I recently had the Security Tool virus. Was able to get rid of that with Spyware Doctor, but now Google will display my searches, but when I click on something, I get ads, or another search somewhere. This happens in IE8 and Firefox. Other search engines seem to work most of the time (not always). I am attaching a HJT log. Please help if possible. Thanks.
Google search is being redirected
- Thread starter JMarge
- Start date
- Status
Bobbye
Posts: 16,313 +36
Before you undertake cleaning of the system, you need to highly reduce the number of Active X Objects you have running. These are in the add-ons. You have 74 add-ons running- the 016 entries in the HJT log:
From Wiki:
ActiveX is a framework for defining reusable software components (known as controls) that perform a particular function or a set of functions in Microsoft Windows in a way that is independent of the programming language used to implement them.
Malware, such as computer viruses and spyware, can be accidentally installed from malicious websites using ActiveX controls (drive-by downloads). Signed Java applets can also be used for such attacks,
From: Princeton Secure Internet Programming Team
http://www.cs.princeton.edu/sip/java-vs-activex.html
Until you greatly reduce the number of these vulnerabilities, there is not much use in cleaning the system. Each one of these is like an open door for malware- and the more doors you have open, the higher the chance you'll get malware and the more of it you'll get.
Please use this information and the links below to get your browser into a more secure environment. then it can be cleaned-and hopefully stay that way. By way of comparison, I have 12.
To view these add-on: Open IE> Tools> Manage add-ons>> there are two sections> 1. add-ons currently used and 2. add-ons previously used. You will find add-ons enabled in both sections.
You need to also remove the following Desktop Components:
O24 - Desktop Component 0: (no name) - http://www.irobotnow.com/en/images/desktops/ns5_clsc_ox_st1_lil.jpg
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Joyce/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B02BEF1C7-1599-485A-B27F-88B75B9DF96B%7D/Forward/image0044.gif
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/Joyce/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B4366E246-A1DE-42AD-A801-958CE5479752%7D/Forward/SCHNEE~2201.GIF
O24 - Desktop Component 3: (no name) - file:///C:/Documents%20and%20Settings/Joyce/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B4366E246-A1DE-42AD-A801-958CE5479752%7D/Forward/Baum306342.gif
O24 - Desktop Component 4: (no name) - file:///C:/Documents%20and%20Settings/Joyce/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B0A50EB9E-7CB4-4D89-A240-57E064B50BB3%7D/Forward/image0011221111.gif
O24 - Desktop Component 5: (no name) - file:///C:/Documents%20and%20Settings/Joyce/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B954D299A-F8A3-416A-8638-0A0471AA1D43%7D/Forward/image0045343.gif
O24 - Desktop Component 6: (no name) - http://www.sherrytorkos.com/images/background.gif
O24 - Desktop Component 7: (no name) - http://ent.allmyfaves.com/images/content.gif
O24 - Desktop Component 8: (no name) - http://www.theradio.com/images/tile_header.jpg
Remove 024 Desktop from HijackThis: as follows:
Click on Start> Control Panel> Display> Desktop> Customize Desktop> Web tab> uncheck and delete everything you find in there (except for "My current home page")> Also remove the check mark from the the Lock Desktop Items box if it is checked> Apply> OK> Close.
Make Internet Explorer safer. Follow the suggestions HERE
This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.
Consider these programs for Extra Security
Once you get your system safer, come back and follow all the steps HERE.
Attach the 3 logs for review.
Be sure to heck the line for removal of bad entries in both Malwarebytes ans Superantispyware. Do no remove any entries in the HJT- we instruct you on that.
From Wiki:
ActiveX is a framework for defining reusable software components (known as controls) that perform a particular function or a set of functions in Microsoft Windows in a way that is independent of the programming language used to implement them.
Malware, such as computer viruses and spyware, can be accidentally installed from malicious websites using ActiveX controls (drive-by downloads). Signed Java applets can also be used for such attacks,
From: Princeton Secure Internet Programming Team
http://www.cs.princeton.edu/sip/java-vs-activex.html
Until you greatly reduce the number of these vulnerabilities, there is not much use in cleaning the system. Each one of these is like an open door for malware- and the more doors you have open, the higher the chance you'll get malware and the more of it you'll get.
Please use this information and the links below to get your browser into a more secure environment. then it can be cleaned-and hopefully stay that way. By way of comparison, I have 12.
To view these add-on: Open IE> Tools> Manage add-ons>> there are two sections> 1. add-ons currently used and 2. add-ons previously used. You will find add-ons enabled in both sections.
You need to also remove the following Desktop Components:
O24 - Desktop Component 0: (no name) - http://www.irobotnow.com/en/images/desktops/ns5_clsc_ox_st1_lil.jpg
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Joyce/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B02BEF1C7-1599-485A-B27F-88B75B9DF96B%7D/Forward/image0044.gif
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/Joyce/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B4366E246-A1DE-42AD-A801-958CE5479752%7D/Forward/SCHNEE~2201.GIF
O24 - Desktop Component 3: (no name) - file:///C:/Documents%20and%20Settings/Joyce/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B4366E246-A1DE-42AD-A801-958CE5479752%7D/Forward/Baum306342.gif
O24 - Desktop Component 4: (no name) - file:///C:/Documents%20and%20Settings/Joyce/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B0A50EB9E-7CB4-4D89-A240-57E064B50BB3%7D/Forward/image0011221111.gif
O24 - Desktop Component 5: (no name) - file:///C:/Documents%20and%20Settings/Joyce/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B954D299A-F8A3-416A-8638-0A0471AA1D43%7D/Forward/image0045343.gif
O24 - Desktop Component 6: (no name) - http://www.sherrytorkos.com/images/background.gif
O24 - Desktop Component 7: (no name) - http://ent.allmyfaves.com/images/content.gif
O24 - Desktop Component 8: (no name) - http://www.theradio.com/images/tile_header.jpg
Remove 024 Desktop from HijackThis: as follows:
Click on Start> Control Panel> Display> Desktop> Customize Desktop> Web tab> uncheck and delete everything you find in there (except for "My current home page")> Also remove the check mark from the the Lock Desktop Items box if it is checked> Apply> OK> Close.
Make Internet Explorer safer. Follow the suggestions HERE
This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.
Consider these programs for Extra Security
- Spywareblaster:
- SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
- IE/Spyad
- This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
Once you get your system safer, come back and follow all the steps HERE.
Attach the 3 logs for review.
Be sure to heck the line for removal of bad entries in both Malwarebytes ans Superantispyware. Do no remove any entries in the HJT- we instruct you on that.
- Status
Similar threads
