Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do-search


  • Please log in to reply
4 replies to this topic

#1 Saba154

Saba154

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 02 December 2013 - 10:53 PM

I have followed all the advise, except going into the registry and making changes, that I could find on this site. I have used Malware bytes Anti malware, superanti spyware free edition, and spybot. They have all found lots of things to delete...I deleted google chrome and firefox. I reinstalled chrome.I change my home page in explorer back to google and delete nation search.  I have rebooted more times than I can count. Do-search still opens in explorer but not in google chrome. Is There no way to rid this from my computer???



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:06 PM

Posted 02 December 2013 - 11:56 PM

Try to remove applications installed by "snap.do / Do-search" from your Control panel.

This is a SPAM program loaded by ReSoft.Ltd and was hidden along with another download.

 

First -
1. Go to Start > Control Panel.
Windows Vista 7 & 8: Right click on the bottom left corner and select Control Panel
Windows XP: Start > Settings > Control Panel.

 

2. Double click to open "Add or Remove Programs" if you have Windows XP, or "Programs and Features" if you have Windows 8, 7 or Vista).

 

3. In the program list, find and remove/Uninstall:
a. Snap.do (By ReSoft.Ltd.)

 

NEXT -
Remove "snap.do search" and snap.do toolbar from your internet browser application.
Select your browser(s) Internet Explorer, Google Chrome, Mozilla Firefox

 

NEXT -

Please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully. The tool will run for 20 seconds to 2 minutes

 

Important: Do not reboot your computer until you complete the next step.

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

NEXT -

Run ESETOnlineScanner Please reboot to Internet Explorer as the scanner uses ActiveX

Disable your Antivirus if required ..............
If you will not use Internet Explorer, please see 3 - 1 & 3 - 2
1 .Hold down Control (Ctrl) key, and click on This link to open ESET OnlineScan in a new window.
2 .Click the eset online button.
3 .For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- 3 - 1 .Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 3 - 2 .Double click on esetsmartinstaller_enu on your desktop.
4 .Check "YES, I accept the Terms of Use."
5 .Click the Start button.
6 .Accept any security warnings from your browser.
7 .Under scan settings, check "Scan Archives" and "Remove found threats"
8 .Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 .ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
* My last scan on my XP 80% free space took 1.20 hours
10 .When the scan completes, click List Threats
11 .Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12 .Click the Back button.
13 .Click the Finish button.
* NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Thank You -



#3 Saba154

Saba154
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 03 December 2013 - 08:16 PM

I could find anything with snap.do in it. I have used rkill and adwcleaner....do search didnot open in explorer. Here is the log and I will complete the nest step.

# AdwCleaner v3.014 - Report created 03/12/2013 at 20:04:51
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joan - JOAN-PC
# Running from : C:\Users\Joan\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ClickIT
Folder Deleted : C:\Program Files (x86)\Nation Toolbar
Folder Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Users\Joan\AppData\Local\Temp\Desk365
Folder Deleted : C:\Users\Joan\AppData\Roaming\DriverCure
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\System32\Tasks\SpyHunter4Startup
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Joan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Joan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zune-software_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zune-software_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Nation Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\Nation Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16736
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\wliydtih.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "do-search");
Line Deleted : user_pref("browser.search.selectedEngine", "do-search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://do-search.com/?type=hp&ts=1384204651&from=ild&uid=TOSHIBAXMK1059GSMP_X155P16VTXXX155P16VT");
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5245 octets] - [03/12/2013 19:57:51]
AdwCleaner[S0].txt - [4131 octets] - [03/12/2013 20:04:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4191 octets] ##########


#4 Saba154

Saba154
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 08 December 2013 - 01:18 PM

Thanks for the help.....my computer is finally back to normal!!!!



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:06 PM

Posted 08 December 2013 - 02:58 PM

Hi -
The items below were the main ones that carried that hijacking program -
Folder Deleted : C:\ProgramData\ClickIT
Folder Deleted : C:\Program Files (x86)\Nation Toolbar
Folder Deleted : C:\Users\Joan\AppData\Local\Temp\Desk365
Folder Deleted : C:\Users\Joan\AppData\Roaming\DriverCure
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\System32\Tasks\SpyHunter4Startup
 
Take care as more of these programs are being hidden in downloads, so you need to read the details -
 
Now -
Right click > Delete Rkill - Open AdwCleaner and hit Uninstall to remove the program and any items in quarantine.
 
Next -
Please download Temp File Cleaner by Old Timer
* Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
* Double-click on the TFC icon.
* Vista / Windows 7 & 8 users Right click on the icon and select Run as Administrator
* When the program opens, click on the Start button. 
* TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
* When done, press OK and reboot your computer to finish the cleanup.
 
Thank You -





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users