TechSpot

Safenavweb virus

By jhm2341
Jan 2, 2008
  1. I need help removing the safenavweb virus.
     
  2. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

    How to remove safenavweb.com hijacker

    Symptoms: system keeps popping up warning messages & launching Internet Explorer & directing it to safenavweb.com

    For fix safenavweb.com malware, make follow steps:

    Download HijackThis and save the file to your desktop.
    Double click on the file to extract it to it’s own folder on the desktop.

    Download CCleaner. Double click on the file for install.
    Download and unzip Avenger to your desktop.
    Download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Reboot your computer again in Safe Mode by doing the following:

    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.

    Start HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspkfxt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O21 - SSODL: hostctrl - {20D7F2C0-86AB-4F63-88E4-E3F4887E0CC1} - C:\WINDOWS\hostctrl.dll
    O21 - SSODL: hstsys - {44195BC8-06C2-4D25-81E9-1607B1313715} - C:\WINDOWS\hstsys.dll

    Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

    Boot your PC again in Safe Mode.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).

    You will be prompted : “Registry cleaning - Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.

    The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.

    Download the HostsXpert 3.7 - Hosts File Manager.

    # Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
    # Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
    # Click “Make Hosts Writable?” in the upper right corner (If available).
    # Click Restore Microsoft’s Hosts file and then click OK.
    # Click the X to exit the program.
    # Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

    Run CCleaner.

    Click Analyze button. After scan your system, click Run Cleaner.

    Reboot your PC.

    If you are still having problems with spyware after completing these instructions, then please follow the steps outlined in the topics linked below
     
  3. momok

    momok TS Rookie Posts: 2,265

    Avenger is an extremely powerful tool that should not be used without the guidance of an expert in logs.

    Please refrain from advocating its use unnecessarily.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...