Author Topic: 'searchqu'  (Read 8197 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 'searchqu'
« Reply #15 on: August 28, 2011, 05:11:43 PM »
Run OTL and I will remove it for you

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

Offline a_vast

  • Sr. Member
  • ****
  • Posts: 233
Re: 'searchqu'
« Reply #16 on: August 28, 2011, 05:35:15 PM »
Have you still got toolkit on your computer?
You’re downloading browser hijackers.
Easy thing to do is use Housecall trendMicro on line scanner.

http://housecall.trendmicro.com/uk/

If that don’t work you will have to run hijack this from trendMicro

Let me know if housecall found anything

trendMicro = 'no threat found' :)

Toolkit in what please, Avast, MBAM, IE ?

Thanks.

Offline a_vast

  • Sr. Member
  • ****
  • Posts: 233
Re: 'searchqu'
« Reply #17 on: August 28, 2011, 05:46:11 PM »
DataManager or DataMngr and end that process.
Type 'msconfig' in Run press enter
Under startup tab disable Data Manager from Discordia

Data Manager is listed there under 'BANDOO MEDIA'

Did a google on 'bandoo' and they seem to be linked with 'ilivid' where Searchqu came from.

So I disable Data Manager please?

Offline a_vast

  • Sr. Member
  • ****
  • Posts: 233
Re: 'searchqu'
« Reply #18 on: August 28, 2011, 06:01:35 PM »
For info: just found Searchqu in Chrome's list of search engines ~ have removed it. No sign of it under FireFox.

SHARKY7SHARKY

  • Guest
Re: 'searchqu'
« Reply #19 on: August 28, 2011, 06:16:29 PM »
Can you follow essexboys instructions & post the logs

Offline a_vast

  • Sr. Member
  • ****
  • Posts: 233
Re: 'searchqu'
« Reply #20 on: August 28, 2011, 06:59:24 PM »
Can you follow essexboys instructions & post the logs

I sent both files. Avast said the file load was too big, so I sent just one file. Avast then said ..
 [oh crisps] ... have another go

Offline a_vast

  • Sr. Member
  • ****
  • Posts: 233
Re: 'searchqu'
« Reply #21 on: August 28, 2011, 07:02:36 PM »
got it that time!

here comes the other file - with thanks guys :)