Author Topic: browser hijacked by - SearchSettings.exe  (Read 20399 times)

0 Members and 1 Guest are viewing this topic.

bart1048

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #30 on: June 05, 2013, 10:53:56 PM »
ok this are the OTL scan results witch the Customization and config

olt: http://cjoint.com/13jn/CFfwZRfJUjH.htm

extras: http://cjoint.com/13jn/CFfwZ4Q6x9U.htm

gen-hackman

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #31 on: June 05, 2013, 11:06:11 PM »
ok let me the time to study it i come back with what is coming after

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: browser hijacked by - SearchSettings.exe
« Reply #32 on: June 05, 2013, 11:09:08 PM »
@g3n-h@ckm@n
Please continue with malware removal. You are "on probe".  ;)

Cheers,
magna

gen-hackman

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #33 on: June 05, 2013, 11:11:17 PM »
Thanks ;)

==

a question before :

do you use "Pando Media Booster" ?

It uses many resources of the computer
If you do not use it, I recommend you to uninstall it

bart1048

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #34 on: June 05, 2013, 11:20:45 PM »
don't know what the Pando Media Booster is for exactly however i play" Ligue of Legends" and it seams to be a software used by that game from what i have noticed after googleing it.
Please c this lol forum thread for more info.

http://na.leagueoflegends.com/board/showthread.php?t=2481176

gen-hackman

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #35 on: June 05, 2013, 11:23:34 PM »
ok I let it , be patient, it'll not take a long time :)

You had Kaspersky before ? ^^

====================

If you have XP = > double click
If you have Vista or Windows 7/8 = > right click "as administrator"

On OTL to execute it

Copy the list which is bold below,paste it in the zone under "Customization"("Personalization") :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
safari.exe
opera.exe
rundll32.exe

:OTL
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1     
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1     

:Reg
[HKU\S-1-5-21-634944359-2489888201-1644717415-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[-HKEY_CURRENT_USER\Software\Ó¦ÓóÌÐòÏòµ¼Éú³ÉµÄ±¾µØÓ¦ÓóÌÐò]

:Files
C:\Users\bartek\MBR.dat
C:\eula.*.txt
C:\install.res.*.dll
C:\msdia80.dll
C:\Users\bartek\AppData\Local\28050

:commands
[emptytemp]


click "Correction" to launch The deletion

Post the report which logically will open alone at the end of work after the reboot
« Last Edit: June 05, 2013, 11:45:30 PM by g3n-h@ckm@n »

bart1048

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #36 on: June 05, 2013, 11:41:17 PM »
no only  used avast molwarebytes and iObit

Ironically  IObit is the software that got me in to this mess:)
The software popped that there  is a client ubdate download available i opened the page from there, and got a download link to cent download which is a respectable site and after i installed that new iObit version i got all that unwanted browser stuff.


gen-hackman

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #38 on: June 05, 2013, 11:49:38 PM »
yes they are stealers ^^

the script is above

bart1048

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #39 on: June 05, 2013, 11:50:53 PM »
Frankly i find the fat that a piece of antimalware software comes with hidden malware-like stuff a serious breach of consumer trust.

bart1048

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #40 on: June 06, 2013, 12:11:29 AM »
click "Correction" to launch The deletion

Post the report which logically will open alone at the end of work after the reboot
do you want me to press the button called "execute script" or "clean-up"
also shall i configure it like in the first link?

gen-hackman

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #41 on: June 06, 2013, 12:17:58 AM »
No , this time , dont touch the configuration , just paste the text , and click "Correction" or "Run Fix" I believe in english"
« Last Edit: June 06, 2013, 12:21:01 AM by g3n-h@ckm@n »

gen-hackman

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #42 on: June 06, 2013, 12:24:48 AM »
No , this time , dont touch the configuration , just paste the text , and click "Correction" or "Run Fix" I think it's written like this in english"

bart1048

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #43 on: June 06, 2013, 12:29:25 AM »

gen-hackman

  • Guest
Re: browser hijacked by - SearchSettings.exe
« Reply #44 on: June 06, 2013, 12:35:46 AM »
mmmm... you made it two times...or more....