Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't remove "Safesearch" locked by Admin [Solved]

SafeSearch Malware removal

  • This topic is locked This topic is locked

#16
mmic279

mmic279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Sorry. Forgot about that. I just needed to get the Anti-virus app on here. My fault.

It took a bit, but I was able to get the last step done.

MalwareBytes ran and zero threats were detected.

 

Now that I already set up and scanned with Kaspersky anti-virus, do you still think I need ESET or Security Check? Seems like I should be good now, right?

 

See last MBAM scan log below. 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/13/2016
Scan Time: 7:49 PM
Logfile: MbamScanLog.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.07.13.13
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Mark
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 491197
Time Elapsed: 35 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

Advertisements


#17
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Sorry. Forgot about that. I just needed to get the Anti-virus app on here. My fault.

It took a bit, but I was able to get the last step done.

MalwareBytes ran and zero threats were detected.



Now that I already set up and scanned with Kaspersky anti-virus, do you still think I need ESET or Security Check? Seems like I should be good now, right?


Hello :)

No worries, and glad to see the MBAM scan is clean. Please run the ESET scan as it's a very deep and thorough scan. Also, SecurityCheck is needed as well. It's designed to scan to make sure that some programs are up to date.

Please post the logs for those 2 programs upon completion and we'll proceed. :thumbsup:

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

ESET Scan Log

SecurityCheck Log

  • 0

#18
mmic279

mmic279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I opened Internet Explorer to do the next step with ESET, but I saw it opened with "SafeSearch" in the the search bar (http://www.safesear.ch/?type=szs),

I don't have Firefox and would rather not add another search engine. 

Should I just use the IE 11 I have now?

 

Thanks, 

Mark


  • 0

#19
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I opened Internet Explorer to do the next step with ESET, but I saw it opened with "SafeSearch" in the the search bar (http://www.safesear.ch/?type=szs),
I don't have Firefox and would rather not add another search engine. 
Should I just use the IE 11 I have now?
 
Thanks, 
Mark


Hello :)

Yes, proceed with that I.E 11. : thumbsup:
  • 0

#20
mmic279

mmic279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I clicked the link you sent, it opened in chrome. I copied the URL to IE11, but there was no button or bar that looked like that below, and nothing started when I clicked the "SCAN NOW" button or when I clicked the "FREE DOWNLOAD" button. In Chome it did download when I clicked "SCAN NOW", but I did not install it. When you scroll down another button says "FREE 30 VIRUS PROTECTION", but nothing happened when I clicked that either. Not sure why. Pop-up blocker maybe? None of the button though look like the one below.

 

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg

  • Select the option YES, I accept the Terms of Use then click on Start (it never started)

  • 0

#21
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Ok, it looks like my instructions need revising, as they've changed the layout. Please make sure any pop up blockers are turned off. I'm using FF and these instructions worked. However, if they do not work in IE, please skip this step and move to the SecurityCheck scan.


When you click Scan Now you should get a download for the file esetonlinescanner_enu.exe started.

When it completes downloading, double click on it to start it, and you'll get the Terms of Use box on your screen. Click on Download the latest version of ESET Online Scanner.

Click Accept and the latest version will begin downloading.

When completed, the Computer Scan Settings box will appear. Click on Enable detection of potentially unwanted applications. Then click Advanced Settings

Place checkmarks in Enable detection of suspicious applications, Scan Archives, and Enable Anti-Stealth Technology.

Do not place a checkmark in the Clean Threats Automatically box.

Click Scan and it will begin downloading the latest virus database.

Please post the log when completed.
  • 0

#22
mmic279

mmic279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Tried ESET Scanner. It showed 4 threats but finally froze. So, I killed it. I looked for ESET folder to see if I could get the log file, but there is no ESET folder.

I was watching it. So, I believe I deleted the threats in Local App Data folders. They looked to be old gaming folders. I will try to run it again later. 

 

I opened IE 11 again. It was waiting for "safesearch.ch", but nothing happened. I changed the home page to "google.com" and closed and reopened. When it reopened it opened to an empty page and nothing came up. It just keeps trying to update, but nothing displays. I clicked on the HomePage button, but nothing happened. It tried debugging but I don't have visual studio. Anyway, IE isn't working at all any more. Also, I saw "RootFiddle" kit certificates in IE that had DO_NOT_TRUST google. Never seen those before. I can't even open IE Options to see the certificates anymore. 

 

I will run the Security Check by screen317.

 

Thanks for the help.

Mark


  • 0

#23
mmic279

mmic279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Security Check log.

 

 

 

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Total Security   
Windows Defender           
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Google Chrome (51.0.2704.106) 
 Google Chrome (SetupMetrics.pma..) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Total Security 16.0.1 avp.exe  
 Kaspersky Lab Kaspersky Total Security 16.0.1 avpui.exe  
 Kaspersky Lab Kaspersky Password Manager 8.0.4 kpm.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

  • 0

#24
mmic279

mmic279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I rebooted. I opened IE 11 again. It open up to "http://www.safesear.ch/?type=szs"again. So, it is still there.

 

And, under Tools, Internet Options, Content Tab, Certificates button, under "Personal" tab it shows 4 certificates issued by "DO_NOT_TRUST_FiddleRoot".

 

Should I go back and re-run Malware Bytes?

 

Mark


  • 0

#25
mmic279

mmic279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Tried ESET Scanner again after uninstalling more programs and deleting all my large files in the downloads folder.

It showed 4 threats again, but it froze again. It scanned for over 90 minutes, 178,000 files, but I had to killed it again.

I looked for anything ESET to see if I could get the log file. I found the folders but didn't see the log file. 

It was so close to being done. Not sure what to do now.


  • 0

Advertisements


#26
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I rebooted. I opened IE 11 again. It open up to "http://www.safesear....type=szs"again.So, it is still there.



And, under Tools, Internet Options, Content Tab, Certificates button, under "Personal" tab it shows 4 certificates issued by "DO_NOT_TRUST_FiddleRoot".



Should I go back and re-run Malware Bytes?



Hello :)

The SecurityCheck log only shows one thing that needs attention, but we can hold off on that for a moment. Let's reset IE back to it's default settings and then check and see if that straightens it out.

We'll also hold up on ESET. :)

Please follow the instructions below to reset IE 11 back to it's defaults.

Reset Internet Explorer settings

Close all Internet Explorer windows. ...
Select the Advanced tab, and then select Reset.
In the Reset Internet Explorer Settings dialog box, select Reset.
When Internet Explorer finishes applying default settings, select Close, and then select OK.

If this does not fix it, please re-run MBAM and post the scan log. :thumbsup:
  • 0

#27
mmic279

mmic279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

IE looks good now. 

 

I did run ESET a third time yesterday and just let it go after it looked frozen. When I looked at it hours later it was no longer on the screen. Where would the log be if it did finish?

 

Next steps? 


  • 0

#28
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

IE looks good now.


:thumbsup:

I did run ESET a third time yesterday and just let it go after it looked frozen. When I looked at it hours later it was no longer on the screen. Where would the log be if it did finish?


According to ESET, they've changed the location of the log. The instructions below will provide the location.


The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. To view the log file, Show hidden files and folders must be enabled. New logs are appended to the existing log files when multiple scans are run.

The path to the log file is the following: C:\users\%userprofile%\appdata\local\temp\log.txt
  • 0

#29
mmic279

mmic279

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I found it. It lists the 4 infections found twice. How should I remove them?

And, since it never completed, should we try something else?

 

 

 

 

 

10:09:02 Updating
10:09:02 Update Init
10:09:04 Update Download
10:10:57 esets_scanner_reload returned 0
10:10:57 g_uiModuleBuild: 30107
10:10:57 Update Finalize
10:10:57 Call m_esets_charon_send
10:10:57 Call m_esets_charon_destroy
10:10:57 Updated modules version: 30107
10:11:07 Call m_esets_charon_setup_create
10:11:07 Call m_esets_charon_create
10:11:07 m_esets_charon_create OK
10:11:07 Call m_esets_charon_start_send_thread
10:11:08 Call m_esets_charon_setup_set
10:11:08 m_esets_charon_setup_set OK
10:11:08 Scanner engine: 30107
12:10:56 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.8.0
# EOSSerial=
# engine=30107
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2016-07-14 16:10:54
# local_time=2016-07-14 12:10:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1308 16777213 100 100 0 31791706 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 21401597 0 0
# scanned=0
# found=4
# cleaned=0
# scan_time=7195
sh=36F20DFF4EBAF611639ACB1E5D75795A3AA7354B ft=1 fh=0000000000000000 vn="a variant of Win32/AdSuproot trojan" ac=I fn="C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll"
sh=8BD4563655379CB271263D405C0C9F8970114FE8 ft=1 fh=0000000000000000 vn="a variant of Win32/AdSuproot trojan" ac=I fn="C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll"
sh=A5EAB09059BC195196DFCDFBB269CD9DDC1CDAF3 ft=1 fh=0000000000000000 vn="a variant of Win32/AdSuproot trojan" ac=I fn="C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll"
sh=11C3C55F6422523564C16AE7A0561FF172DF6EC3 ft=1 fh=0000000000000000 vn="a variant of Win32/AdSuproot trojan" ac=I fn="C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll"
16:24:23 Call m_esets_charon_setup_create
16:24:23 Call m_esets_charon_create
16:24:23 m_esets_charon_create OK
16:24:23 Call m_esets_charon_start_send_thread
16:24:23 Call m_esets_charon_setup_set
16:24:23 m_esets_charon_setup_set OK
16:24:28 Updating
16:24:28 Update Init
16:24:39 Call m_esets_charon_setup_create
16:24:39 Call m_esets_charon_create
16:24:39 m_esets_charon_setup_set ERROR
16:24:39 Update Download
16:25:05 esets_scanner_reload returned 0
16:25:05 g_uiModuleBuild: 30111
16:25:05 Update Finalize
16:25:05 Call m_esets_charon_send
16:25:05 Call m_esets_charon_destroy
16:25:05 Updated modules version: 30111
16:25:15 Call m_esets_charon_setup_create
16:25:15 Call m_esets_charon_create
16:25:15 m_esets_charon_setup_set ERROR
16:25:15 Scanner engine: 30111
17:54:59 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.8.0
# EOSSerial=
# engine=30111
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2016-07-14 21:54:58
# local_time=2016-07-14 17:54:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1308 16777213 100 100 0 31812350 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 21422241 0 0
# scanned=0
# found=4
# cleaned=0
# scan_time=5391
sh=36F20DFF4EBAF611639ACB1E5D75795A3AA7354B ft=1 fh=0000000000000000 vn="a variant of Win32/AdSuproot trojan" ac=I fn="C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll"
sh=8BD4563655379CB271263D405C0C9F8970114FE8 ft=1 fh=0000000000000000 vn="a variant of Win32/AdSuproot trojan" ac=I fn="C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll"
sh=A5EAB09059BC195196DFCDFBB269CD9DDC1CDAF3 ft=1 fh=0000000000000000 vn="a variant of Win32/AdSuproot trojan" ac=I fn="C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll"
sh=11C3C55F6422523564C16AE7A0561FF172DF6EC3 ft=1 fh=0000000000000000 vn="a variant of Win32/AdSuproot trojan" ac=I fn="C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll"
18:51:15 Call m_esets_charon_setup_create
18:51:15 Call m_esets_charon_create
18:51:15 m_esets_charon_create OK
18:51:15 Call m_esets_charon_start_send_thread
18:51:15 Call m_esets_charon_setup_set
18:51:15 m_esets_charon_setup_set OK
18:51:17 Updating
18:51:17 Update Init
18:51:27 Call m_esets_charon_setup_create
18:51:27 Call m_esets_charon_create
18:51:27 m_esets_charon_setup_set ERROR
18:51:27 Update Download
18:51:52 esets_scanner_reload returned 0
18:51:53 g_uiModuleBuild: 30113
18:51:53 Update Finalize
18:51:53 Call m_esets_charon_send
18:51:53 Call m_esets_charon_destroy
18:51:53 Updated modules version: 30113
18:52:03 Call m_esets_charon_setup_create
18:52:03 Call m_esets_charon_create
18:52:03 m_esets_charon_setup_set ERROR
18:52:03 Scanner engine: 30113

  • 0

#30
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I found it. It lists the 4 infections found twice. How should I remove them?

And, since it never completed, should we try something else?


Hello :)

I'm sure we'll be ok not running it again, since you said it was gone when you came back. It didn't show anymore threats than the ones it's located. Let's remove the threats it found. Also, I have some information regarding Java. We'll run JavaRa to clear any outdated versions as well.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll
C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dl
C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Information and JavaRa

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java

Please read this article about Java.

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version.

javara_zpshnkbqglv.jpg


Things I need to see in your next post:

Fixlog.txt Log

  • 0






Similar Topics


Also tagged with one or more of these keywords: SafeSearch, Malware removal

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP