Avast WEBforum
Other => Viruses and worms => Topic started by: RocketNut on December 02, 2012, 01:29:10 PM
-
We had major crash (HDD fire). We are reinstalling backups and downloading the lastest greatness apps. All of sudden a search engine call SNAPON got loaded. Does any one know how to get reinded of it?
-
Follow the steps here http://forum.avast.com/index.php?topic=53253.0
-
Here is AdwCleaner log.
# AdwCleaner v2.010 - Logfile created 12/02/2012 at 10:59:53
# Updated 29/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Acer - ACER-PC
# Boot Mode : Normal
# Running from : C:\Users\Acer\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\coaxl5oa.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Public\Desktop\eBay.lnk
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=95bfed19-9b90-4a04-b487-2dfe509d72a9&searchtype=hp --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=95bfed19-9b90-4a04-b487-2dfe509d72a9&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=95bfed19-9b90-4a04-b487-2dfe509d72a9&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=95bfed19-9b90-4a04-b487-2dfe509d72a9&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=95bfed19-9b90-4a04-b487-2dfe509d72a9&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (en-US)
Profile name : default
File : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\coaxl5oa.default\prefs.js
Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=95b[...]
*************************
AdwCleaner[S1].txt - [2845 octets] - [02/12/2012 10:59:53]
########## EOF - C:\AdwCleaner[S1].txt - [2905 octets] ##########
-
That looks to have got rid of it, could you confirm that
-
YES But now I have something called "SmartFish".
I SEND MY HARD EARN DOLLARS TO HAVE PROTECTION. WHAT I GOT IS A VIRUS MAGNET THAT LOVES EVERY VIRUS BECUASE THE FRONT DOOR IS WIDE OPEN FOR THE.
Here is AdwCleaner for the SupperFish which this piece of **** let in.
# AdwCleaner v2.010 - Logfile created 12/03/2012 at 05:55:27
# Updated 29/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Acer - ACER-PC
# Boot Mode : Normal
# Running from : C:\Users\Acer\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
Profile name : default
File : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\coaxl5oa.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2968 octets] - [02/12/2012 10:59:53]
AdwCleaner[S2].txt - [750 octets] - [03/12/2012 05:55:27]
########## EOF - C:\AdwCleaner[S2].txt - [809 octets] ##########
-
That is not classified as malware/virus but a Potentially Unwanted Programme (PUP)
This due to the fact that some people willingly install that type of programme, it will also come bundled with free software
If you could run an OTL scan I will check that it has all gone
-
Why should I load and run this OTL? As far I'm concern I to could load more virus in to my machine.
-
Trust is the word here, None of my tools are malicious
-
Here's you supper virus magnet OTL log. And for trust you take it and *****************************************************
-
Your problem is probably related to this .. Normally I would remove it, but it is something you have installed
FF - prefs.js..extensions.enabledAddons: infoatoms%40infoatoms.com:1.4.0.0
Details here http://www.systemlookup.com/CLSID/76444-InfoAtomsClientIE_dll.html
-
I don't understand that link. What are you trying to tell me?
-
The addon that it refers to will, when you are browsing produce advert popups, get additional search engines and may install them. It will track your usage and travels
-
I found it, should I delete that file? Right now I have renamed by adding "-xxx" to end of file name.
Secondly:
I think I only send you a single file so I am resending both OTL files again.
-
I can remove it for you
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
FF - prefs.js..extensions.enabledAddons: infoatoms%40infoatoms.com:1.4.0.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\infoatoms@infoatoms.com: C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com [2012/12/01 12:35:56 | 000,000,000 | ---D | M]
[2012/12/01 12:35:56 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com
O2 - BHO: (InfoAtoms) - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (InfoAtoms Inc.)
:Files
C:\Program Files (x86)\InfoAtoms
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Here is the log. There is one more I do not where it is.
-
If it is in Chrome you will need to reset the search engine manually
-
I am not using CHROME. Maybe it got load when enstalledd my apps.
-
Where are you seeing it ?
-
Sent I ran your programs my system seems to be running better.
I don't understand your question
Where are you seeing it ?
How do I reset the search engine manually?
I notice that I am no longer the ADM user, how do I reset my ADM status? Also I have 2 Desktop INI files on my desktop that where not there before. Can I delete them?
-
Reset Chrome search engine https://support.google.com/chrome/bin/answer.py?hl=en&answer=95426&p=cpn_search_engine
We will rehide the ini files at the end of this
None of my programmes can touch the admin status of a user, so how that appeared I have no idea
To reset the hidden files
Run OTL and press the cleanup button this will also remove the programme