Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Searchnu removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Searchnu removal

Unread postby kizzer1102 » July 19th, 2012, 6:52 pm

All processes killed
========== OTL ==========
HKEY_USERS\S-1-5-21-1486715935-242868176-2598389495-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1486715935-242868176-2598389495-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C34F1341-62B9-49C1-A40F-39887D0CB88B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C34F1341-62B9-49C1-A40F-39887D0CB88B}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Leslie\Downloads\cmd.bat deleted successfully.
C:\Users\Leslie\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Leslie
->Temp folder emptied: 2297835 bytes
->Temporary Internet Files folder emptied: 686206 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 75727307 bytes
->Flash cache emptied: 1841 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10684 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Leslie
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Leslie
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07192012_080759

Files\Folders moved on Reboot...
File move failed. C:\Users\Leslie\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/07/16 08:18:31 | 000,000,000 | ---- | M] () C:\Users\Leslie\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5

Registry entries deleted on Reboot...
kizzer1102
Regular Member
 
Posts: 28
Joined: July 9th, 2012, 7:53 pm
Advertisement
Register to Remove

Re: Searchnu removal

Unread postby kizzer1102 » July 19th, 2012, 8:59 pm

C:\Users\Leslie\Documents\Homework\Research\SoftonicDownloader_for_spss.exe a variant of Win32/SoftonicDownloader.A application
C:\_OTL\MovedFiles\07112012_232343\C_Users\Leslie\AppData\Local\Temp\SetupDataMngr_Searchqu.exe a variant of Win32/Toolbar.SearchSuite application
kizzer1102
Regular Member
 
Posts: 28
Joined: July 9th, 2012, 7:53 pm

Re: Searchnu removal

Unread postby kizzer1102 » July 19th, 2012, 9:15 pm

After we got the anti-virus disabled there were no problems completing your instructions, thank you for the additional instructions on disabling it.

I had two threats from the ESET online scanner shown above.
kizzer1102
Regular Member
 
Posts: 28
Joined: July 9th, 2012, 7:53 pm

Re: Searchnu removal

Unread postby pgmigg » July 19th, 2012, 9:40 pm

Hello kizzer1102,
After we got the anti-virus disabled there were no problems completing your instructions, thank you for the additional instructions on disabling it.
You are welcome! :)

Upload File/Files for testing

  1. Please go to Virustotal
  2. Copy/paste this file with path into the white box at the top:
    C:\Users\Leslie\Documents\Homework\Research\SoftonicDownloader_for_spss.exe
  3. Press Submit - this will submit the file for testing.
    Note: If you will see a message "File already analysed", please click on "Reanalyse" button.
  4. Please wait for all the scanners to finish.
  5. Then copy and paste the permalink (web address) in your next response.
    Example of web address:
    Image

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Searchnu removal

Unread postby kizzer1102 » July 19th, 2012, 10:00 pm

kizzer1102
Regular Member
 
Posts: 28
Joined: July 9th, 2012, 7:53 pm

Re: Searchnu removal

Unread postby pgmigg » July 20th, 2012, 12:38 am

Hello kizzer1102,

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Java Auto Updater
    Java(TM) 6 Update 33
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Step 2.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (7u5) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Click the "Download JRE" button to the right.
  3. Check "Accept License Agreement "
  4. Locate the entry for Windows x64, click on the associated file name, then save the file to your Desktop.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From Desktop please right-click on jre-7u5-windows-x64.exe select "Run As Administrator..." to install the newest version.
  3. Follow the on-screen directions. When installation is completed successfully, please reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel and click on the JAVA icon.
  2. Press the Advanced tab and press the [+] to expand the JRE Auto-Download.
  3. CHECK "Never Auto-Download". (You can check for updates manually.)
  4. Press Apply and OK, then close the Java Control Panel and exit Control Panel.

Step 3.
Disable Symantec Endpoint Protection
  1. Open Symantec Endpoint Protection and then click Change settings from the left menu bar.
  2. Click Configure Settings next to Antivirus and Antispyware Protection.
  3. Click the File System Auto-Protect tab and uncheck the box labeled Enable File System Auto-Protect. Click OK.
  4. Click Configure Settings next to Proactive Threat Protection. Uncheck the boxes labeled Scan for trojans and worms and Scan for keyloggers.
  5. Click OK.

Step 4.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Files
    C:\Users\Leslie\Documents\Homework\Research\SoftonicDownloader_for_spss.exe
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    

  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 5.
OTL - Cleanup
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.


Then:
Please don't forget to enable all your defense software!

Finally, please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Searchnu removal

Unread postby kizzer1102 » July 21st, 2012, 12:19 am

Finished the instructions from the last post. But I still have the "searchnu" tab come up when I open Google Chrome. I tried to change my search engine settings but the only search engine I have on the list is google.com, which is set as my default. How can I get rid of this second tab that pops up when I open chrome?
kizzer1102
Regular Member
 
Posts: 28
Joined: July 9th, 2012, 7:53 pm

Re: Searchnu removal

Unread postby pgmigg » July 21st, 2012, 12:53 am

Hello kizzer1102,
But I still have the "searchnu" tab come up when I open Google Chrome.
If Chrome is still redirecting you then first use the instructions here to change your home page to something like google.com or some other clean site. Then reboot your system and see if Chrome is still being redirected.

If it's still being redirected after changing your home page then please uninstall Chrome then download and install a clean copy.

Please let me know if this resolves your issues.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Searchnu removal

Unread postby kizzer1102 » July 21st, 2012, 8:00 am

Yep, the "Open a specific page or set of pages" was selected under the google chrome settings. When I edited the settings "searchnu" was on the list. I deleted it and now I do not see it come up when I open up the browser.

Thank you very much for your help! :-)
kizzer1102
Regular Member
 
Posts: 28
Joined: July 9th, 2012, 7:53 pm

Re: Searchnu removal

Unread postby pgmigg » July 21st, 2012, 10:23 am

You are very welcome, kizzer1102! :D

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Searchnu removal

Unread postby deltalima » July 21st, 2012, 10:49 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware