Jump to content

I'm Infected "Search Settings v1.2.3"


KelvinJ

Recommended Posts

My computer has picked up a virus called "Search Settings v1.2.3" created by Spigot Inc. When I open Control Panel / Add-Remove Programs, it is there and of course will not allow me to remove it. It appears when I click on a desktop Icon, and takes 3-4 tries to cancel it. Once cancelled, my computer appears to work fine.

I ran a Quick scan in Malwarebytes' Anti-Malware, removed 9 infected items, but it did not get this virus. I then ran DDS as per your instructions, and have attached the two text files.

Help would be much appreciated.

Thanks,

Kelvin

attach.txt

dds.txt

Link to post
Share on other sites

Welcome to the forum.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

http://www.howtogeek.com/wp-content/uploads/2008/03/image51.png <---like this

------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Then......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Thanks MrCharlie...

Output reports attached as text file.

Thanks,

Kelvin

Welcome to the forum.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

http://www.howtogeek.com/wp-content/uploads/2008/03/image51.png <---like this

------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Then......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

mbam-log-2011-12-26 (10-35-23).txt

Extras.Txt

OTL.Txt

Link to post
Share on other sites

Did you install this program:

C:\Program Files\blekkotb

------------------------

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    SRV - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    IE - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\URLSearchHook: _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
    IE - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
    O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003..\Run: [TwitterSubmitter] C:\Program Files\Twitter Submitter 4Pro\TwitterSubmitter4Pro.exe File not found
    O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MDG User\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    :Commands
    [createrestorepoint]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

12272011_095625.logThanks MrC...

I did not intentionally install C:\Program Files\blekkotb. I followed your instructions and attached the .log file. It appears that the virus is gone.

Please advise as to next step if any.

Thanks,

Kelvin

Did you install this program:

C:\Program Files\blekkotb

------------------------

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    SRV - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    IE - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\URLSearchHook: _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
    IE - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
    O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003..\Run: [TwitterSubmitter] C:\Program Files\Twitter Submitter 4Pro\TwitterSubmitter4Pro.exe File not found
    O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MDG User\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    :Commands
    [createrestorepoint]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

These types of tool/search bars are open to debate on whether to keep them or uninstall them, it's up to you.

If you want to it's listed in your programs add/remove programs:

"blekkotb" = Spam Free Search Bar

or here's instructions:

http://help.blekko.com/index.php/how-do-i-uninstall-search-bar/

-----------------------------------

You have out of date Java on the system:

Older versions are vulnerable to malware.

Go to your control panels add/remove programs and uninstall all and any Java found.

Then download and run JavaRa to clear out any left-overs, info here

Then download and install the latest version: Version 6 Update 30

http://www.java.com/en/download/manual.jsp <---latest version

http://www.java.com/en/download/installed.jsp <---verify your Java

--------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

MrC....

I removed Blekko, installed latest version of Java, and ran Clean Up in OTL.

Although the virus does not seem to affect the performance of my computer, "Search Settings v1.2.3" still shows up in Add / Remove Programs.

Is this a problem?

Also, I have used CCleaner to clear my cache and Auslogics Disk De-frag for de-fragmentation about once a week. Should I keep doing this?

Finally, if I install Malwarebytes, would I run this in conjunction with Norton 360, get rid of Norton?

Thanks,

Kelvin

These types of tool/search bars are open to debate on whether to keep them or uninstall them, it's up to you.

If you want to it's listed in your programs add/remove programs:

"blekkotb" = Spam Free Search Bar

or here's instructions:

http://help.blekko.com/index.php/how-do-i-uninstall-search-bar/

-----------------------------------

You have out of date Java on the system:

Older versions are vulnerable to malware.

Go to your control panels add/remove programs and uninstall all and any Java found.

Then download and run JavaRa to clear out any left-overs, info here

Then download and install the latest version: Version 6 Update 30

http://www.java.com/en/download/manual.jsp <---latest version

http://www.java.com/en/download/installed.jsp <---verify your Java

--------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

For the add/remove programs entry.........

Download HiJackThis from the link below:

http://www.trendmicro.com/ftp/products/hijackthis/HijackThis.exe

Run HJT and click on Main Menu > Open the Misc Tools section > Open Uninstall Manager > Click on "Search Settings v1.2.3" > to the right you'll see Delete this entry > click on it and that will remove that entry from the list.

-----------------------------------------

Also, I have used CCleaner to clear my cache and Auslogics Disk De-frag for de-fragmentation about once a week. Should I keep doing this?

Yes that's OK to do, stay away from any registry cleaners though!

Finally, if I install Malwarebytes, would I run this in conjunction with Norton 360, get rid of Norton?

They should run well together, but I always suggest using Microsoft Security Essentials together with MBAM:

http://www.microsoft.com/security/pc-security/mse.aspx

There's a little tweaking that should be done though:

http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=181018entry181018

Please let me know if you have any more questions, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.