I was on my laptop earlier and using Firefox and noticed that when I was searching through the address bar it was using yahoo, even though it is supposed to be google. I tried on chrome and had the same issue, where when you open the browser it opens “http://search.yahoo.com/?type=714647&fr=spigot-yhp-ch” and all searches use yahoo.
I looked at my program list and noticed something installed by spigot and promptly uninstalled it. I then scanned with avast and MBAM and they said there were no infected files. However when I went to use the browsers again the same page opened and the default search was still yahoo. I did some searches and looked for the purported “searchsetting.exe” in my registry and looked for anything spigot in my program files and for any other symptoms of spigot infection and found nothing.
I am a bit concerned as don’t know how serious this spigot thing is and I am a bit confused as to what to do next. I would really appreciate any help.
Also how serious is this spigot malware/virus? Do I have to worry about my personal information and online accounts/passwords being compromised? Do I have to change passwords for all my important sites/accounts?
Oh okay so I take it it isn’t that serious? I just get kinda paranoid with every little infection. I usually try to be very vigilant with my comp security but my roommate still manages to picks some stuff up when he downloads stuff.
Thanks Pondus, I can wait a bit, I gotta catch some sleep right now anyway.
som info on one variant… and they can be a pain to remove
Widgi Toolbar by Spigot is a program that loads its gadget into your Internet browser without asking for approval. Due to this invasive process, security experts include it in the list of adware. Its origin can be a mixture of online tricks. It uses other software that will appear essential when you are viewing online videos or downloading any software. Makers of Widgi Toolbar usually embed the code to program not known to many.
With this I didn’t get any toolbar or anything, just the startup page and default search engine changing. What surprised me was even through numerous scans with Avast and MBAM it never showed up on any of them.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
CHR - homepage: http://search.yahoo.com?type=714647&fr=spigot-yhp-ch
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [] File not found
FF - user.js - File not found
:commands
[CREATERESTOREPOINT]
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.[/list]
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
.
Please download zoek.zip ( http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop. Unpack the archive…
[list]
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool . Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool . Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
I stopped zoek and restarted my comp but my homepage for chrome is still "http://search.yahoo.com/?type=714647&fr=spigot-yhp-ch"and the default search is still yahoo but it seems that Firefox is no longer afflicted as my default homepage is no longer the URL above and my default search engine is google again. I am a bit unsure what to do at this point.
Okay I ran the Zoek Script and when I booted both chrome and firefox it went to their default pages, new tab and welcome to firefox, respectively. My Chrome extensions are gone and everything there is set to default, but my firefox add-ons are still there (which is okay because I just switched to FF anyway).
I have attached the log from the zoek script. It seems like it is gone but is there a way to be sure? I would just like to make sure before I start entering passwords for email/social sites and any CC info.
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt) Note: The report will also be stored on C:\DelFix.txt