Jump to content

Please help my laptop if infected with adaware secure search engine


Recommended Posts

my laptop is infected with with that lavasoft adaware secure search engine on my firefox browser and cant seem to remove it. ive tried downloading other anti malware software like spyhunter but didnt seem to work i think its only possible if you purchase the whole software. i also have malwarebytes but only in free trial. in additional to this ive tried searching for some suspicious files like dsengine.js and dsengine.cfg or any similar files on the mozilla firefox folders as said on mozilla support but didnt find anything. deeply regret downloading utorrent web which i think is the cause of these mess.

I have also attached the FRST.txt and addition.txt for more information

FRST.txt Addition.txt

Link to post
Share on other sites

Hi,       :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 4 consecutive days,  do try to let me know ahead of time, as much as possible.

Please know I help here as a volunteer.  and that I am not on 24 x 7.
 
  
Please only just attach   all report files, etc  that I ask for as we go along.

I would advise to not do any other tools on your own.    I will guie upu from here forward.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.
Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.
Adwcleaner  detects factory Preinstalled applications too! 

Please download  Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner

 
Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.
At the prompt for license agreement, review and then click on I agree.

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).
Then click on Dashboard button.
Click the blue button "Scan Now".

allow it a few minutes to finish the Scan.   Let it remove what it finds.
NOTE:  When it comes to the section "
Pre-installed applications

You can skip that.
Please find and send the Adwcleaner "C" clean report.
In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".
Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs
Thanks.  Keep me advised.
 

Edited by Maurice Naggar
Link to post
Share on other sites

Thanks for the Adwcleaner report.   I ought to have mentioned before,  to the best of my recollection, Lavasot Adaware is not a source of suspected things.

I would mention that Avast would have prevented any changes to settings for Firefox.

I am sending a custom script to remove  the entries of securesearch.org from Firefox & IE , and to run the Windows System File Checker app.

 

The system will be rebooted after the script has run.

.

This custom script is for  Mikedee2020  only / for this  machine only.

 
Close and save any open work files before starting this procedure. 

I am sending a    custom Fix script which is going to be used by the FRST64  tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the Downloads folder

The tool named FRST64 .exe   tool    is already on the Downloads
Start the Windows Explorer and then, to Downloads folder


RIGHT click on  FRST64     and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

Fixlist.txt

Link to post
Share on other sites

Hello.   Thanks for the log.   There is a need to run the Windows SFC app.

I just would like you to do one run with the windows System File Checker applet.

Open an elevated command prompt window i.e. run Command Prompt as an administrator .

 

See   this guide    https://www.sevenforums.com/tutorials/783-elevated-command-prompt.html


It is best to use the Windows Copy ( CTRL+ C )  and paste  ( CTRL+V )  for the whole line, as-is

On that command prompt,  Copy & Paste this command

sfc /scannow

and tap Enter.   Have patience.   I would like to know the message lines at the very end, after it has finished.

.

This OS is a Windows 7 SP1   which is no longer in support at Microsoft.   Have you considered to upgrade to Windows 10  which is supported & more up-to-date with latest security.

Edited by Maurice Naggar
Link to post
Share on other sites

Good morning.   That is an excellent result from SFC.   So, kindly let me know, what is the current status about the original issue "secure search" ?

and is there anything else that you need ?

Link to post
Share on other sites

i tried to go to firefox on the right side to options and search---then to the default search engine its seems changeable not having to be stuck on that lousy lavasoft secure search. i have used malwarebytes software to try remove any trace of it although ive only use the trial.

so are there still any problems found in the scan?

it seems ok now to me

Link to post
Share on other sites
8 hours ago, mikedee2020 said:

so are there still any problems found in the scan?

Which / what scan are you referring to ?

By the way, in Firefox settings, you can & should be able to set your own choice for the preference for Search engine.

https://support.mozilla.org/en-US/kb/change-your-default-search-settings-firefox

Link to post
Share on other sites

hello again im sincerely sorry again for replying late my wifi and internet connection was temporarily cutoff for the whole night ...anyway i can finally reply now.

i meant using the elevated command prompt scan. is there nothing found? if it is good then it seems i dont have any more problem. also ive able to change the search engine preferences on firefox which i think cant change previously.

Link to post
Share on other sites

Hello.  Good to hear from you.  The last elevated command prompt I had you use, was for running The Windows System File Checker tool.  And that run found no problem.  So that is good.

You wrote that on the 16th    

Quote

Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

SO, that is all good.   You also ( I believe )  indicate that the Firefox search preference is OK now.

Let me just suggest a new Scan with Malwarebytes for Windows.

To run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button.
Have patience during the run.
When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
Then click on Quarantine selected.

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

[      2       ]

This next part is just to check on the update status of some utility applications.

SecurityCheck by glax24    

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.
Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
and save the tool on the desktop.

If Windows's  SmartScreen block that with a message-window, then
Click on the MORE INFO spot and over-ride that and allow it to proceed.
This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.

You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt
[      3     ]

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

.

For    Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser:   

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.