Solved malware hijack

Status
Not open for further replies.

today

New Member
Thread author
May 26, 2023
9
as the title says i have get rid of bestsearch ai now it switched to Searchesmia com.... and why it did that why i keep get ones after the other??? i did my Rkill run and it gave me that there is 20 host( that will show below). if anyone can help me please let me know and thank you.
* HOSTS file entries found:
127.0.0.1 007guard com
127.0.0.1 008i com

127.0.0.1 008k com

127.0.0.1 00hq com
127.0.0.1 010402 com

127.0.0.1 032439 com

127.0.0.1 0scan.com
127.0.0.1 1000gratisproben com

127.0.0.1 1001namen com

127.0.0.1 100888290cs com
 
Last edited by a moderator:

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
479
Hello..! Welcome to MalwareTips..! :)

Please follow the instructions below..:

 
  • Like
Reactions: today

today

New Member
Thread author
May 26, 2023
9
hello, thanks for taking the time to look into my issue. so i did run the FRST and got the 2 files for my issue with bestsearch ai showing on my google chrome that won't go away, plus i have this extension that would go away "ID: iglfjaeojcakllgbfalclepdncgidelo" i would be grateful for your time.
thank you.
 

Attachments

  • FRST.txt
    59.5 KB · Views: 8
  • Addition.txt
    68.8 KB · Views: 4
  • extension chrome.png
    extension chrome.png
    8.8 KB · Views: 5

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
479
Hello ..! :)

Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone


Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:
  • Fixlog.txt
 

Attachments

  • fixlist.txt
    9.5 KB · Views: 10

today

New Member
Thread author
May 26, 2023
9
thanks, and wow i looked at the txt file of mine i couldnt tell wat was wrong.
here is my fixlog txt
 

Attachments

  • Fixlog.txt
    156.9 KB · Views: 6

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
479
thanks, and wow

Hello ..! :)
And how does your computer behave after the repair..?

Next ....:

Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
In your next reply, please include:
  • The AdwCleaner[S0*].txt
 
  • Like
Reactions: today

today

New Member
Thread author
May 26, 2023
9
Hello ..! :)
And how does your computer behave after the repair..?

Next ....:

Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
In your next reply, please include:
  • The AdwCleaner[S0*].txt
hello, my computer behavior is alright i guess i cant tell :X, but google chrome still having an issue with it.
here is the file u asked for n thanks! btw i have done scans before but this is my last scan.
 

Attachments

  • AdwCleaner[S04].txt
    1.7 KB · Views: 2

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
479
Hello..! :)

Please run FRST tool once more, and attach for me fresh logs:
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach these two logs in your next reply.
 

today

New Member
Thread author
May 26, 2023
9
Hello..! :)

Please run FRST tool once more, and attach for me fresh logs:
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach these two logs in your next reply.
this part didnt show for me "When the tool opens click Yes to disclaimer."
Done.
 

Attachments

  • FRST.txt
    60 KB · Views: 2
  • Addition.txt
    61.2 KB · Views: 2

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
479
Thank you...! (y)

  • Double click Frst64.exe to launch it.
  • FRSTwill start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box:
Code:
Searchall: iglfjaeojcakllgbfalclepdncgidelo

  • Press the Search Files button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
479
Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone


Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:
  • Fixlog.txt
 

Attachments

  • fixlist.txt
    1.3 KB · Views: 7

today

New Member
Thread author
May 26, 2023
9
Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone


Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:
  • Fixlog.txt
done
 

Attachments

  • Fixlog.txt
    3.8 KB · Views: 1

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
479
Your computer is now clean...! :) That's all I'm going to ask you to do...:

  • Download KpRm and save it to your Desktop (see here if you must use Chrome)
  • Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
  • Right click on the icon and select Run as administrator
  • Click Yes on the Disclaimer
  • Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
  • Click Run
  • Click OK on All operations are completed
  • KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
  • You are free to remove any other tools/reports still remaining
  • Please copy and paste its contents in your next reply.
 

today

New Member
Thread author
May 26, 2023
9
Your computer is now clean...! :) That's all I'm going to ask you to do...:

  • Download KpRm and save it to your Desktop (see here if you must use Chrome)
  • Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
  • Right click on the icon and select Run as administrator
  • Click Yes on the Disclaimer
  • Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
  • Click Run
  • Click OK on All operations are completed
  • KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
  • You are free to remove any other tools/reports still remaining
  • Please copy and paste its contents in your next reply.
Done
 

Attachments

  • kprm-20230530225914.txt
    2.6 KB · Views: 2

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
479
That is all..! I mark the topic as SOLVED...!
Thank you for placing your trust in MalwareTips..!
Stay Safe...! :)
 
  • Like
Reactions: today
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top