TechSpot

Cannot remove registry hijacks

By Doug8765
Dec 22, 2009
  1. Hi -
    I regularly use Malwarebytes. Yesterday and today it finds 11 security.hijack items, tells me it will delete them if I reboot and then does not remove them. I have been working at removing them using every tool I know of and they are still there when I am done. I have run Malwarebytes more times than I can count.

    I attach logs from Malwarebytes and HijackThis. I did all the steps from the 8-step virus removal process. I have used CCleaner a bunch of times. I have run SuperAntivirus several times, but it only gives the message that nothing was found and then does not give me a .txt file.

    An example of one of the security.hijack items:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe

    Other tools:
    • Advanced System Care 3
    • NTREGOPT
    • PC Tools Registry Mechanic

    I would appreciate help removing these.
     
  2. Hemantdhyani

    Hemantdhyani TS Rookie Posts: 38

    Hi

    Hi


    Download and run SmitfraudFix form Gur.in and that will take care of the same



    Take care

    Hemant
     
  3. Doug8765

    Doug8765 TS Booster Topic Starter Posts: 189

    Hi Hemant -
    I downloaded smitfraudfix.exe from BleepingComputer. I could not find it on gur.in.

    I ran it and it had no effect. I did the Check for updates (#4) and the Search and clean DNS Hijack (#5). When I was done I ran malwarebytes and there still were 11 security.hijacks after I ran it and rebooted.

    Any other ideas?

    Doug
     
  4. Hemantdhyani

    Hemantdhyani TS Rookie Posts: 38

    Hi

    Hi

    Go to the website Gur.in -- Left hand pane look for an option for downloads --

    Under Downloads Look for DownloadsCategories
    You have a file for Registry Fixes

    Try and run that file and hope will help you

    As you mentioned that you are using malware bytes - That application will detect files even if you are using limewire or any other similar application --

    Take care --
    Hemant
     
  5. Doug8765

    Doug8765 TS Booster Topic Starter Posts: 189

    Hi Hemant -
    Yes, I found it on gur.in. I ran it, rebooted and still have the security.hijack errors when I run malwarebytes. I rebooted repeatedly. Nothing.

    I've been using malwarebytes for the entire year and it never before had junk left over, so I think this is real.

    Doug
     
  6. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    Hi Doug,

    Please Download ComboFix.
    [​IMG]

    • Shut down all Anti-virus anti-spyware programs and close all windows icluding this one.
    • Run it and when this screen comes up Click Yes
      [​IMG]"]
    • When the Recovery Console Screen comes up, click yes and wait for it to install.
    • Then another screen will come up after it is done installing looking like the picture below. Make sure to click yes and let it continue it's scan.
      [​IMG]
    • It will then complete stages up to a total of 50. When it is done, post the log.
     
  7. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 451   +37

    Please Download and post SUPERAntiSpyware as well. You seemed to have been missing that.
     
  8. Doug8765

    Doug8765 TS Booster Topic Starter Posts: 189

    Hi AnonymousSurfer -
    Your ComboFix tells me that my OS is incompatible, that it only works on Windows 2000 and XP.

    My first posting in this thread said that I had run SuperAntispyware several times. Each time it says that there is nothing to report and it does not offer a text file.

    Thanks for the suggestions.

    Doug
     
  9. Doug8765

    Doug8765 TS Booster Topic Starter Posts: 189

    Hi -
    Without doing anything new the security.hijack entries are now gone. I just now ran malwarebytes once again and it shows it is clean. I have attached it, although all it shows is that it is now clean. That's the way I like to keep it.

    So thanks to all. I guess persistence counts for something.

    Doug
     
  10. rf6647

    rf6647 TS Maniac Posts: 829

    I suspect that MBAM flashed some false hits. It's possible that updated definitions corrected the problem.

    I used System Lookup for files listed in the earlier mbam log. Based on a sample of 2, both belonged to BitDefender.

    System Lookup found here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...