MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 11-19-12, 01:47
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Hijacked?!

Please Help!... I have read everything I could in the forums and found no solution to my dilemma.
I ran Spybot S & D and it found some stuff- adware and potential hijacker- and got rid of it. Next, I downloaded Ad Aware, and this is when the problems began. A Claro Search was installed along with a Lavasoft Safesearch and I can't get rid of either of them in IE or Chrome. I use Chrome 95% of the time. I have changed the settings in Chrome, cleared the cache and cookies, flushed the DNS in cmd and I am still having this browser issue. When I open Chrome, two tabs open simultaneously- one the Lavasoft, the other the Claro.
Could someone please help me out of this mess?
Thanks in advance for any and all help!
Regards-
timw
Reply With Quote
Sponsored links
  #2  
Old 11-19-12, 14:51
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,538
Thanks: 435
Thanked 4,613 Times in 4,363 Posts
Default Re: Hijacked?!

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Attach JRT.txt to your next message.

Now please follow these instructions:

READ & RUN ME FIRST. Malware Removal Guide
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
The Following User Says Thank You to TimW For This Useful Post:
timw128 (11-23-12)
  #3  
Old 11-20-12, 00:51
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Re: Hijacked?!

Thanks, Tim- It is 2 am here. I'll get it running, go to bed, and deal with it in the morning. Sure appreciate your help!
timw
Reply With Quote
  #4  
Old 11-20-12, 00:57
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Re: Hijacked?!

[QUOTE=TimW;1785758] Please download Junkware Removal Tool to your desktop.

Oh-Oh!... I clicked your link and got a tab that says 'This file appears malicious', and gives me a Discard option. Think I'll do that, until I read your response. Not a good idea to disable my avast! until after the download, right?...
Thanks!
tim
Reply With Quote
  #5  
Old 11-20-12, 14:40
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,538
Thanks: 435
Thanked 4,613 Times in 4,363 Posts
Default Re: Hijacked?!

Yes, you need to disable your AV software. Then after running JRT, see if using Revo Uninstaller to remove that other program.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
The Following User Says Thank You to TimW For This Useful Post:
timw128 (11-20-12)
Sponsored links
  #6  
Old 11-20-12, 16:15
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Re: Hijacked?!

Quote:
Originally Posted by TimW View Post
Yes, you need to disable your AV software. Then after running JRT, see if using Revo Uninstaller to remove that other program.
Now I am confused!... what other program do you refer to?... safesearch.lavasoft?...
Reply With Quote
  #7  
Old 11-20-12, 16:25
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Re: Hijacked?!

OK, it doesn't matter whether the AV is enabled or disabled. I can NOT download JRT from your highlighted text. Please note the attached screenshot, lower left hand corner and you'll see what I mean. The Claro search and the Lavasoft Safe Search are both raising havoc with my services.msc and my browser(s) settings. I have googled and googled to no avail. I really need help with whatever has a hold on my system.
Thanks-
tim
Reply With Quote
  #8  
Old 11-20-12, 17:00
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Re: Hijacked?!

OK, after some quick research, I was able to figure out that JRT and Chrome do not mix. So, I downloaded from IE8, closed, disconnected AV prog and Ran.
You'll find the JRT.txt file attached here.
Thanks-
tim
Attached Files
File Type: txt JRT.txt (3.0 KB, 7 views)
Reply With Quote
  #9  
Old 11-20-12, 18:25
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Re: Hijacked?!

I have ran the other diagnostics, in order, from the bottom of your initial response to me. ( READ & RUN ME FIRST. Malware Removal Guide) These I shall now attach in order. Kaspersky TDSS found nothing, and HitmanPro defined JRT.exe as a trojan. MBRCheck log is from another part of RRMF and has a code in it. As far as the services.msc go, there are items in there where their start up type has changed to boot(?).
Sure hope I did this right!
I am grateful for all of your assistance, TimW- Thank-you!
tim
Attached Files
File Type: txt MBRCheck_11.20.12_18.34.03.txt (8.2 KB, 4 views)
File Type: txt RKreport[1]_S_11202012_02d1838.txt (2.3 KB, 4 views)
File Type: txt QuarantineReport.txt (166 Bytes, 2 views)
File Type: txt mbam-log-2012-11-20 (18-41-27).txt (1.9 KB, 3 views)
File Type: log HitmanPro_20121120_1859.log (3.2 KB, 4 views)
Reply With Quote
  #10  
Old 11-21-12, 07:27
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Re: Hijacked?!

Hello?... Anybody home?...
Reply With Quote
Sponsored links
  #11  
Old 11-21-12, 13:45
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,538
Thanks: 435
Thanked 4,613 Times in 4,363 Posts
Default Re: Hijacked?!

Quote:
Originally Posted by timw128 View Post
Now I am confused!... what other program do you refer to?... safesearch.lavasoft?...
Lavasoft.

I need the log from running C:\MGTools.exe --- C:\MGLogs.zip

Can you go into msconfig and stop those services?
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
The Following User Says Thank You to TimW For This Useful Post:
timw128 (11-22-12)
  #12  
Old 11-22-12, 02:08
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Re: Hijacked?!

Hey TimW- Not sure which services you refer to. I am having all sorts of OS issues and was on the verge of a repair install. Something was/is raising havoc with my system. I rebooted to 'Last known Good...' and the DNS Client and SENS are now back in Services.msc.
I thought I attached the MGTools log in my last post. I, at present, have no record of them. Would you like me to run MGTools again and submit?...

I did write some DOS line commands to the registry to fix the missing services, to no avail. The final element was the 'Last known Good...'
All seems well, at present, but I don't trust the system. Anytime that I have things being changed without my help within System32 makes me wonder.
I'll run the MGTools again and attach log.
Thanks a bunch for your assistance regarding this matter.
tim
Reply With Quote
  #13  
Old 11-22-12, 02:20
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Re: Hijacked?!

Here are the MGTools log.
Thanks!
tim
Attached Files
File Type: zip MGlogs.zip (240.1 KB, 2 views)
Reply With Quote
  #14  
Old 11-22-12, 10:52
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,538
Thanks: 435
Thanked 4,613 Times in 4,363 Posts
Default Re: Hijacked?!

I am not finding any evidence of malware. I think you may need to post in the software forum for your system issues. Are you still having issues with Claro,etc?
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
The Following User Says Thank You to TimW For This Useful Post:
timw128 (11-22-12)
  #15  
Old 11-22-12, 14:17
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,538
Thanks: 435
Thanked 4,613 Times in 4,363 Posts
Default Re: Hijacked?!

You can use Hitman to remove these:
C:\Documents and Settings\All Users\Application Data\blekko toolbars\ (Blekko)
C:\Documents and Settings\All Users\Application Data\blekko toolbars\toolbar.txt (Blekko)
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
The Following User Says Thank You to TimW For This Useful Post:
timw128 (11-23-12)
Sponsored links
  #16  
Old 11-22-12, 18:54
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Re: Hijacked?!

Quote:
Originally Posted by TimW View Post
I am not finding any evidence of malware. I think you may need to post in the software forum for your system issues. Are you still having issues with Claro,etc?
No, I think I have gotten rid of the Claro and AdAware search issues.
Thanks!
Reply With Quote
  #17  
Old 11-22-12, 19:09
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Re: Hijacked?!

Quote:
Originally Posted by TimW View Post
You can use Hitman to remove these:
C:\Documents and Settings\All Users\Application Data\blekko toolbars\ (Blekko)
C:\Documents and Settings\All Users\Application Data\blekko toolbars\toolbar.txt (Blekko)
Will do, that is if I can get it activared again. Having issues with that.
Reply With Quote
  #18  
Old 11-22-12, 19:27
timw128's Avatar
timw128 timw128 is offline
Corporal
 
Join Date: Dec 2011
Location: Bay City, MI
Posts: 213
Thanks: 129
Thanked 3 Times in 3 Posts
Default Re: Hijacked?!

Quote:
Originally Posted by TimW View Post
You can use Hitman to remove these:
C:\Documents and Settings\All Users\Application Data\blekko toolbars\ (Blekko)
C:\Documents and Settings\All Users\Application Data\blekko toolbars\toolbar.txt (Blekko)
OK, got it reactivated and removed those 2 items, plus the last scan found 4 more items that were malware. I have no idea how this is getting past my AV. Maybe it is time to try something other than avast! when this subscription expires.
Thanks for all of your help- it's greatly appreciated!
tim
Reply With Quote
  #19  
Old 11-23-12, 13:46
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,538
Thanks: 435
Thanked 4,613 Times in 4,363 Posts
Default Re: Hijacked?!

Good to know.

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
  2. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  5. Go to add/remove programs and uninstall HijackThis.
  6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
    related to MGtools and some other items from our cleaning procedures.
  7. After doing the above, you should work thru the below link
Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
The Following User Says Thank You to TimW For This Useful Post:
timw128 (11-24-12)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hijacked svchost.exe, hijacked Firefox, previous Antivir Solution Pro infection Walley Malware Removal 1 08-27-10 21:42
Desktop Hijacked/IE Hijacked FiremanJoe Malware Removal 4 01-06-06 13:29
Hijacked! baby1 Malware Removal 2 02-07-05 20:18
Am I being hijacked or something else? Please Help bensoccer Malware Removal 3 08-23-04 13:36
Hijacked again & again & again GolfPro Malware Removal 2 08-20-04 10:54


All times are GMT -5. The time now is 10:42.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger