julesaddiction Posted August 18, 2013 ID:716585 Share Posted August 18, 2013 I opened Chrome today to find that it was set to Yahoo, specifically this website: search.yahoo.com/?type=714647&fr=spigot-yhp-ch And when I tried to search through my browser, it was set to search Yahoo also. I attempted to reset my homepage and my default search engine on Chrome settings, but even though the settings were saved, it still kept opening to Yahoo. I found the culprit, SearchSettings.exe by Spigot Inc, and deleted it from the Control Panel. Unfortunately, that seems to have been a mistake, because my browser's preferences have still been overridden (on Chrome AND Firefox AND IE), and I keep being redirected to this Yahoo-Spigot homepage. I scanned with Microsoft Security Essentials, it detected Exploit: Java/CVE 2012-1723 but gave this error message: "Security Essentials encountered the following error: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer." I scanned with Malwarebytes. Did not find anything. Attached the DDS files. Thanks for taking the time to do this, I really appreciate your help!dds.txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 18, 2013 ID:716594 Share Posted August 18, 2013 Welcome to the forum. Please download and run RogueKiller 32 Bit to your desktop. RogueKiller 64 Bit <---use this one for 64 bit systems Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes) P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. MrC Note: Please read all of my instructions completely including these. Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
julesaddiction Posted August 18, 2013 Author ID:716736 Share Posted August 18, 2013 OK, I have removed P2P uTorrent -- if anything remains, it was an unintentional oversight and I will remove it once it is pointed out to me.Here is my RogueKiller log.Thanks again for your help! Link to post Share on other sites More sharing options...
MrCharlie Posted August 18, 2013 ID:716741 Share Posted August 18, 2013 I don't see any report from RK. MrC Link to post Share on other sites More sharing options...
julesaddiction Posted August 18, 2013 Author ID:716743 Share Posted August 18, 2013 RKreport0_S_08182013_083750.txt Oh, I could have sworn I attached it. Trying again. Link to post Share on other sites More sharing options...
MrCharlie Posted August 18, 2013 ID:716745 Share Posted August 18, 2013 Please download AdwCleaner from here and save it on your Desktop. AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs. AdwCleaner is a tool that deletes : · Adwares (software ads) · PUP/LPI (Potentially Undesirable Program) · Toolbars · Hijacker (Hijack of the browser's homepage) It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1. Note: Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system. If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it. Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner. You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below: /DisableAskDetection - This option disables Ask Toolbar detection. MrC Link to post Share on other sites More sharing options...
julesaddiction Posted August 18, 2013 Author ID:716748 Share Posted August 18, 2013 AdwCleanerR1.txt Here is the ADWC log Link to post Share on other sites More sharing options...
MrCharlie Posted August 18, 2013 ID:716765 Share Posted August 18, 2013 Some adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number. Then...... Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Last......... Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
julesaddiction Posted August 18, 2013 Author ID:716977 Share Posted August 18, 2013 JRT.txtAdwCleanerS1.txt mbam-log-2013-08-18 (18-44-17).txt The Yahoo redirect is gone! Thank you so much. Would you recommend I hang on to ADW and JRT and run them every week or so? Link to post Share on other sites More sharing options...
MrCharlie Posted August 18, 2013 ID:716984 Share Posted August 18, 2013 The Yahoo redirect is gone! Thank you so much. Would you recommend I hang on to ADW and JRT and run them every week or so? You can do that but always download fresh copies as they're updated frequently. ------------------- Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
julesaddiction Posted August 19, 2013 Author ID:717195 Share Posted August 19, 2013 Ok, here we go: Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! avast! Antivirus Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 14.0.1 Firefox out of Date! Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe AVAST Software Avast setup avast.setup `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted August 19, 2013 ID:717202 Share Posted August 19, 2013 Out dated programs on the system are vulnerable to malware.Please update or uninstall them:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Adobe Reader 10.1.7 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).-------------------------------Google Chrome 28.0.1500.72 <-----OLDGoogle Chrome 28.0.1500.95 <-----OKYou have old versions of Google Chrome on the system.Please download and run OldChromeRemover.@Windows Vista/Windows 7-8 users must use “Run As Administrator.”----------------------------A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)---------------------------------If you used FRST:Download the fixlist.txt to the same folder as FRST.Run FRST and click Fix only once and waitThat will delete the quarantine folder created by FRST.-----------------------------If you used DeFogger to disable your CD Emulation drivers, please re-enable them.-------------------------------Please download OTC to your desktop.http://oldtimer.geekstogo.com/OTC.exeDouble-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
julesaddiction Posted August 19, 2013 Author ID:717209 Share Posted August 19, 2013 I really appreciate your help! Last question: are you able to tell if a keylogger was used? Should I change all my passwords? Link to post Share on other sites More sharing options...
MrCharlie Posted August 19, 2013 ID:717233 Share Posted August 19, 2013 No keylogger detected and it's always a good idea to change PW after an infection. MrC Link to post Share on other sites More sharing options...
LDTate Posted August 20, 2013 ID:717704 Share Posted August 20, 2013 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts