help needed to removve the snap.do nightmare

As the title says really, im desperatly trying to get rid of snap.do from opening up in new tabs, i’ve tried following several online guides to remove it and its still showing

Anyway let me know what logs etc you need to help me :slight_smile:

thanks

Wait for a qualified removal expert here to help you.
Did you get infected through downloading 7-zip?

polonus

i holestly cant remember, i have been putting the fix off for some time now and only using my laptop (uninfected) for internet use.

though i do have 7-zip installed…

follow guide
http://forum.avast.com/index.php?topic=53253.0

run in order listed AdwCleaner / Malwarebytes / OTL

attach logs…not copy and paste

done and done

malware removers will check Your logs…since all are in bed now, check back tomorrow :wink:

cheers!

Hi,

This OTLScript should solve your problem but we will run additional checks too.

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:Otl
IE - HKU\S-1-5-21-3395237873-323693151-3144948276-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=3372f67c-79e2-4914-b09f-716babb2991c&searchtype=ds&q={searchTerms}&installDate=27/03/2013
IE - HKU\S-1-5-21-3395237873-323693151-3144948276-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=3372f67c-79e2-4914-b09f-716babb2991c&searchtype=ds&q={searchTerms}&installDate=27/03/2013
IE - HKU\S-1-5-21-3395237873-323693151-3144948276-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=3372f67c-79e2-4914-b09f-716babb2991c&searchtype=hp&installDate=27/03/2013
IE - HKU\S-1-5-21-3395237873-323693151-3144948276-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=3372f67c-79e2-4914-b09f-716babb2991c&searchtype=ds&q={searchTerms}&installDate=27/03/2013
IE - HKU\S-1-5-21-3395237873-323693151-3144948276-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=3372f67c-79e2-4914-b09f-716babb2991c&searchtype=ds&q={searchTerms}&installDate=27/03/2013
FF - prefs.js..keyword.URL: "http://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=3372f67c-79e2-4914-b09f-716babb2991c&searchtype=ds&installDate=27/03/2013&q="


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

======= THEN =======

Please download zoek.exe (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this instruction.

  1. Open notepad and copy/paste the text present inside the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system



filesrcm;
startupall;
firefoxlook;
chromelook;


  1. Save notepad as zoekscript.txt

http://www.mcshield.net/personal/magna86/Images/zoekscript_big.gif

[*]Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag zoekscript.txt into zoek.exe.
Zoek will run. When finished, it will produce a zoek-results.log for you.
Note: It will also create a log in the C:\ directory named “zoek-results.log

Please attach it to your reply.

there was no log report created or reboot for the first fix

though it did say it had finished…

That’s Ok.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this instruction.

  1. Open notepad and copy/paste the text present inside the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system



emptyclsid;
ffdefaults;
C:\Users\phil\AppData\Local\Temp\sw594hue.dll;f
ipconfig /flushdns >> %temp%\log.txt;b
emptyalltemp;
autoclean;


  1. Save notepad as zoekscript.txt

http://www.mcshield.net/personal/magna86/Images/zoekscript_big.gif

[*]Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag zoekscript.txt into zoek.exe.
Zoek will run. When finished, it will produce a zoek-results.log for you.
Note: It will also create a log in the C:\ directory named “zoek-results.log

Please attach it to your reply.

How’s your computer running now? Any snap.do traces?

I will be online tomorow.

morning!

just done with antivirus disabled…

Create & run the above zoekscript from reply#9. Attach here fresh zoek log.

Done again, i think its worked this time as new tabs are just google :slight_smile:

If computer running fine, let’s remove used tools and preform some post cleaning.

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

I recommended you to keep Malwarebytes and to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

thanks for your help !