Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: a_vast on August 26, 2011, 11:25:15 PM
-
Hi,
I have Avast 6 and also Malwarebytes.
Just downloaded a 'ToolKit' to check my optical readers but it came with something called Ilivid [tick icon] and when I went to Chrome to search for something I found Searchqu in its place:
http://www-dot-searchqu//406
Removed the '.' so no-one inadvertently goes to the Searchqu site.
I did a check and found someone calling this a "rootkit" which ought to be got rid of. Am running Malwarebytes now and hoping it comes up with something.
Help please - I think I have something I don't want on my pc called Searchqu.
As I say am running Avast 6 but Searchqu seems to have slipped past it.
Am running Windows 7, 2Core.
Thanks
kr236rk
-
Its not a virus or root kit check your add and remove programs
-
phew!
thanks Sharky :)
found ilivid in programs and uninstalled it. deleted remainder ilivid files on desktop & emptied recycle bin. will let Malwarebytes do its thing then run Avast. Then reboot & hope Searchqu is history :-o
will update!
thanks again,
kr
-
This is what you need to look for
LividToolbar
Datamngr
searchqu
Also check add ons tool bars and extentions
Tools Internet options change your home page
If it’s not in add & remove do a search for those names.
hijack this will also get rid of it, so if you need help with running hijack this ask.
-
If you get problems you can always do a system restore. signing off good luck
-
Thanks guys - will update after the reboot.
Yes, I have not done a system restore on the 2core before, & might need some help if i need that option.
laters :)
kr
-
This is what you need to look for
LividToolbar
Datamngr
searchqu
Also check add ons tool bars and extentions
Tools Internet options change your home page
If it’s not in add & remove do a search for those names.
LividToolbar - i found ilivid in programs & uninstalled it: can see no toolbar for it
Datamngr - searched for this, it did not come up.
searchqu - this was still there when you clicked on Chrome. I disabled it in tools/options then found a 'blocker' in Chrome and typed the searchqu url into it and selected 'block'
when i click on Chrome now i get a different Chrome window which offers a choice of google-like windows, but it is a Chrome window, gone is the searchqu_406 url
Malwarebytes scan was clean (full scan) now doing a full Avast6 scan.
got into this fix because i could not find a google page with green safety stripes on it - i have no idea why the 'safe site' thing comes and goes like this - it is back on again now.
will update
kr
-
Avast6 completed full scan with no issues.
Rebooted & no sign of Searchqu
Ye gads! (relief)
Thanks to all :)
kr
-
This looks complicated but it’s not, it’s nice to know how to do a system restore for future use.
I usually make a system restore check point before I download programs or test them on another computer or windows will automatically do a restore point. http://www.sevenforums.com/tutorials/700-system-restore.html
I would stay away from links that say scan your computer fix errors etc.
Also lots of downloads come with google tool bar etc you need to read carefully what you download & uncheck what you don’t need…
When you download programs & uninstall whether it’s antivirus or other programs you always get clutter left. Antivirus programs need uninstall tools from their website, but like other programs can still leave bits behind.
Say I wanted to uninstall Avast I would follow the uninstall instructions, once done would do a search for any left over items then look in the registry just to be sure.
If you need to find anything out about any problem or topic do a search online for it.
Youtube is very useful too, they have every topic & you can watch videos on how to do system restores etc or just watching music video clips.
-
Thanks Sharky,
I am glad I came to Avast - there is also a lot of misinformation out there. When I first googled Searchqu someone had said it was a 'rootkit' & posted extremely complicated directions for uninstalling rootkits. Of course all that would have done would be to tie me up in even more knots - so thanks to all at Avast Forum!
Will research the system restore - I used this a lot on a P3 but have never attempted it on the 2 core.
kr
-
Searchqu came back again.
It had first appeared in Chrome and I blocked it in Chrome.
Then it switched to Firefox. I couldn't block it in Firefox so I uninstalled Firefox completely.
I then blocked Searchqu in Internet Explorer (long story) and Avast. I then re-installed Firefox and blocked Searchqu in Firefox. I think Searchqu had disabled blocking when it hijacked Firefox.
When I initially tried to block Searchqu in IE I found IE9 had already been hijacked by yet another unwanted browser, this one was called 'Inbox-dot-com'.
I spent the rest of the evening till gone 4am trying to get rid of Inbox. Eventually I managed to block it everywhere. I have also blocked it in Avast. Having blocked Inbox and freed IE from it I was then able to block Searchqu in IE9, just in case it made a dash for it.
Fingers crossed today - so far so good.
KR
-
Check task manager for processes
DataManager or DataMngr and end that process.
Type 'msconfig' in Run press enter
Under startup tab disable Data Manager from Discordia
Boot time scan with updated Avast
MBAM updated
Otherwise they will keep coming back
-
Check task manager for processes
DataManager or DataMngr and end that process.
Type 'msconfig' in Run press enter
Under startup tab disable Data Manager from Discordia
Boot time scan with updated Avast
MBAM updated
Thanks David,
Little at a time please.
MBAM is updated but Malwarebytes cannot see Searchqu or Inbox because it does not recognise them as malware, which of course they most certainly are!
Where do I find Task Manager please - there will be a processes tab?
And where do I find DataManager or DataMngr?
Will have a search through the computer in the meantime.
........................................................
Update: there is no sign of 'ilivid', 'searchqu' or 'inbox' in Task Manager.
'datamngrUI.exe' is in there - I cannot see anything called 'Discordia'
Please advise further.
Thanks,
KR
-
Have you still got toolkit on your computer?
You’re downloading browser hijackers.
Easy thing to do is use Housecall trendMicro on line scanner.
http://housecall.trendmicro.com/uk/
If that don’t work you will have to run hijack this from trendMicro
Let me know if housecall found anything
-
1. Right click on Task Bar (the bar across the bottom of screen) - select Task Manager.
Select process tab and.........
2. Select start > type msconfig in search box
-
Run OTL and I will remove it for you
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Attach both logs
-
Have you still got toolkit on your computer?
You’re downloading browser hijackers.
Easy thing to do is use Housecall trendMicro on line scanner.
http://housecall.trendmicro.com/uk/
If that don’t work you will have to run hijack this from trendMicro
Let me know if housecall found anything
trendMicro = 'no threat found' :)
Toolkit in what please, Avast, MBAM, IE ?
Thanks.
-
DataManager or DataMngr and end that process.
Type 'msconfig' in Run press enter
Under startup tab disable Data Manager from Discordia
Data Manager is listed there under 'BANDOO MEDIA'
Did a google on 'bandoo' and they seem to be linked with 'ilivid' where Searchqu came from.
So I disable Data Manager please?
-
For info: just found Searchqu in Chrome's list of search engines ~ have removed it. No sign of it under FireFox.
-
Can you follow essexboys instructions & post the logs
-
Can you follow essexboys instructions & post the logs
I sent both files. Avast said the file load was too big, so I sent just one file. Avast then said ..
[oh crisps] ... have another go
-
got it that time!
here comes the other file - with thanks guys :)