snap.do virus

[jamesrdutton]

Hellow
whenever i open my browsers i see this search engine snap.do(search.snapdo.com/?st=nt&q=). it looks like a nagging malware to me. it has slowed down my win xp sp3 destop. the AdwCleaner[R0].txt and OTL.Txt are attached.
Please help me out
thank you

[TwinHeadedEagle]

Hi,



Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
  
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  
• Post logfile will also be saved in the C:\AdwCleaner folder.

Then...



Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named



Double-clicking to run GMER.

• Wait for initial scan to finish - if there is any query, click No;
  
• Click Scan button and wait until the full scan is complete;
  
• Click Save ... - save the report to the Desktop (named Gmer );
  

> Attach here Gmer logreports.



Then...



Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[jamesrdutton]

Hi

Thanks for you help

I ran AdwCleaner 3 time all wit the same results.  It generater memory exception erros as it was trying to close programs. Then it closed doto the same.  I am attaching the 3rd report, they all seem to be the same.
I then ran GMER,  The scan did not finish so I stopped it ( I got disk does not exist error and tried retry and continue a few times).  I am attaching the log file.
Then I ran FRST. It completed succesfully.  I am attaching the 2 text files as well.

Thanks for you help!!

[TwinHeadedEagle]

Re-run Adwcleaner, but now make sure to hit Clean button, after the scanning is complete.
Attach me that log.


After Adwcleaner, re-run FRST and attach me the fresh report.


Please download aswMBR and save it to your desktop.

Double click aswMBR.exe to start the tool.

• Select Yes if prompted to download the Avast database.
   
• Click Scan
   
• Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
  Note: do NOT attempt any Fix yet.
  
  

[jamesrdutton]

Hi

Adwcleaner cleaning successful.  I had to use msconfig to set diagnostic mode. I am attaching the Adwcleaner log file and another Adwcleaner log filre scan only after Adwcleaner removed files ect.

I re-ran FRST and attached the fresh report.

I ran aswMBR.exe and attached the sswMBR.txt file.  There was also created a MBR.dat file which I have not attached.

Thanks so much for all your trouble!!

[TwinHeadedEagle]

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

FF NewTab: hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=f8641297-829c-8c9c-37e1-9faf8a631a8a&searchtype=nt&installDate=09/11/2013
FF Extension: Snap.Do  - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j1lml21f.default\Extensions\{f8641297-829c-8c9c-37e1-9faf8a631a8a}
C:\Documents and Settings\HP_Administrator\Local Settings\Temp
cmd: ipconfig /flushdns
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.



How are the things now? Still any problems?

[jamesrdutton]

Hi

Yes the tool did warm me and i have the dowdload.

I'm sorry but I do not know how to do the "Run FRST/FRST64" in windows xp sp3. I tried running cmd and then c:\FRST FRST/FRST64 executing this but gettining an error msg.  I also tried start run (c:\FRST FRST/FRST64) and it just opened the FRST folder I created with FRST and fixlist.txt.

Things are much better:
my browsers work fine
I don't get random services stoppages messages

However, I have lost network access. I think the dll that provided that was infected and was removed

Thanks again for your EXPERT help!!

[TwinHeadedEagle]

Just download FRST from link above and follow my last instructions...

[jamesrdutton]

Ok

I got "Run FRST/FRST64" to run and on reboot let it continue.  I am attaching the Fixlog.txt file

Browsers working fine and the OS seems stable.

Thanks once AGAIN!!

Ps: I still canot access shared folders on other computers on my network
I get the message "Shared folder is not accessable"
Under local area connections properties, file and printer sharing for microsoft networks the properties box is dimmed out
Is ther a file that I can expand from msconfig to get my local network shares back?

[TwinHeadedEagle]

Try this --> http://support.microsoft.com/kb/318030

[jamesrdutton]

Hi

I reboted both networked computers and File and Print Sharing for Microsoft Networks worked.  I still see under local area connections properties, file and printer sharing for microsoft networks the properties box is dimmed out. But who cares everything words!!

YOU ARE THE MAN!!!!!!!!!!!!!!!!!!!!!

thanks so VERY much for all you EXPERT help!!!!!!!!!!!!!!!!!!

[Michael (alan1998)]

it has slowed down my win xp sp3 destop.

Sorry to barge. Just to inform you, the support of Windows XP SP3 is soon coming to an end on April 8th 2014 (For Extended support).

[TwinHeadedEagle]

Good to hear that everything is working



Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.

[jamesrdutton]

I ran DelFix

Everything good but I can not run chkdsk without it hanging at step 4, 0%

Any susgestions?

TIA

[TwinHeadedEagle]

For how long does it hang on?