Avast WEBforum
Other => Viruses and worms => Topic started by: Venusphere on August 01, 2013, 03:58:56 PM
-
Hi There, Hope you can help with this irritating virus.
This was downloaded along with some dodgy software for watching online videos.
I have attached the requisite log files advised in Essexboy's sticky post, however the OTL program did not create the extras.txt file stated. Do I need to run the program again for that file?
Any help you can provide will b greatly appreciated.
Many thanks from Australia!!
Cheers,
Venusphere :)
-
The extra log is usually not needed
Did snap do go away after you run Adwcleaner?
-
No, still loading on IE and FF.
Hey thx for the quick reply!!
-
Hi Venusphere
Re-run OTL.exe.
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
FF - prefs.js..browser.startup.homepage: "http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=hp&installDate={installDate}"
FF - prefs.js..keyword.URL: "http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=ds&installDate={installDate}&q="
FF - user.js - File not found
IE - HKU\S-1-5-21-3047176267-2558041721-1650598396-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3047176267-2558041721-1650598396-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3047176267-2558041721-1650598396-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=hp&installDate={installDate}
IE - HKU\S-1-5-21-3047176267-2558041721-1650598396-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3047176267-2558041721-1650598396-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=ds&q={searchTerms}&installDate={installDate}
O33 - MountPoints2\{29028739-78fd-11e1-9e5e-701a04d99f22}\Shell - "" = AutoRun
O33 - MountPoints2\{29028739-78fd-11e1-9e5e-701a04d99f22}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{29028743-78fd-11e1-9e5e-701a04d99f22}\Shell - "" = AutoRun
O33 - MountPoints2\{29028743-78fd-11e1-9e5e-701a04d99f22}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{66710ebd-5863-11e2-8904-00266c46a046}\Shell - "" = AutoRun
O33 - MountPoints2\{66710ebd-5863-11e2-8904-00266c46a046}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b6f271d8-3082-11e2-a5c8-701a04d99f22}\Shell - "" = AutoRun
O33 - MountPoints2\{b6f271d8-3082-11e2-a5c8-701a04d99f22}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b6f271db-3082-11e2-a5c8-701a04d99f22}\Shell - "" = AutoRun
O33 - MountPoints2\{b6f271db-3082-11e2-a5c8-701a04d99f22}\Shell\AutoRun\command - "" = E:\AutoRun.exe
:commands
[CREATERESTOREPOINT]
[emptytemp]
- Then click the Run Fix button at the top.
- Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
.
Please download zoek.exe (http://home.kpn.nl/stefsmeenk/zoek.exe/) and save it to your desktop.
- Close any open browsers.
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
skipfix-iedefaults;
firefoxlook;
chromelook;
- Click on (http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png) button
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
-
Hi There,
Please find attached the requested log files. On opening browser Snap.Do is nowhere to be seen!! Yayyyyyyy. Does this mean my machine is now clean?
Many Thanks.
-
>:( Forget last post. I just opened a new tab and guess what! Bloody Snap.Do opened with this url!
feed.snapdo.com/?publisher=JottixYB&dpid=Jottix1&co=AU&userid=aa13a0db-b831-43f0-ac7e-9cd0c4117455&searchtype=nt&installDate={installDate}&q=
Arghhhhhhhhhhhhhhhh
I have turned my anti-virus back on- is that correct?
-
So Yeah, new window defaults to the FF page, new tab goes to snapdo.
In IE new window and new tab go to blank browser.
-
Re-run Zoek Script:
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) instruction.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
emptyclsid;
resetIEproxy;
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl];r
"Default"=;r
FFdefaults;
iedefaults;
autoclean;
2. Save notepad as zoekscript.txt
(http://www.mcshield.net/personal/magna86/Images/zoekscript_big.gif)
- Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag zoekscript.txt into zoek.exe.
Zoek will run. When finished, it will produce a zoek-results.log for you.
Note: It will also create a log in the C:\ directory named "zoek-results.log"
>> Please attach it to your reply.
-
Hi Argus, Many thx for your patience.
Attached is the requested log file. Both browsers now open new windows and new tabs to google- no sign of snap.do.
Does this mean it's gone?
Cheers,
Venusphere
-
Does this mean it's gone?
Yes, it's gone :)
Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
- Remove disinfection tools
- Create registry backup
- Purge System Restore
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
I recommended to use MCShield if you will.
You may download MCShield from one of the following links:
MyCity - Official download link (http://www.mcshield.net)
Softpedija - Mirror download link (http://www.softpedia.com/get/Antivirus/MCShield.shtml)
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.
-
ARGUS, Amazing work!! Many many thx for saving me from the crap! Your fix worked and my machine is running normally! You guys really ROCK!!
Venusphere