Author Topic: How to remove Snap.Do crap  (Read 1338 times)

Offline Venusphere

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
How to remove Snap.Do crap
« on: August 01, 2013, 01:58:56 PM »
Hi There,  Hope you can help with this irritating virus.

This was downloaded along with some dodgy software for watching online videos. 

I have attached the requisite log files advised in Essexboy's sticky post, however the OTL program did not create the extras.txt file stated.  Do I need to run the program again for that file?

Any help you can provide will b greatly appreciated.

Many thanks from Australia!!

Cheers,

Venusphere   :)

Offline Pondus

  • avast! √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 21799
  • Gender: Male
    • Personal Message (Offline)
Re: How to remove Snap.Do crap
« Reply #1 on: August 01, 2013, 02:06:58 PM »
The extra log is usually not needed

Did snap do go away after you run Adwcleaner?
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Venusphere

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: How to remove Snap.Do crap
« Reply #2 on: August 01, 2013, 02:10:21 PM »
No, still loading on IE and FF.

Hey thx for the quick reply!!

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1358
  • Gender: Male
    • Personal Message (Offline)
Re: How to remove Snap.Do crap
« Reply #3 on: August 01, 2013, 03:02:46 PM »
Hi Venusphere




Re-run OTL.exe.

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]

:OTL
FF - prefs.js..browser.startup.homepage: "http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=hp&installDate={installDate}"
FF - prefs.js..keyword.URL: "http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=ds&installDate={installDate}&q="
FF - user.js - File not found
IE - HKU\S-1-5-21-3047176267-2558041721-1650598396-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3047176267-2558041721-1650598396-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3047176267-2558041721-1650598396-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=hp&installDate={installDate}
IE - HKU\S-1-5-21-3047176267-2558041721-1650598396-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3047176267-2558041721-1650598396-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=ds&q={searchTerms}&installDate={installDate}
O33 - MountPoints2\{29028739-78fd-11e1-9e5e-701a04d99f22}\Shell - "" = AutoRun
O33 - MountPoints2\{29028739-78fd-11e1-9e5e-701a04d99f22}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{29028743-78fd-11e1-9e5e-701a04d99f22}\Shell - "" = AutoRun
O33 - MountPoints2\{29028743-78fd-11e1-9e5e-701a04d99f22}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{66710ebd-5863-11e2-8904-00266c46a046}\Shell - "" = AutoRun
O33 - MountPoints2\{66710ebd-5863-11e2-8904-00266c46a046}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b6f271d8-3082-11e2-a5c8-701a04d99f22}\Shell - "" = AutoRun
O33 - MountPoints2\{b6f271d8-3082-11e2-a5c8-701a04d99f22}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b6f271db-3082-11e2-a5c8-701a04d99f22}\Shell - "" = AutoRun
O33 - MountPoints2\{b6f271db-3082-11e2-a5c8-701a04d99f22}\Shell\AutoRun\command - "" = E:\AutoRun.exe

:commands
[CREATERESTOREPOINT]
[emptytemp]


  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
.




Please download zoek.exe and save it to your desktop.

  • Close any open browsers.
  •   Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.



  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...


  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]

skipfix-iedefaults;
firefoxlook;
chromelook;

  • Click on button
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log

    Note: It will also create a log in the C:\ directory named "zoek-results.log"




 My help is free, however, if you want to support my fight against malware, click here ->

Offline Venusphere

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: How to remove Snap.Do crap
« Reply #4 on: August 02, 2013, 12:44:11 AM »
Hi There,

Please find attached the requested log files.  On opening browser Snap.Do is nowhere to be seen!!   Yayyyyyyy.  Does this mean my machine is now clean?

Many Thanks.

Offline Venusphere

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: How to remove Snap.Do crap
« Reply #5 on: August 02, 2013, 12:48:38 AM »
 >:(   Forget last post.  I just opened a new tab and guess what!  Bloody Snap.Do opened with this url!

feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=nt&installDate={installDate}&q=

Arghhhhhhhhhhhhhhhh

I have turned my anti-virus back on-  is that correct?

Offline Venusphere

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: How to remove Snap.Do crap
« Reply #6 on: August 02, 2013, 12:50:52 AM »
So Yeah,  new window defaults to the FF page, new tab goes to snapdo.

In IE new window and new tab go to blank browser.

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1358
  • Gender: Male
    • Personal Message (Offline)
Re: How to remove Snap.Do crap
« Reply #7 on: August 02, 2013, 07:20:55 AM »
Re-run Zoek Script:


  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this instruction.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]
emptyclsid;
resetIEproxy;
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl];r
"Default"=;r
FFdefaults;
iedefaults;
autoclean;


2. Save notepad as zoekscript.txt




  • Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag zoekscript.txt into zoek.exe.
Zoek will run. When finished, it will produce a zoek-results.log for you.
Note: It will also create a log in the C:\ directory named "zoek-results.log"


>> Please attach it to your reply.


 My help is free, however, if you want to support my fight against malware, click here ->

Offline Venusphere

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: How to remove Snap.Do crap
« Reply #8 on: August 02, 2013, 05:15:50 PM »
Hi Argus,  Many thx for your patience.

Attached is the requested log file.  Both browsers now open new windows and new tabs to google-  no sign of snap.do.

Does this mean it's gone?

Cheers,
Venusphere

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1358
  • Gender: Male
    • Personal Message (Offline)
Re: How to remove Snap.Do crap
« Reply #9 on: August 02, 2013, 05:32:27 PM »
Quote
Does this mean it's gone?

Yes, it's gone  :)


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.




I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity -  Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.


 My help is free, however, if you want to support my fight against malware, click here ->

Offline Venusphere

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: How to remove Snap.Do crap
« Reply #10 on: August 05, 2013, 11:18:17 AM »
ARGUS, Amazing work!!  Many many thx for saving me from the crap!  Your fix worked and my machine is running normally!  You guys really ROCK!!

Venusphere

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now