Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Spigot Trojan Redirects Browsers [Closed]


  • This topic is locked This topic is locked
15 replies to this topic

#1 sphynx420

sphynx420

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 02 October 2013 - 11:19 PM

I ran Malware Bytes, avast, unistalled Smart Defrag and IObit Toolbar (which Smart Defrag installed) using Revo Uninstaller, and did a system recovery to days before I had the problem. Now I ran OTL as the introductory discussion on this forum explained (tool 3). Still I am getting brought to "http://search.yahoo....=spigot-yhp-ie" in every browser and the default search's go to Yahoo. So I will attach otl.txt and extras.txt in this post. Cheers and Thank You! P.S. Should be mentioned that I got this from accidently allowing IObit Toolbar to install while updating Smart Defrag. I knew what I did as soon as I did it...

Attached Files

  • Attached File  OTL.Txt   102.56KB   344 downloads
  • Attached File  Extras.Txt   101.27KB   458 downloads

Edited by sphynx420, 02 October 2013 - 11:21 PM.

    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 04 October 2013 - 11:26 AM

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


Having said that.... Posted Image Let's get going!!
----------

Posted Image AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
----------

Posted Image Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
----------
Posted Image
 
 

#3 sphynx420

sphynx420

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 04 October 2013 - 01:43 PM

ADW Log Contents: # AdwCleaner v3.006 - Report created 04/10/2013 at 14:22:16 # Updated 01/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Xakobj Njce - HAL # Running from : C:\Users\Xakobj Njce\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Program Files (x86)\Common Files\spigot ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\Softonic Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Found : HKLM\Software\PIP ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v -\\ Google Chrome v30.0.1599.69 [ File : C:\Users\Xakobj Njce\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1003 octets] - [04/10/2013 14:22:16] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1063 octets] ########## asw Log Contents: aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-10-04 14:26:31 ----------------------------- 14:26:31.650 OS Version: Windows x64 6.1.7601 Service Pack 1 14:26:31.650 Number of processors: 4 586 0x3A09 14:26:31.650 ComputerName: HAL UserName: 14:26:32.820 Initialize success 14:26:34.770 AVAST engine defs: 13100301 14:26:41.712 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 14:26:41.712 Disk 0 Vendor: ST1000LM024_HN-M101MBB 2AR20002 Size: 953869MB BusType: 11 14:26:41.946 Disk 0 MBR read successfully 14:26:41.946 Disk 0 MBR scan 14:26:41.946 Disk 0 Windows 7 default MBR code 14:26:41.962 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 939867 MB offset 2048 14:26:41.962 Disk 0 scanning C:\Windows\system32\drivers 14:26:52.695 Service scanning 14:27:19.293 Modules scanning 14:27:19.293 Disk 0 trace - called modules: 14:27:19.324 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 14:27:19.324 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80080d1060] 14:27:19.340 3 CLASSPNP.SYS[fffff8800196743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b08060] 14:27:20.775 AVAST engine scan C:\Windows 14:27:23.536 AVAST engine scan C:\Windows\system32 14:29:47.290 AVAST engine scan C:\Windows\system32\drivers 14:29:59.864 AVAST engine scan C:\Users\Xakobj Njce 14:38:10.251 Disk 0 MBR has been saved successfully to "C:\Users\Xakobj Njce\Desktop\MBR.dat" 14:38:10.266 The log file has been saved successfully to "C:\Users\Xakobj Njce\Desktop\aswMBR 1042013.txt" Thanks!

#4 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 04 October 2013 - 05:41 PM

Hi,

Posted Image AdwCleaner

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
------------

Posted Image Tweaking.com Registry Backup
  • Download the tool found here to your Desktop so it is easy to find.
  • Double click on the file you just downloaded to install it to your system.
  • Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
    **Note** The tool should automatically open to the Backup Registry tab.

    Posted Image
  • Press Backup Now
  • When the back up is complete, the tool will tell you that Successful */* Files Backed Up
  • You have now successfully backed up your Registry.
----------

Posted Image

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :OTL
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes,DefaultScope = {1B97CCAA-339C-4DCD-9B89-777681A6B804}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=902615&fr=spigot-yhp-ie
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{1B97CCAA-339C-4DCD-9B89-777681A6B804}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
    O33 - MountPoints2\{1b36f361-9a37-11e2-b105-685d43e7f6d4}\Shell - "" = AutoRun
    O33 - MountPoints2\{1b36f361-9a37-11e2-b105-685d43e7f6d4}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
    O33 - MountPoints2\{51886848-2322-11e3-8759-685d43e7f6d4}\Shell - "" = AutoRun
    O33 - MountPoints2\{51886848-2322-11e3-8759-685d43e7f6d4}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
    [2013/10/01 11:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
    [2013/08/09 18:52:24 | 000,003,584 | ---- | C] () -- C:\Users\Xakobj Njce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/10/02 13:30:10 | 000,000,000 | ---D | M] -- C:\Users\Xakobj Njce\AppData\Roaming\IObit
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Post the new logs from AdwCleaner and OTL and also let me know how your system is running now. :)
Posted Image
 
