browser hijacked by - SearchSettings.exe

HI
I recently downloaded a piece of software throe cent download and my Google chrome search engine had changed to yahoo and i notice also ther are some new extensions installed as well. I than noticed that my task bar is flashing a new software called SearchSettings.exe.
After researching it and establishing that is a browser hijacked, i found a thread on Google forum that suggested to remove the folder in program files containing the SearchSettings.exe and un-installing it.
I did that and removed the extensions and changed the default search engine back to chrome i than scaned the system with my avast software and browser clean-up and run a adw cleaner scan as well.

Every thing looks ok now however im a bit concerned is my browser safe to use now as i use this computer for online banking???

Please Advise.

Hello

Accommodate your adwcleaner report on http://cjoint.com and give the link obtained in exchange here ( dont write your email on cjoint.com )

Scan using MBAM as well. I know it has a good history with infections. Although I’m not sure about Toolbars.

And Attach the .txt files of MBAM and any other cleaners you use for inspection of Essex or another Techie

I prefer to see in the first one the report of adwcleaner, malwarebytes detect much fewer things than adwcleaner in adware

I know, that’s why I said not sure how it does against Toolbars. I wouldn’t mind having a look either. Looking to learn about viruses without actually catching one.

And then there will be still rests to remove with diagnostic one followed of a script personalized to return the totally clean browsers

We should probably just let Essex take care of him. Instead of us giving different information.

I know what I’m doing, I know the infections, their way of functioning, I am to devoloppeur of tools of desinfection and I have 130 000 comments on other forums of desinfection

the link to the adwcleaner report sorry its in polish couldn’t find the language options :slight_smile:
http://cjoint.com/13jn/CFfufb3x4vg.htm

follow essexboys guide. http://forum.avast.com/index.php?topic=53253.0

and then you will also get help from a trained and certified malware remover. :wink:

Also the OTL report link :slight_smile:
http://cjoint.com/13jn/CFfuLEh4VLH.htm

and the aswMRB one :slight_smile:
http://cjoint.com/13jn/CFfuPD2vkpe.htm

You look to have cleared it all … Are you experiencing any problems ?

AswMBR is not useful everytime. it is useless to use tools when we are not sure that they are essential to the disinfection

… OK…

Redo OTL with this configuration please :

If you have XP = > double click
If you have Vista or Windows 7 / 8 = > right click “as administrator”

On OTL.exe to Launch it.

Click here to configure it : http://www.archive-host.com/files/1897388/ecd939269bcc7cdfed2d2e726c22709a32db3067/OTL.PNG

Copy and Paste the contents of what follows in bold face in the bottom of OTL “Customization”(“Personalization”)

HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
%Homedrive%*
%Homedrive%*.
%Userprofile%*
%Userprofile%*.
%Allusersprofile%*
%Allusersprofile%*.
%LocalAppData%*
%LocalAppData%*.
%Userprofile%\Local Settings\Application Data*
%Userprofile%\Local Settings\Application Data*.
%programFiles%*
%programFiles%*.
%Systemroot%\Installer*.
%Systemroot%\Temp*.exe /s
%systemroot%\system32*.dll /lockedfiles
%systemroot%\system32*.exe /lockedfiles
%systemroot%\system32*.in*
%systemroot%\Tasks*
%systemroot%\Tasks*.
%systemroot%\system32\Tasks*
%systemroot%\system32\Tasks*.
%systemroot%\system32\drivers*.sy* /lockedfiles
%systemroot%\system32\config*.exe /s
%Systemroot%\ServiceProfiles*.exe /s
%systemroot%\system32*.sys
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndisuio.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT

Click on “Analyse”

At the end of the scan, the Pad is going to open with the report (OTL.txt) and (Extras.txt).

This file is on your Desktop.

Give the links of both files onto cjoint.com

No everything looks ok.
The deleting of the SearchSettings.exe and removing extensions in chrome seemed to do the trick and after i scanned the system and run adwcleaner and system restarted it all looked good.
I just want to be certain the computer is safe to use.
Because if there’s doubts i would probably format and reinstall the system however i would prefer not to since it would take ages to instil all the software and games back on :slight_smile:

I don’t think that you need to format
do what I put above I think that we can again remove infections

@ g3n-h@ckm@n

Can you please write to us ( or to me at PP ) your malware removal qualifications?
In what forums are trained for malware removal?

@ bart1048
essexboy has took your case and you do follow his instructions to the letter.

immediately

Thanks. :wink:

done !