TechSpot

8 Step search result hijack help

By EMS0525
Dec 10, 2009
Topic Status:
Not open for further replies.
  1. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I have done a bit of research, this will do it ;)
    • Download The Avenger by Swandog46 from HERE.
    • Unzip/extract it to a folder on your desktop.
    • Double click on avenger.exe to run The Avenger.
    • Click OK.
    • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
    • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
    • In the avenger window, click the Paste Script from Clipboard, [​IMG] button.
    • You will be asked Are you sure you want to execute the current script?.
    • Click Yes.
    • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
    • Click Yes.
    • Your PC will now be rebooted.
    • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
    • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
    • Please attach[​IMG] this log, along with a new HijackThis log in your next reply.

    EDIT: This is for Vista only
  2. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    after i get the are you sure you want to execute the current script and click yes, i get a box that says "Error: Invalid script. A valid script must begin with a command directive. Aborting execution!"
  3. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    You need to copy both lines
    Including the "Files to move: "
  4. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    oooooooooooooooooops
  5. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    sorry, one moment
  6. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    As you can see, I am not Eric. This is his wife Krissy. He is at work having do all of this stuff! Sorry, im messing it all up!
  7. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    What the hell

    I gave you Vista command, god knows why, must have gone dumb for a sec
    C:\WINDOWS\ServicePackFiles\i386 That's where atapi.sys lives

    But we need to check something first:

    Start > Run > cmd /c start /min cmd /c "PEV -l %systemdrive%\atapi.sys >Log.txt&Log.txt&del Log.txt"
    Wait about 30 secs for this log to show. Please post this log file to a new reply
  8. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    here it is
  9. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Look no matter how that turns out, just do the following: (I'm really confident now ;))

    Lets try another option to remove this infection

    Download MBR.exe and save it to your c:\ root directory, so its at c:\mbr.exe

    Click on Start > Run and type in cmd and click OK.

    Type in: c:\mbr.exe -f and then press the Enter key

    Restart
  10. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    whats next?
  11. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    My wifes at home doing this stuff, and im here at work, i can thank you enough for helping us through this. It doesnt seem that bad like id have to reformat the comp just bad enough to be annoying, and no programs were removing it. Thank you.
     
  12. kritius

    kritius TS Guru Posts: 2,087

    I wouldn't try using the -f command without seeing the output of -t first.
  13. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I've safely done the f command before

    Is it still redirecting?
  14. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    yes it is.:(
  15. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    kritius its beyond me :(

    HELP

    Unless its Erunt doing it?
  16. davey3jobs

    davey3jobs TS Rookie

    redirected

    can anyone help, newby in forum. I have read loads on removing malware including ccleaner, ad aware, super anti spyware and this is the log for Hijack this....

    help needed
  17. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Hi davey3jobs,

    Sorry you cannot just post on someone's Topic (especially this one :D )

    You need to create your own >> New Topic, just for you ;)
  18. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    So its up to him now?
  19. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    We can only Pray

    kritius and Bobbye are the best Malware helpers here
    But since kritius and I argue all the time :D Then I am praying a lot, that he will look through the posts and find something I've missed


    I'm out of ideas, I even thought Erunt may be returning the Malware or something (who knows)
    Hopefully kritius :rolleyes:
    (please?)
  20. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    Yes,..... please.
  21. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    help!!!!!!! :)
  22. kritius

    kritius TS Guru Posts: 2,087

    Are the redirects in Firefox, IE or both?
  23. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    Yes they are.
  24. kritius

    kritius TS Guru Posts: 2,087

    Yes they are in Firefox or yes they are in both.

    Delete the copy of ComboFix that you have and then download a fresh one.
  25. EMS0525

    EMS0525 TS Rookie Topic Starter Posts: 39

    Sorry, yes the search results are hijacked in both browsers.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.