Cannot remove registry hijacks

By Doug8765
Dec 22, 2009
Topic Status:
Not open for further replies.
  1. Hi -
    I regularly use Malwarebytes. Yesterday and today it finds 11 security.hijack items, tells me it will delete them if I reboot and then does not remove them. I have been working at removing them using every tool I know of and they are still there when I am done. I have run Malwarebytes more times than I can count.

    I attach logs from Malwarebytes and HijackThis. I did all the steps from the 8-step virus removal process. I have used CCleaner a bunch of times. I have run SuperAntivirus several times, but it only gives the message that nothing was found and then does not give me a .txt file.

    An example of one of the security.hijack items:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe

    Other tools:
    • Advanced System Care 3
    • NTREGOPT
    • PC Tools Registry Mechanic

    I would appreciate help removing these.
  2. Hemantdhyani

    Hemantdhyani Newcomer, in training Posts: 41

    Hi

    Hi


    Download and run SmitfraudFix form Gur.in and that will take care of the same



    Take care

    Hemant
  3. Doug8765

    Doug8765 TechSpot Enthusiast Topic Starter Posts: 164

    Hi Hemant -
    I downloaded smitfraudfix.exe from BleepingComputer. I could not find it on gur.in.

    I ran it and it had no effect. I did the Check for updates (#4) and the Search and clean DNS Hijack (#5). When I was done I ran malwarebytes and there still were 11 security.hijacks after I ran it and rebooted.

    Any other ideas?

    Doug
  4. Hemantdhyani

    Hemantdhyani Newcomer, in training Posts: 41

    Hi

    Hi

    Go to the website Gur.in -- Left hand pane look for an option for downloads --

    Under Downloads Look for DownloadsCategories
    You have a file for Registry Fixes

    Try and run that file and hope will help you

    As you mentioned that you are using malware bytes - That application will detect files even if you are using limewire or any other similar application --

    Take care --
    Hemant
  5. Doug8765

    Doug8765 TechSpot Enthusiast Topic Starter Posts: 164

    Hi Hemant -
    Yes, I found it on gur.in. I ran it, rebooted and still have the security.hijack errors when I run malwarebytes. I rebooted repeatedly. Nothing.

    I've been using malwarebytes for the entire year and it never before had junk left over, so I think this is real.

    Doug
  6. AnonymousSurfer

    AnonymousSurfer TechSpot Enthusiast Posts: 307   +11

    Hi Doug,

    Please Download ComboFix.
    [​IMG]

    • Shut down all Anti-virus anti-spyware programs and close all windows icluding this one.
    • Run it and when this screen comes up Click Yes
      [​IMG]"]
    • When the Recovery Console Screen comes up, click yes and wait for it to install.
    • Then another screen will come up after it is done installing looking like the picture below. Make sure to click yes and let it continue it's scan.
      [​IMG]
    • It will then complete stages up to a total of 50. When it is done, post the log.
  7. AnonymousSurfer

    AnonymousSurfer TechSpot Enthusiast Posts: 307   +11

    Please Download and post SUPERAntiSpyware as well. You seemed to have been missing that.
  8. Doug8765

    Doug8765 TechSpot Enthusiast Topic Starter Posts: 164

    Hi AnonymousSurfer -
    Your ComboFix tells me that my OS is incompatible, that it only works on Windows 2000 and XP.

    My first posting in this thread said that I had run SuperAntispyware several times. Each time it says that there is nothing to report and it does not offer a text file.

    Thanks for the suggestions.

    Doug
  9. Doug8765

    Doug8765 TechSpot Enthusiast Topic Starter Posts: 164

    Hi -
    Without doing anything new the security.hijack entries are now gone. I just now ran malwarebytes once again and it shows it is clean. I have attached it, although all it shows is that it is now clean. That's the way I like to keep it.

    So thanks to all. I guess persistence counts for something.

    Doug
  10. rf6647

    rf6647 TechSpot Maniac Posts: 931

    I suspect that MBAM flashed some false hits. It's possible that updated definitions corrected the problem.

    I used System Lookup for files listed in the earlier mbam log. Based on a sample of 2, both belonged to BitDefender.

    System Lookup found here.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.