 

#5 sphynx420

sphynx420

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 06 October 2013 - 04:54 PM

Still getting the yahoo page at the beginning. here are the logs, i'll let you know if anything changes

OTL Log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1B97CCAA-339C-4DCD-9B89-777681A6B804}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B97CCAA-339C-4DCD-9B89-777681A6B804}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b36f361-9a37-11e2-b105-685d43e7f6d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b36f361-9a37-11e2-b105-685d43e7f6d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b36f361-9a37-11e2-b105-685d43e7f6d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b36f361-9a37-11e2-b105-685d43e7f6d4}\ not found.
File F:\TL_Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51886848-2322-11e3-8759-685d43e7f6d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51886848-2322-11e3-8759-685d43e7f6d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51886848-2322-11e3-8759-685d43e7f6d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51886848-2322-11e3-8759-685d43e7f6d4}\ not found.
File F:\VZW_Software_upgrade_assistant.exe not found.
Folder C:\Program Files (x86)\Common Files\Spigot\ not found.
C:\Users\Xakobj Njce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Users\Xakobj Njce\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Xakobj Njce\AppData\Roaming\IObit folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Xakobj Njce\Desktop\cmd.bat deleted successfully.
C:\Users\Xakobj Njce\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Xakobj Njce
->Temp folder emptied: 105273409 bytes
->Temporary Internet Files folder emptied: 8598848 bytes
->Java cache emptied: 31489521 bytes
->FireFox cache emptied: 35676010 bytes
->Google Chrome cache emptied: 353446030 bytes
->Flash cache emptied: 617 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 196759153 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304214 bytes
RecycleBin emptied: 754109437 bytes

Total Files Cleaned = 1,457.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10062013_140240

Files\Folders moved on Reboot...
C:\Users\Xakobj Njce\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Xakobj Njce\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-2840.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


adw log

# AdwCleaner v3.006 - Report created 05/10/2013 at 11:18:49
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Xakobj Njce - HAL
# Running from : C:\Users\Xakobj Njce\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Common Files\spigot

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v

-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\Xakobj Njce\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1151 octets] - [04/10/2013 14:22:16]
AdwCleaner[S0].txt - [1001 octets] - [05/10/2013 11:18:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1061 octets] ##########

#6 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 06 October 2013 - 06:36 PM

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Posted Image
 
 

#7 sphynx420

sphynx420

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 07 October 2013 - 12:56 PM

Doesn't look like it did much...

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Xakobj Njce on Mon 10/07/2013 at 13:05:41.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/07/2013 at 13:12:56.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Also, I got a weird error message upon restarting after my last reply, I attached the snip to this reply.

Attached Thumbnails

  • script_error.JPG


#8 sphynx420

sphynx420

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 07 October 2013 - 01:53 PM

So I realized that IE is no longer being affected by the malware, but chrome is still going to that page on startup (Its defaulting searches to google now so thats good). Should I reinstall chrome, see if that helps?

#9 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 08 October 2013 - 06:23 AM

Hi,

Sorry for any delay..... :(

Should I reinstall chrome, see if that helps?

Yes...that is just what I would have suggested anyway. Reinstalling Chrome is usually the fastest and most assured way of fixing it. Let me know how your system is running afterwards.
Posted Image
 
 

#10 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 10 October 2013 - 05:45 AM

Still with me?
Posted Image
 
 

    Advertisements

Register to Remove


#11 sphynx420

sphynx420

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 10 October 2013 - 08:22 AM

Yeah I'm still with you. Uninstalling Chrome right now, thanks!

#12 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 10 October 2013 - 08:23 AM

:thumbup:
Posted Image
 
 

#13 sphynx420

sphynx420

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 10 October 2013 - 08:36 AM

Reinstalled Chrome and everything seems to be running great!

#14 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 10 October 2013 - 10:16 AM

Ok good to hear!! :) Let's check for anything else that might be hiding in there....

Posted Image Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.
----------
Posted Image
 
 

#15 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 12 October 2013 - 02:35 PM

Still here?
Posted Image
 
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users