8 Step search result hijack help

Status
Not open for further replies.
I have done a bit of research, this will do it ;)
  • Download The Avenger by Swandog46 from HERE.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
Files to move:
c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys | C:\Windows\system32\drivers\atapi.sys
Click to expand...
  • In the avenger window, click the Paste Script from Clipboard,
    pastets4.png
    button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please attach
    attach.gif
    this log, along with a new HijackThis log in your next reply.

EDIT: This is for Vista only
 
after i get the are you sure you want to execute the current script and click yes, i get a box that says "Error: Invalid script. A valid script must begin with a command directive. Aborting execution!"
 
As you can see, I am not Eric. This is his wife Krissy. He is at work having do all of this stuff! Sorry, im messing it all up!
 
What the hell

I gave you Vista command, god knows why, must have gone dumb for a sec
C:\WINDOWS\ServicePackFiles\i386 That's where atapi.sys lives

But we need to check something first:

Start > Run > cmd /c start /min cmd /c "PEV -l %systemdrive%\atapi.sys >Log.txt&Log.txt&del Log.txt"
Wait about 30 secs for this log to show. Please post this log file to a new reply
 
Look no matter how that turns out, just do the following: (I'm really confident now ;))

Lets try another option to remove this infection

Download MBR.exe and save it to your c:\ root directory, so its at c:\mbr.exe

Click on Start > Run and type in cmd and click OK.

Type in: c:\mbr.exe -f and then press the Enter key

Restart
 
My wifes at home doing this stuff, and im here at work, i can thank you enough for helping us through this. It doesnt seem that bad like id have to reformat the comp just bad enough to be annoying, and no programs were removing it. Thank you.
 
redirected

can anyone help, newby in forum. I have read loads on removing malware including ccleaner, ad aware, super anti spyware and this is the log for Hijack this....

help needed
 
We can only Pray

kritius and Bobbye are the best Malware helpers here
But since kritius and I argue all the time :D Then I am praying a lot, that he will look through the posts and find something I've missed


I'm out of ideas, I even thought Erunt may be returning the Malware or something (who knows)
Hopefully kritius :rolleyes:
(please?)
 
Yes they are in Firefox or yes they are in both.

Delete the copy of ComboFix that you have and then download a fresh one.
 
Status
Not open for further replies.

Similar threads

D
Google is changing how it shows search results to European users
Replies
1
Views
186
Mr Majestyk
M
losdavos
Malware removal help, please and thank you!
Replies
1
Views
875
losdavos
losdavos
midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
177
James Ryan
J

Latest posts

Back