-09 02:30
Browser Hijack fronie99 Malware Removal 1 10-03-06 18:08
Browser Hijack SirWilliam13 Malware Removal 8 06-14-05 01:06
browser hijack stansnet Malware Removal 44 12-30-04 16:57
browser hijack marjesway Malware Removal 5 12-30-04 06:10


All times are GMT -5. The time now is 01:58.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger