Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spicetraffic giving my internet problems


  • Please log in to reply
3 replies to this topic

#1 irishmahon

irishmahon

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 08 March 2010 - 06:22 PM

My internet browsers have been hijack by adware.bho which i cant seem to remove and directs me to an ad from the group spicetraffic


i need help

Edited by Orange Blossom, 09 March 2010 - 12:22 AM.
Move to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 10 March 2010 - 07:33 PM

Hello :thumbsup:

Here's a Microsoft article that names "adware.bho":
http://www.microsoft.com/security/portal/T...in32%2FTracur.M

ATF Cleaner: (free program, temp file cleaner, deletes cookies)
http://www.atribune.org/index.php?option=c...5&Itemid=25
Instructions included at website.

Rkill:
"Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. Rkill is made by a Microsoft MVP “Lawrence Abrams” and is available in 4 different extensions. An .EXE, .COM, .SCR and a .PIF file.
The reason why Rkill comes in 4 different versions is because some malware will block .EXE files in an attempt to prevent you from running other malware removal tools, so this gets around that problem."

source: http://www.technibble.com/rkill-repair-tool-of-the-week/

Immediately after running Rkill, scan with Malwarebytes'.
Read this topic in its ENTIRETY (including Troubleshoot section):
How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
Posted by Grinler on February 16, 2010

http://www.bleepingcomputer.com/virus-remo...alware-tutorial

In your next reply, please include your Malwarebytes' scan results log for an official staff member to help you with.
Copy/paste the ENTIRE CONTENTS of the Malwarebytes' scan results log into your next reply.

I am not authorized to help with logs.

"only trained members of the following groups: Malware Response Team, Malware Study Hall Senior, Moderators or Administrators are allowed to help people with logs."

Also, please state specifically what symptoms, if any, you are still experiencing.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#3 irishmahon

irishmahon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 19 March 2010 - 06:40 PM

So I did rkill and ran malwarebytes with nothing detected with the quick scan (ran as administrator to gain access to all necessary files) was going to do full scan next seeing as it has detected this thing before calling it an adware.bho. I know I'm still infected because when I tried to load this page it took over like a pop-up but instead of popping up it replaces my page, F5 fixes the page but again I'm positive theres more going on.

#4 irishmahon

irishmahon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 19 March 2010 - 06:57 PM

Heres a malwarebytes scan from 3/9/10 by the way that has adware.mirar on it

Malwarebytes' Anti-Malware 1.44
Database version: 3836
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

3/9/2010 11:40:39 AM
mbam-log-2010-03-09 (11-40-39).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 342544
Time elapsed: 11 hour(s), 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$RECYCLE.BIN\S-1-5-21-3903322556-632712477-3017477609-1000\$RX4XJVC.tmp (Adware.Dropper) -> Quarantined and deleted successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users