Spigot Removed but Browser Still Redirecting

Nitu

New Member
Thread author
Dec 28, 2013
13
I was alerted to infection from Webroot Secure when I turned on Machine on 12/26/213. Spent a few hours following removal guide but now IE and Mozilla are redirected to "http://search.yahoo.com/?type=198484&fr=spigot-yhp-ff" Chrome I was able to correct using the instructions.

Your Help Will be appreciated.

Attaching Logs for AdwCleaner and FRST Scan log but could not get aswmbr to run properly. Will try again and post in the AM.

Thank You
 

Attachments

  • AdwCleaner[S4].txt
    1.5 KB · Views: 110
  • Addition.txt
    24 KB · Views: 99
  • FRST.txt
    65.1 KB · Views: 234

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.
 

Attachments

  • fixlist.txt
    2.5 KB · Views: 177

Nitu

New Member
Thread author
Dec 28, 2013
13
Did as instructed. Attaching the file. Do you still need the log from aswMBR?

Opening up IE or Mozilla there is no more redirecting am going to keep fingers crossed.
 

Attachments

  • Fixlog.txt
    23.8 KB · Views: 231

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Good :)

We need another check:


Please download zoek.zip or zoek.rar by smeenk (
Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:

    Code:
    createsrpoint; 
    StandardSearch; 
    emptyfolderscheck; 
    installer-list; 
    installedprogs; 
    uninstall-list;
  • Click on
    Run%20Script%20by%20zoek.png
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"



Then...



Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.
  • Wait for initial scan to finish - if there is any query, click No;
  • Click Scan button and wait until the full scan is complete;
  • Click Save ... - save the report to the Desktop (named Gmer );

> Attach here Gmer logreports.
 

Nitu

New Member
Thread author
Dec 28, 2013
13
Okay here are the two logs you requested..still keeping my fingers crossed.

Thank You
 

Attachments

  • zoek-results.txt
    115.7 KB · Views: 123
  • Gmer1.txt
    6.1 KB · Views: 93

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
> Re-run zoek with this script and attach here fresh zoek log results.


Code:
autoclean;
emptyalltemp;
emptyclsid;
shortcutfix;
emptyfolderscheck;delete
ipconfig /flushdns >> %temp%\log.txt;b
iedefaults;
C:\Program Files (x86)\IObit Apps Toolbar;fs



Then...



Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  • Press Start Scan
  • If Suspicious object is detected, the default action will be Skip, click on Continue.
  • If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.
 

Nitu

New Member
Thread author
Dec 28, 2013
13
Attached are both files you requested. Hope my pc not gets a clean bill of health :D
 

Attachments

  • TDSSKiller.3.0.0.19_29.12.2013_22.51.29_log.txt
    205.9 KB · Views: 89
  • zoek-results2.txt
    20.2 KB · Views: 246

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
One more fix and, we're done.

> Re-run zoek with this script and attach here fresh zoek log results.


Code:
lipgolpfajiadodbcbljdpmbmbdmfcil;chr
emptyclsid;
autoclean;
emptyalltemp;



How are the thins now?
 

Nitu

New Member
Thread author
Dec 28, 2013
13
Sorry for delay..work got in the way. Here is the log from zoek. so far things look good.
 

Attachments

  • zoek-results3.txt
    7 KB · Views: 143

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Good, then we're done here :)


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top