Search Engine Redirect

Acer Acer one aod250-1165 netbook
June 30, 2010 at 19:08:52
Specs: Windows XP, Intel Pentium M, 512
I have tried Avast, Avast boot scan, SuperAntiSpyware, Malwarebytes, and they are not finding this redirect virus. Also, I am having a problem removing Hitman Pro from my computer. I used uninstall from Add/Remove Programs and the shortcut is still there; when I click on the shortcut, the program still runs. I need to clean that off my computer and I don't know how... please help, thank you.

See More: Search Engine Redirect

Report •


#1
June 30, 2010 at 19:43:36
go into all programs and uninstall hitman there.

You may want to run combofix:
http://www.bleepingcomputer.com/com...
follow the on-site instructions

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#2
July 1, 2010 at 16:08:37
Hitman Pro is not listed under All Programs. The shortcut is only on the desktop. When I right-click, there is no option to uninstall.

"ComboFix.exe has encountered a problem and needs to close." Any ideas? I did close all my programs and disabled anti-virus before trying to start it.

Thanks


Report •

#3
July 1, 2010 at 19:00:17
This infection stops you running removal programs, you will probably have to rename them & use Safe Mode. here is a routine that can be applied.

We can deal with the Hitman Pro issue later.

Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/mbam.php
Forum
http://www.malwarebytes.org/forums/
Error codes
http://forums.malwarebytes.org/inde...
Common Issues, Questions, and their Solutions, Frequently Asked Questions.
http://forums.malwarebytes.org/inde...
Try it in Safe mode.
If it won't run, rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
If it still will not run.
1: Go to Control Panel > Programs and Features and uninstall Malwarebytes.
Next redownload Malwarebytes but rename it before you download it to your desktop. As you are in the process of downloading when you get to the point that the "enter name of file to save to" box appears, in the "filename" slot, rename mbam-setup.exe to something.exe, then click Save.
If it installed but will not run, navigate to this folder:
2: C:\Programs Files\Malwarebytes' AntiMalware
At the top of the page, Tools > Folder Options > View, click > Show hidden files and folders and untick > Hide extensions for known file types.
How to see hidden files in Windows
http://www.bleepingcomputer.com/tut...
Rename all the .exe files in the Malwarebytes' Anti-Malware folder and try to run it again.
When it opens, update 1st.
If it won't update after installing, update manually.
http://www.malwarebytes.org/mbam/da...
Download & install.


Report •

Related Solutions

#4
July 2, 2010 at 09:06:30
As I said in my original post, Malwarebytes did not detect it. It does run and update fine though. Is it more likely to detect a virus in safe mode?

Report •

#5
July 2, 2010 at 10:11:58
Jessica, did you save combofix to your desktop and then run it?

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#6
July 2, 2010 at 10:17:09
Here is the MBAM log from safe mode:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4267

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/2/2010 10:48:34 AM
mbam-log-2010-07-02 (10-48-34).txt

Scan type: Full scan (C:\|)
Objects scanned: 190727
Time elapsed: 37 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#7
July 2, 2010 at 10:20:06
Yes, that's what I did when I got:
"ComboFix.exe has encountered a problem and needs to close."
yesterday. Any ideas? thanks

Report •

#8
July 2, 2010 at 10:22:04
I just got a pop up tab also that says registrydefender dot com.

Report •

#9
July 2, 2010 at 10:23:02
LOL...it's funny how some people don't read the origional post when answering ;-)
Jessica, try this:
http://www.geekstogo.com/forum/inde...
scroll down to post 2 to rename combofix, see if that works for you.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#10
July 2, 2010 at 10:40:31
Thanks, just tried according to those instructions, re-naming as instructed during download, stopped avast, then tried to start and got the same result.
"Combo-Fix.exe has encountered a problem and needs to close."

Report •

#11
July 2, 2010 at 10:57:35

Report •

#12
July 2, 2010 at 15:07:19
"As I said in my original post, Malwarebytes did not detect it"

I was'nt saying use Malwarebytes, substitute that program for any that won't run & use the tricks ( routine ) as per my post.

The infection has to be outsmarted for any program to run.


Report •

#13
July 2, 2010 at 16:08:36
If you get popups or any messages you don't understand, put the exact message into google.

After using Trojan Remover, do a manual check to see if RegistryDefender has been removed. I prefer the manual method.

registrydefender dot com

http://www.google.com.au/#hl=en&q=r...

http://www.2-viruses.com/remove-reg...


Report •

#14
July 2, 2010 at 18:05:01
How do I find out if its 64bit?

I ran the Trojan Remover. It didn't seem to report any problems and I still have the redirect and pop up virus. next? thanks


Report •

#15
July 2, 2010 at 18:08:27
I'm sorry, what is Registry Defender? I don't think I've ever had a program by that name. Just confused~ Also all my programs run fine, except for ComboFix. The only problem is the pop ups and redirects, and the internet runs, I am using it right now.

Here is a sample of one of the redirected sites:
http://guide-1 dot net


Report •

#16
July 2, 2010 at 18:11:12
Okay I looked at the google results for registry defender, & i have not seen any pop ups that said registry defender. that is not something that is happening on my computer. (??)

Report •

#17
July 2, 2010 at 18:18:57
Read your Response Number 8

Report •

#18
July 2, 2010 at 18:26:36
oooh. all the pop ups are different from one another, there have been many by now. so what do you mean by "the manual method"? I dont understand. so that one pop up means i have "registry defender"? thanks

Report •

#19
July 2, 2010 at 18:37:51
Ok, if you don't know what manual method means after reading the fixit page, that tells me a lot about your skill level.
You may need to get someone in to help, unless you want to have a go.

Here is the site again, instead of removing all the problem files manually, click on > Download Spyware doctor.
http://www.2-viruses.com/remove-reg...


Report •

#20
July 2, 2010 at 19:10:40
okay, it does say on that site "Although it is possible to manually remove RegistryDefender, such activity can permanently damage your system [...] manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. "
I am not an IT specialist by any means.

But it also says "it proceeds to scare its victim into buying the “product” by displaying fake security messages, stating that your computer is infected with spyware and only RegistryDefender can help you" which is why I was confused about your mentioning removing it because there are no fake security messages on my computer.

running spdoc now, will keep you updated, thanks


Report •

#21
July 2, 2010 at 19:21:43
Jessica, you can uninstall trojan remover because it is running clean. You can do that in all programs, it has it's own uninstaller.

I really don't know why combofix is not working for you, I know it works on 32 bit but not 64bit.

Here is how to tell if your system is 32bit or 64bit:
http://support.microsoft.com/kb/827218

What happened when you ran hitman Pro? Did it run clean for you?

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#22
July 2, 2010 at 19:38:28
Nice to see you, XpUser4Real-- it's 32 bit.
Here are the results from spdoc:

Adware.Huntbar 5 infections
RogueAntispyware.Atnivirus 2008 3 infections
Spyware.Known_Bad_Sites 1 infections
Application.Tracking Cookies 13 infections
Hijacker.Affiliated_With_Browser_Hijackers 1 infection
Application.GameVance 2 infections

Hopefully that helps. I don't see where spdoc creats a log.

I did not run Hitman since its kinda useless (for removal) and won't get off my computer (creepy) but I will run it and tell you what it says.

thanks


Report •

#23
July 2, 2010 at 19:43:40
"I did not run Hitman since its kinda useless"
This & Combofix are top removal tools, be interesting to see what it does now.


Report •

#24
July 2, 2010 at 19:46:07
Hitman:
possible variant of the TDL3 alias Alureon Rootkit detected
Proxy server on this computer (I could've sworn I fixed that)
iaStor.sys Rootkit

Report •

#25
July 2, 2010 at 19:58:19
Now download Combofix again ( do not use the previous one )

Go down to all the logo's next to the clock, right click on them & shut/close. No virus, infection programs or firewall should be running in the background.

To make sure, disconnect from the internet.

Now run combofix & do not touch the mouse or keyboard unless instructed.


Report •

#26
July 2, 2010 at 19:58:56
"possible variant of the TDL3 alias Alureon Rootkit detected
Proxy server on this computer (I could've sworn I fixed that)
iaStor.sys Rootkit"

remove that with Hitman Pro and then run it till it is clean...it is a good rootkit cleaner

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#27
July 2, 2010 at 20:11:49
Jessica I found this page for you, read it carefully and use the TDSS killer:
http://www.bleepingcomputer.com/vir...

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#28
July 3, 2010 at 12:28:54
"Hitman Pro will still scan your computer for infections, but in order to remove malware you need a new license. Buy Now"

I ran the TDSS remover (THANK YOU) and then ran Hitman's scan again. Even though Hitman won't remove malware unless someone pays it to, it did repair the proxy server and delete a tracking cookie. The other results were gone.

Yay! I clicked on several google results and none are redirecting!!

Now, how can I get Hitman off my computer? And can I get combo fix off by deleting the shortcut on the desktop?


Report •

#29
July 3, 2010 at 14:39:45
did your 30 day trial expire with Hitman Pro? That is the only reason it would ask you to buy a license.
Glad to hear the TDSS killer worked for you, hopefully you will be fine now.

For combofix:
Go to to Start > Run
Type in box

combofix /uninstall

Note: the space between the X and the /u
Press Enter.
This command will delete the following:

ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

◦Reset the clock settings.
◦Hide file extensions, if required.
◦Hide System/Hidden files, if required.
◦Reset System Restore.

For Hitman Pro, first uninstall it from all programs and then check to see if it is still in add/remove.
If it is, just uninstall it there and it should all be gone.

I would suggest you install and use Spyware Blaster:
http://www.filehippo.com/download_s...
Also I would suggest Ccleaner Slim (no toolbar)
http://www.piriform.com/ccleaner/bu...
it is the last one in the list.

Run the cleaner and then click on the registry icon. No use to save backups, just let it clean out all it finds.
Thant should keep you going for awhile. Good Luck ;-) Glad to help you

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#30
July 3, 2010 at 16:12:59
As per your > Response Number 2 & now Response Number 28, if after running CCleaner you still can't remove Hitman, I would download the latest version & install again. There are many other methods, but this may be the simplest, you should now be able to go to Add & Remove to uninstall.

There are many sites offering this program illegally, this is the correct site.

http://www.surfright.nl/en/downloads/


Report •

#31
July 4, 2010 at 09:39:39
I installed spyware blaster and Ccleaner.

Originally before I started this thread I uninstalled hitman from add/remove programs and it then disappeared from add/remove and from all programs at that time. The problem has been that the shortcut remained on the desktop and I know that the program is still on my computer because when I click on the shortcut, it runs.

when I tried to uninstall combofix, it said windows couldnt find that program. my guess is combofix never got a chance to install itself because it wouldn't run to begin with, but i want to pass that by you before just deleting the ("Shorcut?") on my desktop.


Report •

#32
July 4, 2010 at 13:10:51
Hitman Pro is not hard to remove. Do you say you uninstalled it from add/remove and now if you click on the icon on the desktop it still runs? If that is the case you will have to uninstall it from all programs. When you do that, the icon will also dissappear.

Combofix, I think the last time you used it you renamed it to combo-fix.exe If I'm not mistaken. Then try this:

For combofix:
Go to to Start > Run
Type in box

combo-fix /uninstall

Note: the space between the X and the /u
Press Enter.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#33
July 6, 2010 at 08:42:56
Hi, sorry I must not be clearly communicating. I have been trying to say that Hitman is not listed in all programs. Therefore I cannot uninstall it from all programs, because it is not there.

I did think of the renaming already and tried that, it did not work. I did use the space. I also tried it with caps in case it was case-sensitive (Combo-Fix). It can't find the program. thanks


Report •

#34
July 6, 2010 at 11:40:32
Original post.
"I used uninstall from Add/Remove Programs and the shortcut is still there;"

Response Number 2
"Hitman Pro is not listed under All Programs."

That was one of the reasons, I suggested a fresh download ( don't use the old download ) & reinstalling again. When you do try to uninstall again, make sure it is not running in the backgrounnd, check down next to the clock.
Response Number 25


Report •

Ask Question