Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think I'm infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I think I'm infected

Unread postby diver79 » November 26th, 2011, 12:32 pm

Hi mjp1531,

We are going to remove the policies that are protecting Internet Explorers home page. Please run the fix below and let me know if the IE homepage changes back to smartwebsearch.

Step 1 - Create a System Restore Point
  • Right-click on the Computer icon and select Properties.
  • In the left pane under Tasks ... click on System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  • Select the System Protection tab ...then choose Create.
  • In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  • Click OK ...then close the System Restore dialog.
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.
If you have successfully created a System Restore Point...we can proceed.

Step 2 - Run OTL Script
We need to run an OTL Fix
  • Right-click on OTL.exe and select Run as Administrator.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [clearallrestorepoints]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm
Advertisement
Register to Remove

Re: I think I'm infected

Unread postby mjp1531 » November 26th, 2011, 1:54 pm

I found a folder titled Youtube Downloader which my room mate must have downloaded at some point. In that folder was a smartwebsearch url so I tried to delete it. It wouldn't let me delete the folder because it said it was running somewhere. So I ran task manager and killed its process. Then went to control panel and made sure it wasn't a program I could uninstall which it wasn't. I then used Ccleaner to erase the folder and dump the recycle bin. IE is back to normal and so is Google Chrome. It appears that the problem is now gone though.
mjp1531
Active Member
 
Posts: 14
Joined: November 9th, 2011, 1:42 pm

Re: I think I'm infected

Unread postby diver79 » November 28th, 2011, 9:40 am

Hi mjp1531,

It seems that may have been the culprit alright. Your first set of logs did include a program called YouTube Downloader 3.4. I would check that this is no longer installed before performing the cleanup steps below.

Clean up with OTL
  • Right click OTL.exe and select Run as Administrator. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Create a new, clean System Restore point
  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush infected System Restore points
  • Click on the Start button, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection.
  • Click the Configure button.
  • Press the Delete button to delete all restore points. Click Continue if prompted.
  • Click OK to return to the System Protection Window.
  • Press the Create button to create a new clean restore point. You can name the restore point All Clean in the next prompt
  • Press the Close button and then OK to exit the System Protection Window.

Additional Security Tips.
Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia. This app will monitor programs on your computer for known vulnerabilities. You can set it to auto-update for you, or just prompt you if an update is available. I highly recommend it.
F-secure Health Check - Copyright © F-Secure Corporation. F-Secure Health Check is a free application that tells you if your computer is protected and helps you fix possible security issues.


Read, stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: I think I'm infected

Unread postby Cypher » November 29th, 2011, 12:13 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 111 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware