Pest Patrol has found a Search Hijacker in Registry and I dont know what to do

Discussion in 'Malware Help (A Specialist Will Reply)' started by Bold Eagle, Dec 26, 2005.

  1. Bold Eagle

    Bold Eagle MajorGeek

    G'day ran pest patrol and found a Search Hijacker but I am not sure what to do? My freind always WARNS me not to touch the registry. Pest Patrol Log is inlcuded.

    Followed all outlined steps before posting this query.

    HijackThis Log is included if this helps. Panda Scan log found a virus but google search says this is harmless (it is located within a pest patrol file) thus I am a little confused about this one, also included. Bit Defender Scan Report found nothing (also included), I ran this after the Panda Scan. I hope this is not to many logs to post most are very short in length. Spybot S & D Scan returned a clean system, use it regularly. Adaware found two tracking cookies (low threat = 3). Microsoft AntiSpyware said system was clean as with Spydoctor. CWShredder found one entry and removed it (ran first in normal mode with nothing and then in safe mode and it found it, Good Advice?!?)

    I try to maintain a secure and clean system but I am still a beginner. I do a fair bit of research to make this a safe surfing vessel and have had most of the apps already installed.

    Pest Patrol says it is a low threat but small problems can become very large if not addressed thus any help would be appreciated.
     

    Attached Files:

  2. Bold Eagle

    Bold Eagle MajorGeek

    Forgot to state have a P4 3.0 GHz, 1 Gig Ram
     
  3. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    HijackThis, BitDefender, and Panda ActiveScan show nothing to be concerned about.

    May be a false Positive by Pest Patrol.
     
  4. Bold Eagle

    Bold Eagle MajorGeek

    I will run Pest Patrol again and note what happens from there, Thanks
     
  5. Bold Eagle

    Bold Eagle MajorGeek

    P.s. so this is no virus to be concerned about and google was right, i.e. it is just a test for Virus Scanners
     
  6. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    That is correct Eicar is not a virus, but a test file.
     
  7. Bold Eagle

    Bold Eagle MajorGeek

    Ran Pest Patrol again and returned exactly same results any suggestions, new log file added. Identical to prev. one. Does Pest Patrol return false positives often?
     

    Attached Files:

  8. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Go to Add/Remove Programs in the Control Panel, choose the ‘NavHelper’ entry, click ‘Remove’ and restart.
     
  9. Bold Eagle

    Bold Eagle MajorGeek

    Tried but not present within the Add/Remove Programs but is present in registry
     
  10. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Look for NavExcel, NavHelper, WildMedia.

    If not present:

    Download
    - Registry Search Tool

    Unzip to your Desktop and double click on regsrch.vbs
    (if you have script protection, please allow this to run)

    In the dialog that opens enter the following:
    Press 'OK'

    The search will run for a while then alert you when it is finished.

    Press 'OK' and copy the contents of the WordPad window and post in this thread
     
  11. Bold Eagle

    Bold Eagle MajorGeek

    Looked for all three and found NavExcel entries. These had been previously removed from the Registry and placed into a seperate from advice recieved from a lot more experienced friend. They were saved into this other folder in case of a false positive and some problem occurred.
     

    Attached Files:

  12. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Pos the contents of this file: C:\\Documents and Settings\\Paul\\Desktop\\NavExcel maybe.reg
     
  13. Bold Eagle

    Bold Eagle MajorGeek

    Here you go. Had to change ot from .reg to .txt as upload was not allowed on this site as a .reg file
     

    Attached Files:

  14. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Yes that is NavExcel.

    Remove these registry entries.

    [HKEY_USERS\S-1-5-21-1719181666-676789874-3028039142-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
    "e"="C:\\Documents and Settings\\Paul\\Desktop\\NavExcel maybe.reg"

    [HKEY_USERS\S-1-5-21-1719181666-676789874-3028039142-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\reg]
    "a"="C:\\Documents and Settings\\Paul\\Desktop\\NavExcel maybe.reg"

    Delete NavExcel maybe.reg
     
  15. Bold Eagle

    Bold Eagle MajorGeek

    Thanks for your help, these maybe naive ques, but I am constantly learning
     
  16. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    No problem.

    How is your computer running?
     
  17. Bold Eagle

    Bold Eagle MajorGeek

    As far as spyware this is a very clean machine (no viruses, couple of tracking cookies and that little pest) and overall software very good with all of the better apps' etc., but I am having overheating issues which I have posted in the other forum "Cooling and Modding: thread: P4 3.0 GHz Prescott overheating.

    It seems hardware issues, still under warranty so should be serviced after New Year 01/03/06.

    Thanks Again
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds