I can't get rid of the "Claro Search" startpage in FireFox.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by bibbis, Feb 1, 2013.

  1. bibbis

    bibbis Private E-2

    I've tried SO many solutions for this...
    It was easy to get rid of it in Chrome and IE but NOTHING I do works for FireFox.
    It's driving me INSANE!

    I've done everything listed in the "READ & RUN ME FIRST".
    I had no problem doing any of that.

    If someone would take the time to help me get to the bottom of this I would be so very grateful.


    I've read a lot of posts regarding this issue here on this forum too.
    I've tried all of THOSE solutions that I could too.

    A lot of people are asked to use OTL, so I too downloaded it and ran a scan.
    I've attached the 2 log files.

    I'm running Win7 64-bit.
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Frequently Firefox users run into problems with redirects, popups, unwanted tabs opening, etc. One of the easiest fixes is to Reset Firefox to defaults. See the below link:

    http://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

    Maybe this will cure your problems. But do note that itwill cause you to lose any Extensions, Open websites, and some Preferences.
     
  3. bibbis

    bibbis Private E-2

    Thanks but I've tried that.
    I don't worry about loosing any settings or extensions etc. so I have made several "complete" uninstalls of firefox using both the ordinary uninstall thingy and other more advanced methods like using programs like REVO.
    (As suggested by YOU to another person also fighting the claro-war, actually :p)
    But it hasn't worked. :/

    I really have tried all of the more "basic" fixes to this, like uninstalling, cleaning up files in various places manually and with other programs, cleaning things in the registry and running a bunch of different malware/virus cleaners.
    I got my hops up while using HitmanPro because it detected and REMOVED a crapload of "Claro" things, but it didn't matter either.
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
     
  5. bibbis

    bibbis Private E-2

    The tool seems to get stuck after about a minute on "Checking Startup".
    I let it run for about an hour but when I came back it hadn't moved.

    I closed it and restarted my computer and am now letting it run again but the same thing is happening.

    Do you know what might be wrong?
    I ran it as administrator both times.
     
  6. bibbis

    bibbis Private E-2

    Wait a sec!
    It's moving now.

    I'll get back to you soon.
     
  7. bibbis

    bibbis Private E-2

    Okay here we go, sorry about that.
    I'm attachin the log here:
     
  8. bibbis

    bibbis Private E-2

    My mind is all over the place tonight.
     

    Attached Files:

    • JRT.txt
      File size:
      6.3 KB
      Views:
      5
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did that fix it?
     
  10. bibbis

    bibbis Private E-2

    No claro is still changing my startpage.
     
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please attach the requested logs:
    RogueKiller
    Hitman
    MBAM
    C:\MGLogs.zip
     
  12. bibbis

    bibbis Private E-2

    It took some time for me but I've now completed the scans and here are the logs.

    I didn't do any cleanups in any of the programs I just saved the logs, should I let them do some cleanups too?
     

    Attached Files:

  13. bibbis

    bibbis Private E-2

    Oh no I'm realizing that I screwed up the logs for both MBAM and Hitman.
    I wanted to attach fresh logs in case something had changed on my pc since I first made the scans, so I made fresh scans with all the programs yesterday but I forgot to change the settings for both MBAM and Hitman.

    I know it also says NOT to run the scans again but I thought it would be okay since I'd restarted my computer several times since the first scans.

    Have I screwed this up now?
     
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to allow MBAM to fix all that it finds. Also the same for Hitman, esp. the PUP's.

    Once you do that, re-scan with both MBAM and Hitman and attach the new logs. Tell me how things are now.
     
  15. bibbis

    bibbis Private E-2

    I have now let MBAM clean everything it found, it was 7 PUP things.

    I would just like to tell you what Hitman wants to do since the READ/RUN-ME specifically warns about this.
    Hitman wants to repair my "hosts" file.
    Hitman also finds 1 "Babylon" and 2 "Claro" files marked suspicious/ignore, 19 "punkbuster" files from my Battlefield games' folders that are also marked suspicious/ignore and one additional program called "soundswitch" that quickly changes default sound devices which I've downloaded myself and that is also marked suspicious/ignore.

    Is it safe to let it repair my hosts file and to change all the ignore's to delete, except maybe skipping soundswitch?
     
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Just have Hitman fix the Babylon and Claro items. The rest you can ignore.
     
  17. bibbis

    bibbis Private E-2

    Both programs could remove everything without any problems.
    Here are the new logs.

    I will restart my computer and see how FireFox behaves now.
     

    Attached Files:

  18. bibbis

    bibbis Private E-2

    I've restarted my computer twice now and changed between a bunch of different homepages and there's NO sign of claro!
    I'm going to bed now, I will post here again tomorrow night after having used firefox for a day so that I can really see that claro is gone and STAYS away.

    I'll try not to get too excited yet since it might still hide somewhere but wow I never thought I would find anyone who would be able to really tackle this thing!

    I'll tell you tomorrow how it goes!
     
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Do let me know. In the meantime:

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    2. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work thru the below link


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0
     
  20. bibbis

    bibbis Private E-2

    So I've been at it for TWO days now and there are no signs of claro or any other problems!

    Thank you so much for your help, I can't thank you ENOUGH!

    I think that what you and your colleagues are doing here is amazing.
    Taking the time to help people with their often difficult PC problems for free is frickin great.
    It can't always be easy to do in writing form but from what I've read here on this forum you guys always seem to greet people with a pleasant attitude, without letting them know how much better you are at this (even though you really ARE).

    I may sound too much of a fanboy, but I just want to show you my genuine appreciation. Thank you :)


    I will now go trough your final steps and make sure to follow everything to the letter.
     
  21. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    We do appreciate your thanks. ;)
     
  22. bibbis

    bibbis Private E-2

    You got it^^
    Take care TimW :major
     
  23. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Safe surfing. :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds