Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Sanity check: Did I clean everything?


  • Please log in to reply

#31
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Avg wasn't on the system, it had Windows Defender, which hadn't caught all the malware. I installed avg to hopefully fix that. I did some research, found that sometimes the Chrome problem comes from AVG. I did a complete removal of avg, using their special tool, and installed avast. The problem is still there.

 

A full avast scan finds no problems, the avast browser cleaner finds no problems, malware bytes finds no problems.

 

IE still has the redirect as well.

 

Computers are so much fun...  Did you ever hear the quote: If builders built buildings, the way programmers make programs, the first woodpecker to come along would destroy civilization" :-)

 

Jim


  • 0

Advertisements


#32
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Thanks for doing that AVG exercise :)

So as soon as you open Chrome you get the error ?

Have you tried to open in safe mode just to see ?
http://www.bleepingc...8-in-safe-mode/
  • 0

#33
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Thanks for doing that AVG exercise :)

So as soon as you open Chrome you get the error ?

Have you tried to open in safe mode just to see ?
http://www.bleepingc...8-in-safe-mode/

 

 

Ok, a little progress! I didnt think of a safe mode check for chrome or dragon. So, when I start in safe mode, the IE redirect is still there, but Comodo Dragon opens without any problems, and works just fine.

 

Jim


  • 0

#34
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Joe,

 

Interesting... Opening an closing Comodo Dragon while in safe mode seems to have fixed the problem when using it in full mode!

 

I'm re-installing Chrime to see if that will be the same.

 

Jim


  • 0

#35
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Okay,

 

Chrome installed, had the same preferences problem. Went into safe mode with networking, opened and closed chrome, restarted, and Chrome works fine. Huh...

 

Jim


  • 0

#36
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Restarted? So you're in regular mode and Chrome is working, or is it just working in safe mode
  • 0

#37
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Restarted? So you're in regular mode and Chrome is working, or is it just working in safe mode

 

Nope, Im back in regular mode. Installed in regular, had problem, rebooted in safemode with networking, opened/closed chrome. Rebboted into normal, Chrome worked fine.

 

Ill try a few complete shutdowns and reboots, and see if it resurfaces.

 

Jim


Edited by Jim Dearden, 22 May 2014 - 12:14 PM.

  • 0

#38
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Ok.

Do that and we will get to the redirect in IE.
  • 0

#39
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Joe,

 

Chrome and Comodo Dragon have survived multiple reboots and surfing, no problems have resurfaced. That's gotta be the wierdest fix I every come across. But, light at the end of the tunnel!

 

Jim


  • 0

#40
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts

Light at the end of the tunnel!!!


That's the oncoming train, didn't you know that :)

Where are we, what's left? The Internet Explorer redirect to Yaimo right ? and your finding files/ folders related to Yaimo correct?

Thanks
Joe
  • 0

Advertisements


#41
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

 

Light at the end of the tunnel!!!

That's the oncoming train, didn't you know that :)

Where are we, what's left? The Internet Explorer redirect to Yaimo right ? and your finding files/ folders related to Yaimo correct?

Thanks
Joe

 

...Due to budgetary constraints, the light at the end of the tunnel has been turned off...

 

All that's left is the Yaimo redirect problems!

 

Jim


  • 0

#42
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *yaimo*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#43
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Joe

 

Here's the log...

 

---------------------------------

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:23 on 24/05/2014 by Joyce McEachern 2
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
 
========== filefind ==========
 
Searching for "*yaimo*"
C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\searchplugins\yaimo.xml --a---- 2326 bytes [04:40 29/03/2014] [04:40 29/03/2014] 62CB6D1D0DADCF8F701494960D047D2E
C:\Users\Joyce McEachern\AppData\Local\Microsoft\Internet Explorer\DOMStore\SFY558B7\www.yaimo[1].xml --a---- 13 bytes [16:47 22/05/2014] [16:47 22/05/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Joyce McEachern\AppData\Local\Microsoft\Windows\INetCache\IE\YYV11SGO\yaimosearch[1].css --a---- 13023 bytes [16:47 22/05/2014] [16:47 22/05/2014] B87F0AD49B70920F9F45E856E80E4174
C:\Users\Joyce McEachern\AppData\Local\Microsoft\Windows\INetCache\IE\YYV11SGO\yaimov1[1].js --a---- 2127 bytes [16:47 22/05/2014] [16:47 22/05/2014] 62B79A4183E2D78568824974AED51D0E
C:\Users\Joyce McEachern\AppData\Local\Microsoft\Windows\INetCache\Low\IE\D1PXRN90\yaimosearch[1].css --a---- 13023 bytes [13:14 22/05/2014] [13:14 22/05/2014] B87F0AD49B70920F9F45E856E80E4174
C:\Users\Joyce McEachern\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UOXU0LRO\yaimov1[1].js --a---- 2127 bytes [13:14 22/05/2014] [13:14 22/05/2014] 62B79A4183E2D78568824974AED51D0E
C:\Users\Joyce McEachern\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JBYMNSMO\www.yaimo[2].xml --a---- 13 bytes [13:14 22/05/2014] [13:14 22/05/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Joyce McEachern\AppData\Roaming\Mozilla\Firefox\Profiles\searchplugins\yaimo.xml --a---- 2326 bytes [04:40 29/03/2014] [04:40 29/03/2014] 62CB6D1D0DADCF8F701494960D047D2E
 
-= EOF =-
 
Jim

  • 0

#44
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hi Jim,

Lets delete those files and see.

delete files
  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\searchplugins\yaimo.xml"
    rd /s /q "C:\Users\Joyce McEachern\AppData\Local\Microsoft\Internet Explorer\DOMStore\SFY558B7\www.yaimo"[1].xml
    rd /s /q "C:\Users\Joyce McEachern\AppData\Local\Microsoft\Windows\INetCache\IE\YYV11SGO\yaimosearch[1].css"
    rd /s /q "C:\Users\Joyce McEachern\AppData\Local\Microsoft\Windows\INetCache\IE\YYV11SGO\yaimov1[1].js"
    rd /s /q "C:\Users\Joyce McEachern\AppData\Local\Microsoft\Windows\INetCache\Low\IE\D1PXRN90\yaimosearch[1].css"
    rd /s /q "C:\Users\Joyce McEachern\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UOXU0LRO\yaimov1[1].js"
    rd /s /q "C:\Users\Joyce McEachern\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JBYMNSMO\www.yaimo[2].xml"
    rd /s /q "C:\Users\Joyce McEachern\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JBYMNSMO\www.yaimo[2].xml"
    rd /s /q "C:\Users\Joyce McEachern\AppData\Roaming\Mozilla\Firefox\Profiles\searchplugins\yaimo.xml "
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.
Joe
  • 0

#45
Jim Dearden

Jim Dearden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi Joe,

 

here's the latest...

 

I ran the batch file, did another system look, and the files were still there.

 

Ran the batch as administrator, same result.

 

I modded the batch file, turned echo back on, put a pause after each command line so that I could monitor the process. Most of the commands failed with "invalid directory".

 

So, I used the log file, and manually deleted the files. Cleaned out the recycle bin, and rebooted.

 

Ran another system look, and no *yaimo* files found.

 

Ran IE, Yaimo search page is _still_ there. Aargh...

 

Jim


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP