Yahoo/Spigot Hijaked My Computer - Help Please

Welcome to Major Geeks!

The below is quoted from the download page at Major Geeks and I highlighted the last sentence.

All downloads at MajorGeeks are pretested. What you do have to realize is that many "Free" applications are sometimes only able to keep being free by have sponsor type toolbars. In many cases these can be opted out of during installation and that is exactly the case here. You were presented with the below which you could have declined ( double click to expand the thumbnail )

and then after declining, the installation of IoBit SmartDefrag would have continued. You accepted the installation of the software. So now you will have just uninstall it.

 

As stated, the reason is multi-fold

• It is not considered malware or any other form of infection
• It is optional
• And if Major Geeks and other download sites removed every FREE application that included toolbars like this to support their products, you would have about 85% of the free applications on the internet disappear. Even large companines with pay products ( i.e., Symantec and others ) are now including toolbars and similar to help with costs.

Shutdown your protection software and run the below.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now run MGtools per the below and attach the C:\MGlogs.zip file from MGtools.

 

I assume that you mean your default search engine has been changed?

Is it only Google Chrome that you have an issue with or are you also having an issue with Internet Explorer?

I'm going to assume that you do not want Yahoo as a search engine an remove it from IE down below.

I don't disagree with the fact that it may be causing you and possibly other people similar issues. However, in most cases a proper uninstall and then a reset of your search engine defaults will correct issues like this. Sometimes it is also necessary to check what Add-ons have been attached to your browser/browsers. You could need to either disable or delete an add-on. I think these are basically what is impacting you since there is not too much showing in your logs related to Yahoo/Spigot.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=902615&fr=spigot-yhp-ie

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Then you likely did not follow the instructions properly. The REGEDIT4 line must be the first line in the file. Nothing should be above it.

 

No. It would only have remove the items that had hooked into Chrome.

It's not malicious. It is just nuisance junkware.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove, you can delete these files now.
7. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
8. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

The fix was correct as given. If you changed it by deleting the quotes then it did not do what was required. Please try the original fix again and make sure that only what is in bold print and inside the quote box is put into the fixme.reg file. Also REGEDIT4 must be the first line.

 

I can understand you view point.

You have to remember that you are the one who did not read the popup information and that you agreed to install it when you just clicked continue without reading. You can easily bypass this being installed by declining it. It is no different than many hundreds of other applications. You did not object to all the addons that Adobe added to your PC. You don't need them either. Same applies to the Chrome and Apple startups/services that are not necessary.

Even Sun Java will install Google Toolbar unless you decline it. Avira and many other antivirus programs ( including the PAID version of Symantec ) make you install Ask Toolbar with no choice not to install it.

It is the way the free software and now even some commercial progams have gone to cut costs. If you don't like this then you will have to avoid using any free software from now on and pay for everything you use. In addition you still need to make sure you read before clicking as noted in the link I previously gave you to >> How to Protect yourself from malware!