So I've had a google hijack which links to adf : network (titties!) and fastsearch/hugosearch and I was wondering how to get rid of it
MBAM's full scan hasn't tackled the problem at all
Neither has hijackthis or avast
[QUOTE=geogzm;27194938]So I've had a google hijack which links to adf : network (titties!) and fastsearch/hugosearch and I was wondering how to get rid of it
MBAM's full scan hasn't tackled the problem at all
Neither has hijackthis or avast[/QUOTE]
Hijackthis isn't a malware remover. It merely creates logs of running processes, startup entries, etc.
Try and post a Hijack this log here for us to analyze.
[QUOTE=geogzm;27195693]
F2 - REG:system.ini: UserInit=userinit.exe,c:\program files (x86)\microsoft\watermark.exe,
[/QUOTE]
This appears to be the offending file.
Removal instructions are here:
[url]http://comprolive.com/remove/worm/ramnit/watermark-exe[/url]
<3<3<3
[img]http://gyazo.com/d47b8b79e61bdc92b5410993a9912c30.png[/img]
found the sucker
Still I would recommend removing your current antivirus (avast) and running a scan through with Microsoft Security Essentials (they are capable of finding the virus) to be sure it's not left any traces behind.
yeah I've done this
Argh shit it came back
Those instructions haven't helped at all. I followed them by deleting those files in safe mode and it's back.
Help!
i had this once it's a son of a bitch to remove, took days
if all else fails, just back up and reformat
ok but it might also be using a local proxy so check that (i don't remember how so sorry)
can't back up/reformat no recovery cd and system restore was useless
no in built system recovery either
stop suggesting people to format even though it's a shit to remove it
I'm pretty sure Combofix doesn't work on 64bit systems, so it'll only work if you have 32 bit. You could look here for ComboFix instructions: [url]http://forums.malwarebytes.org/lofiversion/index.php?t69915.html[/url]
You should delete all system restore points. People say they have removed it by going in safe mode, deleting watermark.exe and some files in c:/windows/temp, by running a couple of different scanners (you could try malware bytes, avira and MSE for example). Then look on HijackThis and remove the entries:
F2 - REG:system.ini: UserInit=userinit.exe,c:\program files (x86)\microsoft\watermark.exe
and I'm pretty sure this one isn't good either:
O4 - HKLM\..\Run: [rap] "C:\Program Files (x86)\ert\3.exe"
I'm not sure about these one, they seem to be random strings and I doubt they're much good, so you'll just have to look for yourself. If I was in your position, I would delete them.
O4 - .DEFAULT User Startup: ewqely.exe (User 'Default user')
O4 - .DEFAULT User Startup: fuakov.exe (User 'Default user')
O4 - .DEFAULT User Startup: idica.exe (User 'Default user')
[editline]9th January 2011[/editline]
oops just noticed "program files (x86)" so you have 64bit, so combofix is no option
Use Malware Bytes. Has never yet failed for me working on peoples computers.
[editline]9th January 2011[/editline]
Fuck rate me bad reading
[editline]9th January 2011[/editline]
Try updating MBAM and rescanning?
[editline]9th January 2011[/editline]
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
You need to update teamviewer to the newest version :v:
Sorry, you need to Log In to post a reply to this thread.