Author Topic: Spigot help  (Read 7352 times)

0 Members and 1 Guest are viewing this topic.

ZipSwitch

  • Guest
Spigot help
« on: September 04, 2013, 06:20:53 AM »
Hello all,

I was on my laptop earlier and using Firefox and noticed that when I was searching through the address bar it was using yahoo, even though it is supposed to be google. I tried on chrome and had the same issue, where when you open the browser it opens "http://search.yahoo.com/?type=714647&fr=spigot-yhp-ch" and all searches use yahoo.

I looked at my program list and noticed something installed by spigot and promptly uninstalled it. I then scanned with avast and MBAM and they said there were no infected files. However when I went to use the browsers again the same page opened and the default search was still yahoo. I did some searches and looked for the purported "searchsetting.exe" in my registry and looked for anything spigot in my program files and  for any other symptoms of spigot infection and found nothing.

I am a bit concerned as don't know how serious this spigot thing is and I am a bit confused as to what to do next. I would really appreciate any help.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37605
  • Not a avast user
Re: Spigot help
« Reply #1 on: September 04, 2013, 07:24:15 AM »
follow this guide and attach logs....not copy and paste   http://forum.avast.com/index.php?topic=53253.0

run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR

when done, malware experts will be notified and help you
when finish, all tools used will be removed



ZipSwitch

  • Guest
Re: Spigot help
« Reply #2 on: September 04, 2013, 08:06:50 AM »
Thanks.

Attached are the logs for AdwCleaner, MBAM and OTL. Gonna post the aswMBR log in a moment.

ZipSwitch

  • Guest
Re: Spigot help
« Reply #3 on: September 04, 2013, 08:07:42 AM »
And here is the aswMBR log.

Also how serious is this spigot malware/virus? Do I have to worry about my personal information and online accounts/passwords being compromised? Do I have to change passwords for all my important sites/accounts?
« Last Edit: September 04, 2013, 08:25:52 AM by ZipSwitch »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37605
  • Not a avast user
Re: Spigot help
« Reply #4 on: September 04, 2013, 08:37:46 AM »
spigot is some browser / toolbar crap ....

removers are notified, it may take some hours before one arrive so be patient


« Last Edit: September 04, 2013, 08:44:09 AM by Pondus »

ZipSwitch

  • Guest
Re: Spigot help
« Reply #5 on: September 04, 2013, 08:46:32 AM »
Oh okay so I take it it isn't that serious?  I just get kinda paranoid with every little infection.  I usually try to be very vigilant with my comp security but my roommate still manages to picks some stuff up when he downloads stuff. 

Thanks Pondus,  I can wait a bit, I gotta catch some sleep right now anyway.
« Last Edit: September 04, 2013, 08:50:03 AM by ZipSwitch »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37605
  • Not a avast user
Re: Spigot help
« Reply #6 on: September 04, 2013, 08:53:23 AM »
som info on one variant... and they can be a pain to remove

Quote
Widgi Toolbar by Spigot is a program that loads its gadget into your Internet browser without asking for approval. Due to this invasive process, security experts include it in the list of adware. Its origin can be a mixture of online tricks. It uses other software that will appear essential when you are viewing online videos or downloading any software. Makers of Widgi Toolbar usually embed the code to program not known to many.


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37605
  • Not a avast user
Re: Spigot help
« Reply #7 on: September 04, 2013, 08:57:46 AM »
i see one remover is online now.... so you may get help very soon if you stay awake




ZipSwitch

  • Guest
Re: Spigot help
« Reply #8 on: September 04, 2013, 09:01:13 AM »
With this I didn't get any toolbar or anything,  just the startup page and default search engine changing.  What surprised me was even through numerous scans with Avast and MBAM it never showed up on any of them.

Thanks Pondus I will try to stay awake. 

Edit: nm
« Last Edit: September 04, 2013, 09:22:05 AM by ZipSwitch »

argus

  • Guest
Re: Spigot help
« Reply #9 on: September 04, 2013, 09:13:26 AM »
Hi,


Re-run OTL.exe.

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]

:OTL
CHR - homepage: http://search.yahoo.com?type=714647&fr=spigot-yhp-ch
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: []  File not found
FF - user.js - File not found

:commands
[CREATERESTOREPOINT]
[emptytemp]


  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn't appear, it can be found here:

c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log
.





Please download zoek.zip () from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.

  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...

  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
  • Click on button.
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

ZipSwitch

  • Guest
Re: Spigot help
« Reply #10 on: September 04, 2013, 09:50:25 AM »
Okay here are the logs for both of those.

I'm about to fall asleep it's almost 4 AM here so excuse me if I don't respond till the morning. I appreciate the help.

argus

  • Guest
Re: Spigot help
« Reply #11 on: September 04, 2013, 10:18:24 AM »
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.

  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...

  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
{E155CB70-AA13-46CD-BA8A-CF4735EE9A0E};c
emptyclsid;
emptyrecycle.bin;
FFdefaults;
chrdefaults;
iedefaults;
emptyalltemp;
autoclean;
  • Click on button.
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

ZipSwitch

  • Guest
Re: Spigot help
« Reply #12 on: September 04, 2013, 04:51:19 PM »
How long is the zoek tool supposed to run for this step?  It has been running for some time  now and it has not finished yet.
« Last Edit: September 04, 2013, 04:54:21 PM by ZipSwitch »

argus

  • Guest
Re: Spigot help
« Reply #13 on: September 04, 2013, 05:01:20 PM »
How long it lasts?

Stop zoek.

edit:

Is he gone spigot?
« Last Edit: September 04, 2013, 05:05:26 PM by argus »

ZipSwitch

  • Guest
Re: Spigot help
« Reply #14 on: September 04, 2013, 05:28:27 PM »
I stopped zoek and restarted my comp but my homepage for chrome is still "http://search.yahoo.com/?type=714647&fr=spigot-yhp-ch"and the default search is still yahoo but it seems that Firefox is no longer afflicted as my default homepage is no longer the URL above and my default search engine is google again. I am a bit unsure what to do at this point.