Author Topic: help with spigot  (Read 14249 times)

0 Members and 1 Guest are viewing this topic.

Zionstrat

  • Guest
Re: help with spigot
« Reply #15 on: March 01, 2013, 04:13:19 AM »
I've only tried Chrome and IE- They both are beign redirected to Yahoo- Sometimes Spigot is in the URL-

So I need to cut and paste the code into OTL and go ahead and run it?

Thanks so much!
ZS

Zionstrat

  • Guest
Re: help with spigot
« Reply #16 on: March 01, 2013, 04:29:01 AM »
I ran the code in OTL but still have the redirect when I search in google

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: help with spigot
« Reply #17 on: March 01, 2013, 02:40:26 PM »
First time I have heard of Yahoo redirecting.. I can remove that from IE for Chrome you will need to do it manually

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
IE - HKU\S-1-5-21-3645107631-2241616355-2416082582-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=800236&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-3645107631-2241616355-2416082582-1002\..\SearchScopes\{FC5529EC-8F51-490F-A187-52F50BECEF80}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Zionstrat

  • Guest
Re: help with spigot
« Reply #18 on: March 01, 2013, 03:50:19 PM »
Thanks, but I dont know how to manually fix chrome-

When I type a search in the url line it redirects as follows-
http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=800236&p=test

I have set the default page to google


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: help with spigot
« Reply #19 on: March 01, 2013, 03:52:20 PM »

Zionstrat

  • Guest
Re: help with spigot
« Reply #20 on: March 01, 2013, 04:34:00 PM »
Yeah! Looks like Chrome is fixed- Not sure about IE- Cant get Google back as default search yet, but what an improvment!

So big thanks and a few questions-
1. How did avast miss this malware in the first place? Is there an update I need to run?
2. How can I be sure it's really gone and not hiding?

Big, big thanks and I hope I dont have to bug you ever again!
ZS

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: help with spigot
« Reply #21 on: March 01, 2013, 07:52:05 PM »
Yahoo is not classified as either malware or greyware so nothing wil detect it.  A fair few people have that set as their main page/search engine

Zionstrat

  • Guest
Re: help with spigot
« Reply #22 on: March 02, 2013, 03:17:12 AM »
But isnt Spigot more than just a Yahoo toolbar? I tried to remove it using all of the 'normal' ways so I thought it had to be rouge- Is it just a badly behaved benign application?

Anyway, I think things are much better- Will let you know if I see any more weird stuff, and thanks so much for all the help!

ZS

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: help with spigot
« Reply #23 on: March 02, 2013, 12:07:31 PM »
Quote
Is it just a badly behaved benign application?

Nice terminology  ;D

Zionstrat

  • Guest
Re: help with spigot
« Reply #24 on: March 03, 2013, 03:00:16 AM »
Essexboy-
I'm wondering if there is still something malicious going on in the background?

The reason I ask is I have a screaming fast laptop wit a SS drive that is running practically nothing (I need it for audio recording, but haven't had time to record recently)-

The reason I noticed the Spigot problem in the first place is that the PC had slowed down a lot over the last month even when I have few apps running.

One thing that makes me very suspicious is that the disk drive is very busy when I am doing nothing as long as I have the wireless radio on- However, when I turn the radio off, disk traffic drops to an extremely low rate, and the computer is clearly faster.

I know that Mbytes says I am clear and we've apparently killed off Spigot, but is there an easy way to look at this disk traffic and see if something is going on?

Again, much appreciated as I'm a much better musician than virus hunter:)
Cheers,

ZS

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: help with spigot
« Reply #25 on: March 03, 2013, 01:01:35 PM »
You do have two google update jobs running, now whether they are taking up the network I am not sure

[2013/02/28 10:32:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3645107631-2241616355-2416082582-1002Core.job
[2013/02/28 10:41:15 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

You could use wireshark http://www.wireshark.org/download.html  to see where the traffic is

Zionstrat

  • Guest
Re: help with spigot
« Reply #26 on: March 03, 2013, 05:13:04 PM »
Much thanks Essexboy!

LaurentiuSpigot

  • Guest
Re: help with spigot
« Reply #27 on: March 06, 2013, 02:23:19 PM »
Hello,

I am an employee of Spigot and I can provide information on how to fix this.  Please take a look here: http://www.spigot.com/remove-search-settings.html

If you want to change your default search engine please check this link: http://support.google.com/websearch/bin/answer.py?hl=en&answer=464

In case you need to change your home page as well please follow the instructions here: http://www.wikihow.com/Change-Your-Home-Page

I also want to underline that this is not malware. The option is presented during the install and the user has the possibility to accept / decline the offer.

In case you require further assistance please contact me here: http://www.spigot.com/contact.html

This is not a spam message and I am only trying to help you solve your issue as easy as possible.

Thank you.