Avast WEBforum
Other => Viruses and worms => Topic started by: Slayer 6628 on November 19, 2013, 08:21:00 PM
-
Hello everyone I recently had a few buggy issues with my computer web browsing and checked my programs and found Search Protection from Spigot inc. I did not willingly download this file and would like to remove it can someone please help? I have read previous posts about spigot but need a better insight thanks.
-
Follow this guide and attach the logs: http://forum.avast.com/index.php?topic=53253.0
When done you will get help. ;)
-
Ok thanks im on it
-
Monitoring...
-
Right folks this the first scan printout from OTL attatched I think its looking good as I think Malwarebytes took the brunt of it off :) I've also just checked my programs and spigot is gone hmmm wat do u reckon?
-
i still see some spigot files....
do you have Malwarebytes and aswMBR log also ?
-
Now then peeps this is the aswMBR log hmmm what do u reckon does that meet im in the woods???
-
Well folks Ive just checked my programs and spigots still holding strong please help me!!!
-
TwinHeaded eagle will kill it when back.... be patient
-
I cant believe u guys know all this but if it helps Ive attached the metabytes log thank you very much i cant believe the comaradery cheers
-
sorry heres the log (Im a noob)
-
Hi,
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
- Click on the Scan button.
- After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Post logfile will also be saved in the C:\AdwCleaner folder.
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
-
You really need to do all this? I had the spigot search protection on my machine and simply uninstalled it with Ccleaner and then ran the registry cleaner. It was then gone from the browser and a subsequent check with Malwarebytes found no remnants.
-
I know its a right palava defineately going pro just need to save few bob but hey thanks Eagle man i think were getting there now heres the AdwCleaner log man
-
You really need to do all this? I had the spigot search protection on my machine and simply uninstalled it with Ccleaner and then ran the registry cleaner. It was then gone from the browser and a subsequent check with Malwarebytes found no remnants.
if you check his Malwarebytes and AdwCleaner logs you will see that his computer is/was a PUP/Adware city ...
-
Right ok Eagle man heres them logs for you cheers
-
Sorry did it again here you go. My Bad ::)
-
And the addition log
-
well yeah thats crappy avg for you i aint been able to pay really for really any protection and picked avg and regret it what security measures would u guys suggest???
-
antivirus + Malwarebytes PRO + MCShield
-
Well what do you think is there hope for my pc?
-
Well how much are all them gunna cost thats like £120 aint it £40 each bloody hell malwarebytes is good thanks for showin me that guys
-
Hi,
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
HKCU\...\Run: [SearchProtection] - "C:\Users\Ryan\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
C:\Users\Ryan\AppData\Roaming\Search Protection
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {1fb1dcab-600c-11e2-9284-dc0ea14af5ae} - F:\AutoRun.exe
SearchScopes: HKCU - {3C0F4B55-37E7-46B8-BF46-99EC1966EAAB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKCU - {E02F7ABB-2695-4283-A1D6-609C869DF39A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^GB&apn_uid=16E11F48-471A-4AB5-837F-147D2205E386&apn_sauid=67C458EE-3365-4E69-91FE-3D07CC107681
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
C:\Program Files (x86)\RelevantKnowledge
cmd: ipconfig /flushdns
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Then...
Please download zoek.zip or zoek.rar by smeenk ((http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png)) from here (http://hijackthis.nl/smeenk) or here (http://home.kpn.nl/stefsmeenk/zoek.exe) and save it to your Desktop.
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
emptyclsid;
shortcutfix;
emptyalltemp;
autoclean;- Click on (http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png) button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
Then...
Tell me, how are the things now?
-
Well how much are all them gunna cost thats like £120 aint it £40 each bloody hell malwarebytes is good thanks for showin me that guys
use your favorite free AV
MCShield is free www.mcshield.net
Malwarebytes PRO is a one time fee for a liftime license .... you then get auto update and a protection module www.malwarebytes.org
-
Right ok Eagle man heres the fixlist log
-
I still need other reports...
-
sorry eagle man i fell asleep lol but im at work i will ppst them when im home f
thanks for bearin wiv me
-
You really need to do all this? I had the spigot search protection on my machine and simply uninstalled it with Ccleaner and then ran the registry cleaner. It was then gone from the browser and a subsequent check with Malwarebytes found no remnants.
if you check his Malwarebytes and AdwCleaner logs you will see that his computer is/was a PUP/Adware city ...
True, and it looks like MBAM was having issues removing some of the PUP's. So Yes it's the way to make sure he is clean
-
You really need to do all this? I had the spigot search protection on my machine and simply uninstalled it with Ccleaner and then ran the registry cleaner. It was then gone from the browser and a subsequent check with Malwarebytes found no remnants.
if you check his Malwarebytes and AdwCleaner logs you will see that his computer is/was a PUP/Adware city ...
Okay, I didn't know there were other problems. I thought Spigot was it.
True, and it looks like MBAM was having issues removing some of the PUP's. So Yes it's the way to make sure he is clean
-
hi folks just read the last two comments can someone give me an insight to my problem wats actually happening and r we making progress. ps these logs cant be used against me can thet? i trust u guys though youve been ace
-
Guys, please do not spam the topic until I finish cleaning, it creates confusion...
@Slayer 6628
Please procede with steps I posted, we'll discuss later, after the cleaning is done...
-
alright eagle man ive been running zoek for over two hours now is this about right seems along time?
-
Have you disabled all security softwsre before running Zoek?
-
well eagle man there definately switched off now can i restart this maybe? hopefully? o?r have i screwed up
-
Ok, restart, then disable all security software, and then re-run Zoek again...
-
will keep you posted zoek is running again cheers
-
Alright eagle man im having major issues running zoek i know it runs for a while because it runs my cpu usage goes up like 60% but then like 20-30 mins it just drops of to 0% i have deactivated all programs and have tried several times to running zoek yet no success? do u maybe have an insight? is this one really important? Right im off to try again thanks
-
Forget Zoek, it has some issues.
(http://imageshack.us/a/img841/7292/thisisujrt.gif) Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
After that, re-run FRST and attach the logs...
-
Hi eagle thanks for that man zoek just wouldnt work but heres the log from JRT cheers
-
Right ok eagle ive ran frst again and heres the log what do you make of that?
-
How are the things now, still any problem?
-
Alright Eagle man just to let you know my computer is as clean as a whistle and is working sound as a pound thanks for the help i wish there was a way to repay you all I can do is thank you. Cheers pal you proper helped me even though I was a stranger thanks. ;D
-
Oh one last thing u can help me with eagle ;) how do you resolve the post? cheers man
-
"the post" what :)