Help spyware adware hijacker problems

By datofarid ยท 13 replies
Dec 10, 2008
  1. hello. I'm new here and i don't know whats going on with my pc.
    suddenly my internet explorer (well im using avant) cant load page.
    once i start the pc i can surf and about 30 minutes all pages cannot load. unless if i refresh many times.
    this happend before but i used hijackthis to delete and everythings ok till yesterday.
    i repeated the same thing but it seems like the R0 prob is still there.
    i suspect it was my YM.
    so i deleted my YM.
    and it seems a BIT ok.
    but i cant reinstall my YM now.
    oh my..
    i've tried everything i know.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)

    the R0 is definitely blank. while the other three have yahoo website n others.
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi datofarid

    Do all between the lines first!
    D/L Xclean_Micro
    No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

    Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

    Please make a note of what it found if any as it has no log.
    If it finds several things reboot to Safe Mode and run again before continuing below.

    Malware Removal Tool by Joe Pestro


    Then continue here after reboot to normal mode.

    Do the TechSpot 8 steps:

    Skip no steps (do not install another virus scanner if you already have one).

    Most importantly update MalwareBytes and SuperAntiSptware!

    Before you scan with SuperAntiSpyWare do the below:

    SuperAntispyware extra config

    After installed double-click the icon on your desktop to run it.

    Update the program definitions.

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

    MalwareBytes extra config

    After update but before running
    Click settings and confirm all are Checked.

    I repeat Update these 2 programs.

    Run them and attach their logs.

    Do this correctly and we will make a short job of this!

    If they will not update then try running without updates. If they will not update or run then do the below:

    Special case where after installing MBAM and SAS they will not update or run.

  3. datofarid

    datofarid TS Rookie Topic Starter Posts: 18

    hey there

    i'll try to do it now since i've just finished downloading all the softwares.
    but what about my internet explorer properties.?
    the homepage area is totally blank.
    there's only http///
    i used super antispyware just now to make sure my homepage does not change n notify me if my home page has changed.
    and the notifications appear every 5 seconds.
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    If you can download and run the tools it will fix those issues. Since they are the cause of this we fix them IE will be OK!

    Just git r dun!

  5. datofarid

    datofarid TS Rookie Topic Starter Posts: 18

    there you go.

    there you go.

    i cannot install my yahoo massenger.
    during the 6th step.
    the downloading maintan at 0%.
    and sometimes at 1%.
    and after an hour i checkd it again.
    it became 100% but nothing happened. =(
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    -> No action taken on MBAM scan, for found issues
    Please re-run Malwarebytes
    Confirm updated (third tab)
    Then do the above quoted message, but this time "Remove all found issues"
  7. mflynn

    mflynn TS Rookie Posts: 2,655

    Yeah it is always a good idea to remove them after you find them.

    DO NOT be installing or uninstalling other programs while cleaning Malware. You risk both reinfection and interfereing with the cleanup process.

    If you were to read the log you would see WindowsLive messenger is already infected.

    Do not worry about Java at this time.

    Get us an SAS log in addition to the mew MBAM log after cleaning.

    Run HJT Scan only Select and remove the below:
    O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

  8. datofarid

    datofarid TS Rookie Topic Starter Posts: 18


    ok i've done all of it.
    and it seems ok.
    and i've deleted the BHO file in hijackthis.
    =) heres the new log.
  9. mflynn

    mflynn TS Rookie Posts: 2,655

    You are not removing them, the log says "No Action taken"!!??

    You have to click next to remove! See post #6.

    These scans take too long to just click out at the end and not remove what they found.

    I wouldn't know why it would be running better as you have removed/cleaned nothing.

    And where is the SAS log and a new HJT log?

  10. datofarid

    datofarid TS Rookie Topic Starter Posts: 18

    i thot they've deleted all of them.

    heres the HJT log.

    now im scanngin with SAS

    oops . *scaning*

    there you go pal.
  11. mflynn

    mflynn TS Rookie Posts: 2,655

    At sometime in the past ComboFix has been run on this computer.

    So lets do that one more time.


    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here:
    Or here:

    Double click combofix.exe follow the prompts.

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Post log. And now give me a status look and feel how does everything work now. What problems remain.

    EDIT: Did you do do the Special case Fixit?

  12. datofarid

    datofarid TS Rookie Topic Starter Posts: 18


    sorry was busy with my assignment.=)

    i didnt do the special kit fixit.

    i found some file yesterday in the quarantine zone in my MBAM.
    should i delete it.?

    heres the combofix n HJT logs.
  13. mflynn

    mflynn TS Rookie Posts: 2,655

    Good morning datofarid

    Yes clear the Quarantine!

    Run HJT select and remove the below.
    O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

    Please run Special case where after installing MBAM and SAS they will not update or run.


    Run ComboFix again there were a lot of deletions (possibly false positives) we need to see what is left after last combofix run. Attach new log.


    Download SD Fix to Desktop among other things Catchme to look for RootKits.

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.

  14. datofarid

    datofarid TS Rookie Topic Starter Posts: 18

    hey sorry dude.
    assignments :(
    hey mike.
    my PC now seems good i think.
    but i'll do the SDFix thingy after this. :)
    u know when we watch youtube, theres a "watch in high quality" that we cn click right.?
    if i use mozilla its there.
    but when i use avant browser (my favourite browser) its not there.
    after i update the latest version, it was there again but then after i restart my PC, there you go, it disappeared.

    or is it because of youtube itself.?
    cause just now i used firefox its not there too.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...