imcurtis Posted July 23, 2014 ID:856809 Share Posted July 23, 2014 I am having a horrible time getting rid of this malware/hijack. No matter what I do and I have done tons of things this site safesear.ch keeps populating my startup screen on all browsers. If I just ignore it and browse around the net it will not take long until adchoice adds start popping up in all my windows. I run malwarebytes and it pulls some pups and then comes up clean. Sometimes it even reboots my pc. Then once I get clean scans I open the browser and there it is again. and we start the same process. And one other note. I now have a yellow lock on all my browser icons I have pinned in the toolbar. I noticed this only after I got tangled up in the safesear.ch loop. I think it is related. Can you help? I did buy the pro version but it did not change the outcome. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 23, 2014 ID:856824 Share Posted July 23, 2014 Hello,Before we start please read and note the following: Limit your internet access to posting here, some infections just wait to steal typed-in passwords. Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good. Do not paste the logs in your posts, attachments make my work easier. There is a Upload a File button which you can use to attach your reports. Attach all reports. Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational. Note that we may live in totally different time zones, what may cause some delays between answers. Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it. I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! P2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Scan with ZOEKPlease download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script:createsrpoint;process;services-list;installedprogs;systemspecs;startupall;filesrcm;firefoxlook;chromelook;skipfix-iedefaults;Make sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Attach report into your next reply. Link to post Share on other sites More sharing options...
imcurtis Posted July 24, 2014 Author ID:857037 Share Posted July 24, 2014 I will follow instructions and get back with you. Link to post Share on other sites More sharing options...
imcurtis Posted July 25, 2014 Author ID:857560 Share Posted July 25, 2014 I have to say I am skeptical about your request. I downloaded this app Zoek. But when I clicked on the link above I was bombarded by ads and about 8 popups waning me to click here and get the best anti-ad software on the market. I almost stopped there. Now I run this Zoek and it simply lists all of my PC config and all of my installed software and is just a listing of everything on my PC. I don't want to post that to an open forum in open flat txt. So sorry if I ask for some kind of verification that I am not sending this stuff to a scam. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 25, 2014 ID:857585 Share Posted July 25, 2014 If you are skeptical about this, then send it to me via PM. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 26, 2014 ID:857992 Share Posted July 26, 2014 I see you did not disable BitTorrent. Please remove BitTorrent Sync until you are helped here.This fix won't reveal your personal data, you can copy its report straight here: Scan with ZOEKTemporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script:createsrpoint;e9f32388;sc:\progra~2\gssupp~1;fs[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r"AppInit_DLLs"="";rC:\\PROGRA~2\\SearchProtect;fs[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions];r"{jid1-vS7biDmom8YxhA@jetpack}"=-;rijalclppekfhojnoplppccfiepmbkmdj;chrmnhoblifnapcpejkecafbomehbbmalhk;chremptyalltemp;autoclean;Make sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Post its content into your next reply. Scan with Malwarebytes' Anti-MalwarePlease re-run Malwarebytes' Anti-Malware.First of all, select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the newest Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 28, 2014 ID:859104 Share Posted July 28, 2014 You still with me? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 29, 2014 Root Admin ID:859644 Share Posted July 29, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts