Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Snap.do Hijacking Firefox


  • This topic is locked This topic is locked
6 replies to this topic

#1 PerkyVixen

PerkyVixen

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 22 October 2012 - 02:45 AM

OK, So I'm a newby....Please don't kill me. When I told my "friend" Snap.do had hijacked Firefox he gave me the "OMG The WORLD is GOING TO END for YOU & YOUR COMPUTER!!!" No drama... After his earnest (such effort he had to put into it....) search, I was told to run ComboFix and he sent it to me in an e-mail. That Snap.do was a known virus, deeply embedded in my computer & ComboFix was the only thing to correct it. WHO told me this you ask? My Ex-Fiancee who is a SuperGeek and is usually right about this sorta stuff. OMG, WHY did I listen THIS time??? :hysterical:

Problem: Ran ComboFix according to directions... It has been sitting at the "CMD" window telling me it is "Preparing Log Report. Do not run any programs until ComboFix has finished" for SEVEN HOURS now. Your directions say be patient.... I don't think you meant THAT patient, DID YOU? :o

Please advise, as this is (of course) my only computer and I'm a full time college student... No matter to you guys, huh?

Thank you for your assistance in advance!!!

Humbly,

PerkyVixen


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 PM

Posted 22 October 2012 - 04:08 PM

Hello PerkyVixen,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.




1.

Combofix is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.


This is a direct quote from the author and owner of Combofix.

Please reboot your machine. Force reboot it if you have to.
There should be a log located at C:\Combofix.txt


2.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

3.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things to include in your next reply::
Combofix.txt
ADWcleaner log
TdssKiller log
DO you have a USB Flash Drive you can use?
How is the computer running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 PerkyVixen

PerkyVixen
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 22 October 2012 - 05:46 PM

Bonjurno "Bleeping Fireman!" How goes it today? I will say I have had somewhat of a frustrating day, as I have been at school all day, and my computer has been sitting with the same screen (not really, I turned my monitors off!) for 21 hours!!! I finally took a leap of faith, closed the "cmd" box, shut down the computer, let the drive spin down, restarted, and it appears to be running like a champ.

However, I am heeding your sage advice, and I will follow your instructions to the letter!!! "Pinkie Swear!!!" And in answer to your question "Do I have a USB Flash Drive I can use?" - Come On??? When is the last time YOU were in College - I have about 8-12 USB's on me at one time!!! The two I'm using most frequently right now are BOTH 62GB, and are about 3/4 full! THEN, I have TWO 1 Terabyte Portable HD's just in case I get in a bind!

So, leaving the sarcasm behind, yes, fair fireman, I have a USB available, and had planned to use it with the exception of the programs which you are instructing me to download. One caveat I must ask for, humbly, I'm afraid. I know you responded to me in STELLAR time, and for that I am ETERNALLY grateful!!! Thank you for living up to your name and coming to the aid of a "damsel in distress... **** oh.. I feel faint*****" AHEM, sorry.... got caught up in the moment! :offtopic:

I have 4 tests, one paper and three web pages ALL due by midnight tonight (literally) and because I did not have the utilization of my trusty computer last evening, I'm in a crunch situation tonight. Will you allow me the courtesy of a 24 hour stay of execution??? Please? For a Red-Headed, Freckle-Faced, Irish Girl??? "The Luck 'O the Irish mae be upon ya!!!"

Seriously - I pulled an all-nighter last night for an Eight AM class this morning, and I've GOT to get this stuff nailed tonight. So if you promise NOT to hate me, I'll get on this either IN THE MORNING (I don't have anything (other than studying, of course) until 10:30 on campus, so I can get on it then - P-L-E-A-S-E???? With a Cute PerkyVixen on top???

Let me know, before I'm kicked out of the "cool kids club :cool: " when I just got in.... Man, that would really suck!

Thank you in advance for everything (Other than being kicked out of the "COOL KIDS CLUB!"

Busy like a wild woman,

PerkyVixen

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 PM

Posted 22 October 2012 - 09:09 PM

Please post the requested logs when you can!

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 PerkyVixen

PerkyVixen
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 26 October 2012 - 09:55 PM

Hey Fireman... I PROMISE I have not forgotten you!!! I've got to run this stuff POST HASTE because my computer is doing all kinds of really weird things... LOTS of 404 errors for no reason.... NOT saving my home pages, and I went into to IE to test a web page and "snap.do" was there!!!! (BTW, I had removed it from my Add/Remove programs). I have been sooo covered up with homework... I just alternate the days when I pull all-nighters now.... One all-nighter, the next night I sleep 3-4 hours, another all-nighter, next night, sleep.... you get the idea.

I WILL run it! Thanks again for your patience!

I DID GO VOTE today!!!

ttyl,
PerkyVixen

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 PM

Posted 27 October 2012 - 12:04 PM

The more you use this computer the more chances you have of infecting your machine even more. Let alone taking a chance of infecting everyone in your email list and every network you are using.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:28 PM

Posted 29 October 2012 - 10:48 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users