Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove Spigot from my Win 8 PC


  • Please log in to reply
8 replies to this topic

#1 rosolem

rosolem

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 22 February 2014 - 03:04 PM

Hi,

 

Every time I open Google Chrome or Internet Explorer and I try searching for key word in the address bar it redirects me to Yahoo search rather than Google. No matter what I do with my Search Engine settings, it will always go back to Yahoo. I did some research on your website and I found that that this is caused by a malware/virus(?) called Spigot.

 

I have tried some of the software you listed in similar topics but I have not been able to get rid of it no matter what I tried.

 

I'd appreciate any further help!

 

Thank you!



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:04 AM

Posted 22 February 2014 - 03:36 PM

Hi,
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

-------------

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

-------------
 
How is the computer running after running these programs? Any redirects?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 rosolem

rosolem
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 22 February 2014 - 04:04 PM

Thanks for your prompt reply. Here is the logfile from AdwCleaner:

 

# AdwCleaner v3.019 - Report created 22/02/2014 at 20:59:38
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : rosolem - TUCSON
# Running from : C:\Users\rosolem\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : Application Updater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\rosolem\AppData\Local\Pokki
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKCU\Software\Classes\*\shell\pokki
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\Folder\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\rosolem\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1681 octets] - [07/02/2014 23:03:41]
AdwCleaner[R1].txt - [3277 octets] - [22/02/2014 20:58:34]
AdwCleaner[S0].txt - [1640 octets] - [07/02/2014 23:06:58]
AdwCleaner[S1].txt - [3174 octets] - [22/02/2014 20:59:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3234 octets] ##########


#4 rosolem

rosolem
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 22 February 2014 - 04:18 PM

and here is the logfile from Junkware Removal Tool. This is not my main laptop so I can't really say much whether it is now running faster or later than before. I was also trying some different softwares before posting this message (e.g., CCleaner and Malwarebytes). I am still having issues with the Yahoo search bar, though (I want to reset it to Google).

 

Thanks again!

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by rosolem on 02/22/2014 at 21:19:20.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/22/2014 at 21:24:05.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Edited by rosolem, 22 February 2014 - 04:27 PM.


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:04 AM

Posted 22 February 2014 - 04:35 PM

Hi,

Please reset Chrome using these instructions: https://support.google.com/chrome/answer/3296214?hl=en-GB
Also reset IE using these instructions: http://support.microsoft.com/kb/923737

Any improvement after this?

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 rosolem

rosolem
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 22 February 2014 - 05:41 PM

Hi,

 

It looks like those steps actually solved the issue. Many thanks.

 

I was also wondering if you could recommend some free Anti-Virus and Anti-Malware protection for my PC. I am currently using AVG free and a few applications from IObit such as Malware Fighter and System Advance Care. As I said, I also have Malwarebytes. Are there any other software that can provide me protection.

 

Once again thanks for helping!



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:04 AM

Posted 23 February 2014 - 10:22 AM

Hi,
 
Okay, good to hear.
 
See here on iobit, personally I do not recommend the program.
 
Other than that, Malwarebytes and your antivirus should be good together.
 
Let's see if your programs are up-to-date:

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 rosolem

rosolem
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 23 February 2014 - 05:45 PM

Thanks for the information about iobit. Here is the logfile from Security Check:

 

 Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
Windows Defender                  
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:04 AM

Posted 24 February 2014 - 11:42 AM

Hi

 

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
§  Microsoft: Unprecedented Wave of Java Exploitation
§  Drive-by Trojan preying on out-of-date Java installations
§  Ghosts of Java Haunt Users
You may want to read these before you update, as most users do not use Java and have no need for it to be on their computer:
You don't need Java
W3Techs usage statistics and market share data of Java on the web
 
If you want to use Java, then please follow these steps to remove older version Java components and update:
§  Download the latest version of Java and save it to your desktop.
§  Close any programs you may have running - especially your web browser.
§  Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
§  Check (highlight) any item with Java in the name.
§  Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
§  Repeat as many times as necessary to remove each Java version.
§  Reboot your computer once all Java components are removed.
§  Then from your desktop double-click on the Java installer to install the newest version.
§  If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run as Administrator.
§  When the Java Setup - Welcome window opens, click the Install button.
§  If offered any unwanted software or toolbars during installation (such as the Ask Toolbar); just uncheck the box before continuing unless you want it.
§  Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature, and you will not have to remember to update when Java releases a new version.
 
-------------
 
Your version of Adobe Reader is out of dateOlder versions have vulnerabilities that malicious sites can use to exploit and infect your system.
 
Please follow these steps to remove older version Adobe Reader components and update:
§ Download the latest version of Adobe Reader and save it to your desktop.
§ Close any programs you may have running - especially your web browser.
§ Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
§ Check (highlight) any item with Adobe Reader in the name.
§ Click the Remove or Change/Remove button and follow the onscreen instructions for the Adobe Reader uninstaller.
§ Reboot your computer once Adobe Reader is removed.
§ Then from your desktop double-click on the Adobe Reader installer to install the newest version.
§ If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then run as Administrator.
§ If offered any unwanted software or toolbars during installation (such as the McAfee Security Plan Plus); just uncheck the box before continuing unless you want it.
§ Adobe Reader is updated frequently. If you want to be automatically notified of future updates, or automatically have them installed then make sure to check the option in the installer.

 

-------------

 

Download 51a5ce45263de-delfix.pngDelfix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.


Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't need to copy and paste it into your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users