Jump to content

Security.Hijack Threat


rray6

Recommended Posts

I am a subscriber to Malwarebytes Premium.  I just got a threat warning for Security.Hijack in my registry.  MWB apparently caught it and recommended Quarantine which I did.  After quarantining the threats, I then ran a MWB scan and found no other threats.  However, since this was an attack on my registry, I was concerned that I may still have a hidden issue.  I have attached the log from the scan and a screen shot of MWB's initial warning of the threat.  I think I am probably okay - I just don't know how potentially bad Security.Hijack is.  Can I consider myself secure and clean based on the recent Malwarebytes scan?

rray6

MW Scan Log.txt

post-164062-0-68062600-1421096522_thumb.

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

remove%20outdated.jpg Uninstall some programs
 
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • 7-zip v9.20
  • Free File Viewer 2012
  • InstallConverter
  • Search App by Ask

After completing uninstalls, please manually reboot your machine!
 
Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.
 
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 
 
 
 
adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please upload report in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 
 
 
 
51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and upload your next reply.

fixlist.txt

Link to post
Share on other sites

Here are the requested files.  I was unable to remove Search App by Ask - it gave me a message "The Windows Installer Service could not be accessed" and would not uninstall it.  I never use Ask and would love to have this program gone - if you know any tricks to uninstall this, please let me know.  The other apps were uninstalled with no problem.

 

rray

AdwCleanerS2.txt

Fixlog.txt

MW Scan Log.txt

Link to post
Share on other sites

I just attempted to uninstall several other programs and each time got the same Windows installer service message.  I was able to uninstall the first 3 programs you suggested but not the Search App for Ask - after that the uninstaller seems to be broken.  Could this be related to my MW problem?

 

rray6

Link to post
Share on other sites

Yes, we will remove last application manually. But before we do this, tell me how is your PC now?
 
 
 
FRST.gif FRST search
 
Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

  • Copy {57434C32-2D53-5000-76A7-A758B70C1500} into the Search: field in FRST then click the Search Registry button.
  • FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  • Please attach it to your reply.
Link to post
Share on other sites

The Search.txt is attached.  My computer has a problem now that it did not have before we started.  It will no longer install or uninstall programs through Windows Installer. - gives the message "Error 1719: Windows Installer Service could not be accessed.  This can occusr if the Windows Installer is not correctly installed".  A screen capture program that I use frequently, Snag-It (version 12), no longer will open.  It acts like I am trying to install or uninstall it and gives the 1719 error message above and then another "Fatal Error during installation" message.  I tried to re-install it and got the same error.  I have randomly tried to uninstall various programs with no success.  As I said, the first 3 programs that you asked me to uninstall via the appwiz.cpl were successfully removed.  But once I tried the Search App for Ask, the installer apparently broke.

 

The other new issue that I have noticed is that the Intel Turbo Boost Technology Monitor which apparently runs in the background (or has for as long as I have owned the computer) now leaves a small window open every time I restart the computer.  This has never happened before - don't know if it is a problem, just more of a nuisance and an indicator that something is not working right.  I captured a Snipping tool shot of it, FYI.

 

If there are any other issues, I have not come across them yet.

 

rray6

Search.txt

post-164062-0-90499800-1421170212_thumb.

Link to post
Share on other sites

Okay, we will run one more fix:
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

 

 

 

Is everything okay now?

fixlist.txt

Link to post
Share on other sites

I ran the Fix and the machine restarted.  The log is attached.  I tried to uninstall a program and got the same error message (Error 1719).  However, for some reason, Search App by Ask seems to be gone.  Still, my installer seems to be messed up and will not let me install or uninstall programs.

 

rray6

Fixlog.txt

Link to post
Share on other sites

Hello TwinHeadedEagle,

I finally decided to do a system restore - restored back about 36 hours ago.  The restore solved the Windows Installer error 1719 problem, I think.  I have been able to use the uninstaller again.  Search App by Ask was present again so I used the uninstaller to remove it.  It occurs to me that some of the fixes you did may have been undone by the restore.  Another problem is that Malwarebytes seems to be crippled - I tried running the FIX but I cannot fix it or run a scan.  I will not do anything else until I hear back from you.  Again, Malwarebytes does not appear to be working.  I attached a screen shot.

 

rray6

post-164062-0-33875200-1421219391_thumb.

Link to post
Share on other sites

Unfortunately, no.  I turned off the machine last night - everything seemed to be working then after the Restore.  But after restarting it again this morning, the error 1719 is back and I cannot use the Windows Installer.  In addition, my Snagit has quit working again - it is tied to this issue since every time I try to open Snagit, the error 1719 message comes it.  Snagit did start working again last night after I did the Restore but now it is trying to access the installer again for some reason.  None of this was occurring before we started this malware debugging.

 

rray6

Link to post
Share on other sites

So far, nothing has worked to completely resolve this issue.  I can uninstall and install some programs but not all - I still get the error 1719 on some installation attempts.  I tried the solution in this last link you sent including doing it in Safe Mode - no difference.

Link to post
Share on other sites

On a side note, one of those apps that you suggested for me to uninstall earlier came back after the System Restore last night.  Free File Viewer.  I could not uninstall it - it said it was missing some file.  I have attached a screenshot of the error message.  If you know how to manually uninstall something like this, please let me know.  I still have a Windows Installer problem and this may be a result of it.  Since there is no evidence of malware now, I wonder if the original Security.Hijack attack (that I first contacted you about) did some damage.

 

rray6

post-164062-0-07787400-1421287436_thumb.

Link to post
Share on other sites

iTunes (latest version), Snagit 12, AVG PC Tuneup are the 3 big programs that will not uninstall/install.  Aside from this, I have only tried a few small apps (things I don't need) and most of those did uninstall except for the Free File Viewer.  Starting last night, my Outlook 2013 is taking 5-7 minutes to open and send/receive - it used to do this in about 30 seconds.  I tried to repair it through Control Panel and got the same Windows Installer error.  My computer seems to be falling apart before my eyes.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.