Jump to content


Photo
- - - - -

I'm Infected "Search Settings v1.2.3"


  • This topic is locked This topic is locked
8 replies to this topic

#1 KelvinJ

KelvinJ

    New Member

  • Members
  • Pip
  • 4 posts

Posted 25 December 2011 - 12:34 PM

My computer has picked up a virus called "Search Settings v1.2.3" created by Spigot Inc. When I open Control Panel / Add-Remove Programs, it is there and of course will not allow me to remove it. It appears when I click on a desktop Icon, and takes 3-4 tries to cancel it. Once cancelled, my computer appears to work fine.

I ran a Quick scan in Malwarebytes' Anti-Malware, removed 9 infected items, but it did not get this virus. I then ran DDS as per your instructions, and have attached the two text files.

Help would be much appreciated.

Thanks,

Kelvin

Attached Files



#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 26 December 2011 - 11:57 AM

Welcome to the forum.
Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

http://www.howtogeek.../03/image51.png <---like this

------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Then......

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 KelvinJ

KelvinJ

    New Member

  • Members
  • Pip
  • 4 posts

Posted 26 December 2011 - 12:56 PM

Thanks MrCharlie...

Output reports attached as text file.

Thanks,

Kelvin


Welcome to the forum.
Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

http://www.howtogeek.../03/image51.png <---like this

------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Then......

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

Attached Files



#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 27 December 2011 - 10:34 AM

Did you install this program:

C:\Program Files\blekkotb

------------------------

Please do this:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    PRC - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    SRV - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    IE - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\URLSearchHook: _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
    IE - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
    O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003..\Run: [TwitterSubmitter] C:\Program Files\Twitter Submitter 4Pro\TwitterSubmitter4Pro.exe File not found
    O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MDG User\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    :Commands
    [createrestorepoint]
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 KelvinJ

KelvinJ

    New Member

  • Members
  • Pip
  • 4 posts

Posted 27 December 2011 - 12:19 PM

Attached File  12272011_095625.log   10.49KB   2 downloadsThanks MrC...

I did not intentionally install C:\Program Files\blekkotb. I followed your instructions and attached the .log file. It appears that the virus is gone.

Please advise as to next step if any.

Thanks,

Kelvin


Did you install this program:

C:\Program Files\blekkotb

------------------------

Please do this:
Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    PRC - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    SRV - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    IE - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\URLSearchHook: _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
    IE - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
    O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKU\S-1-5-21-366093904-2317613863-3767012734-1003..\Run: [TwitterSubmitter] C:\Program Files\Twitter Submitter 4Pro\TwitterSubmitter4Pro.exe File not found
    O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MDG User\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    :Commands
    [createrestorepoint]
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
MrC



#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 27 December 2011 - 01:02 PM

These types of tool/search bars are open to debate on whether to keep them or uninstall them, it's up to you.

If you want to it's listed in your programs add/remove programs:

"blekkotb" = Spam Free Search Bar

or here's instructions:

http://help.blekko.c...all-search-bar/

-----------------------------------

You have out of date Java on the system:

Older versions are vulnerable to malware.

Go to your control panels add/remove programs and uninstall all and any Java found.
Then download and run JavaRa to clear out any left-overs, info here
Then download and install the latest version: Version 6 Update 30

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

--------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 KelvinJ

KelvinJ

    New Member

  • Members
  • Pip
  • 4 posts

Posted 28 December 2011 - 10:10 AM

MrC....

I removed Blekko, installed latest version of Java, and ran Clean Up in OTL.

Although the virus does not seem to affect the performance of my computer, "Search Settings v1.2.3" still shows up in Add / Remove Programs.

Is this a problem?

Also, I have used CCleaner to clear my cache and Auslogics Disk De-frag for de-fragmentation about once a week. Should I keep doing this?

Finally, if I install Malwarebytes, would I run this in conjunction with Norton 360, get rid of Norton?

Thanks,

Kelvin


These types of tool/search bars are open to debate on whether to keep them or uninstall them, it's up to you.

If you want to it's listed in your programs add/remove programs:

"blekkotb" = Spam Free Search Bar

or here's instructions:

http://help.blekko.c...all-search-bar/

-----------------------------------

You have out of date Java on the system:

Older versions are vulnerable to malware.

Go to your control panels add/remove programs and uninstall all and any Java found.
Then download and run JavaRa to clear out any left-overs, info here
Then download and install the latest version: Version 6 Update 30

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

--------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC



#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 28 December 2011 - 10:29 AM

For the add/remove programs entry.........

Download HiJackThis from the link below:

http://www.trendmicr.../HijackThis.exe

Run HJT and click on Main Menu > Open the Misc Tools section > Open Uninstall Manager > Click on "Search Settings v1.2.3" > to the right you'll see Delete this entry > click on it and that will remove that entry from the list.

-----------------------------------------

Also, I have used CCleaner to clear my cache and Auslogics Disk De-frag for de-fragmentation about once a week. Should I keep doing this?


Yes that's OK to do, stay away from any registry cleaners though!

Finally, if I install Malwarebytes, would I run this in conjunction with Norton 360, get rid of Norton?


They should run well together, but I always suggest using Microsoft Security Essentials together with MBAM:
http://www.microsoft...curity/mse.aspx

There's a little tweaking that should be done though:
http://forums.malwar...18

Please let me know if you have any more questions, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 30 December 2011 - 04:07 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users