Hijacked Search Engine:Heur.Agent/Gen-White &http://search.fantastigames.com/453

Viruses and worms
1

I downloaded, without my consent, a Search Engine called http://search.fantastigames.com/453 while downloading a Video Player called MPlayer.

http://search.fantastigames.com/453 took over my Internet Explorer Search Engine, which was Google.

http://search.fantastigames.com/453 also took over my Google Chrome.

I uninstalled the MPlayer and Fantastic Games program.

I used SUPERAntiSpyware, Malwarebytes Anti-Malware, and Avast! Full System Scan and Avast! Boot-time Scan to get rid of it.

SUPERAntiSpyware removed Heur.Agent/Gen-WhiteBox C:\PROGRAM FILES (X86)\FGICON\RES\FANTASTICINST.EXE.

This removal helped the IE Homepage; The http://search.fantastigames.com/453 Search Engine doesn’t appear, but I can’t get to my homepage and when I open IE the page is stuck and blank:

http://search.fantastigames.com/453 has still taken over the Google Chrome Program:

http://i1063.photobucket.com/albums/t512/jobber3/Capture4_zpsf963834d.png

http://i1063.photobucket.com/albums/t512/jobber3/Capture3_zps892ffd95.png

How can I get rid of http://search.fantastigames.com/453 and get my computer working normally again?

Scan Logs:

:-[ :-[ :-[

Avast!:

http://i1063.photobucket.com/albums/t512/jobber3/Capture_zpsd4760518.png

I tried Moving To Chest these two items but the Apply button doesn’t want to press and I can’t get it to work:

http://i1063.photobucket.com/albums/t512/jobber3/Capture2_zps949b56ca.png

2

try this, run the first program here. AdwCleaner and post the log here
http://forum.avast.com/index.php?topic=53253.0

files that can not be scanned are just that, it does not mean the are infected
avast have detected a compressed archive that will unpack to a very large file so it will not unpack and scan it

3
try this, run the first program here. AdwCleaner and post the log here http://forum.avast.com/index.php?topic=53253.0

Easy enough so far; ran it and attached log:

But http://search.fantastigames.com/453 has still taken over the Google Chrome Program.

Still getting the blank and stuck Homepage on Internet Explorer:

http://i1063.photobucket.com/albums/t512/jobber3/Capturehome_zpse3b50913.png

4

OK there may be something more…in the same guide http://forum.avast.com/index.php?topic=53253.0

scroll down to OTL, follow instructions and attach the log

Essexboy will then have a look inside… :wink:

5

Attached OTL.Txt (ANSI) and Extras.Txt (ANSI).

6

Unfortunately due to the way Chrome is programmed none of my tools can get into it… After this see if you can reset your search engine/home page in all browsers

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=101&systemid=453&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=101&systemid=453&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-404688496-49082429-2589388257-1002\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=101&systemid=453&sr=0&q={searchTerms}
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Files
C:\PROGRAM FILES (X86)\FGICON

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

7
•Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Question: When I run Quick Scan after reboot, should I select All Users and is there any script or text I need to paste in the Custom Scan Box???

8

no, you already run the fix…now we just need a new log :wink:

9

Here’s the log of the Quick Scan: OTL.Txt ANSI attached.

10

Are you able to reset Chrome home page and search engine ?

11

Yeah, I think I followed all the Google Instructions about setting the Search Engine on both plain Google for IE and then for Google Chrome.

Unfortunately, I’m still getting http://search.fantastigames.com/453 when I open Google Chrome.

This message box always pops up when I open IE 9; it doesn’t matter if I click Allow or Not Allow because my Homepage doesn’t appear.

http://i1063.photobucket.com/albums/t512/jobber3/Openingpage_zps19190287.png

My Homepage in IE which doesn’t appear anymore:

http://i1063.photobucket.com/albums/t512/jobber3/RoundAboutIEPage_zps89aa16bb.png

http://i1063.photobucket.com/albums/t512/jobber3/Google_zps665b5318.png

Google Chrome is still the Default Engine For Google Chrome; I still can use its Wrench Tool, and I still have all my Google Chrome favorite websites. But the Search Engine is not Google Chrome; it is Fantastic Games:

In the Set The Search Engine section, it just says Google; there’s nothing specifically that says “Google Chrome” which I thought is odd since it the search engine is called Google Chrome. Fantastic Games does not appear as a search engine option anywhere (including the Manage Your Search Engines option).

http://i1063.photobucket.com/albums/t512/jobber3/Chrome1_zpsd052e200.png

http://i1063.photobucket.com/albums/t512/jobber3/ManageSearchEnginesChrome_zps0745d6f0.png

There’s Google Chrome in the Wrench Symbol in the Upper Right Corner and Fantastic Games is the Search Engine.

A Hybrid which doesn’t allow you to search the internet with Google Chrome; you have to use Fantastic Games’ Search Engine:

http://i1063.photobucket.com/albums/t512/jobber3/FantasticGames_zps81d9581e.png

Any more fixes available for this???

Also, how big of a Security risk is having this http://search.fantastigames.com/453 on the computer???

12

It is an annoyance which you should be able to remove… The only alternative for chrome is to uninstall and then re-install

For IE9 go to control panel > internet options > advanced
Then press reset IE settings

13

I think you’re trying to dig too deep to fix your Chrome home page problem. Have you tried going to the Settings, then put check mark on “Show Home Button” . That would show you what home page you have set. I bet it would show that it’s “fantasticgames”. Click on “change” link, and set your home page to whatever you need. Hope this helps

14

I have never used chrome so any input is greatly appreciated ;D

15

Win 7 64bit

Changing the options in google chrome works temporarily. Malwarebytes and avast dont clear this redirect. Search on the web indicates the redirect is maliscious. That info could be false though. The redirect is a pain in the butt however.