Cannot remove registry hijacks

Status
Not open for further replies.

Doug8765

Posts: 275   +8
Hi -
I regularly use Malwarebytes. Yesterday and today it finds 11 security.hijack items, tells me it will delete them if I reboot and then does not remove them. I have been working at removing them using every tool I know of and they are still there when I am done. I have run Malwarebytes more times than I can count.

I attach logs from Malwarebytes and HijackThis. I did all the steps from the 8-step virus removal process. I have used CCleaner a bunch of times. I have run SuperAntivirus several times, but it only gives the message that nothing was found and then does not give me a .txt file.

An example of one of the security.hijack items:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe

Other tools:
  • Advanced System Care 3
  • NTREGOPT
  • PC Tools Registry Mechanic

I would appreciate help removing these.
 
Hi Hemant -
I downloaded smitfraudfix.exe from BleepingComputer. I could not find it on gur.in.

I ran it and it had no effect. I did the Check for updates (#4) and the Search and clean DNS Hijack (#5). When I was done I ran malwarebytes and there still were 11 security.hijacks after I ran it and rebooted.

Any other ideas?

Doug
 
Hi

Hi

Go to the website Gur.in -- Left hand pane look for an option for downloads --

Under Downloads Look for DownloadsCategories
You have a file for Registry Fixes

Try and run that file and hope will help you

As you mentioned that you are using malware bytes - That application will detect files even if you are using limewire or any other similar application --

Take care --
Hemant
 
Hi Hemant -
Yes, I found it on gur.in. I ran it, rebooted and still have the security.hijack errors when I run malwarebytes. I rebooted repeatedly. Nothing.

I've been using malwarebytes for the entire year and it never before had junk left over, so I think this is real.

Doug
 
Hi Doug,

Please Download ComboFix.
cf-icon.jpg


  • Shut down all Anti-virus anti-spyware programs and close all windows icluding this one.
  • Run it and when this screen comes up Click Yes
    disclaimer.jpg
    "]
  • When the Recovery Console Screen comes up, click yes and wait for it to install.
  • Then another screen will come up after it is done installing looking like the picture below. Make sure to click yes and let it continue it's scan.
    recovery-console-installed.jpg
  • It will then complete stages up to a total of 50. When it is done, post the log.
 
Hi AnonymousSurfer -
Your ComboFix tells me that my OS is incompatible, that it only works on Windows 2000 and XP.

My first posting in this thread said that I had run SuperAntispyware several times. Each time it says that there is nothing to report and it does not offer a text file.

Thanks for the suggestions.

Doug
 
Hi -
Without doing anything new the security.hijack entries are now gone. I just now ran malwarebytes once again and it shows it is clean. I have attached it, although all it shows is that it is now clean. That's the way I like to keep it.

So thanks to all. I guess persistence counts for something.

Doug
 
I suspect that MBAM flashed some false hits. It's possible that updated definitions corrected the problem.

I used System Lookup for files listed in the earlier mbam log. Based on a sample of 2, both belonged to BitDefender.

System Lookup found here.
 
Status
Not open for further replies.
Back