Spigot Removal

Hello.

I recently put together a new computer and have been installing programs. However, I wasn’t careful enough and I ended up getting Spigot on my computer. I noticed this first when opening chrome and getting a “someone has tried to change your home page!” message. I ran a scan with avast! but it did not detect Spigot for whatever reason.

Following the instructions from http://forum.avast.com/index.php?topic=53253.0 I ran AdwCleaner, Malwarebytes’ Anti-Malware, OTL, and aswMBR. AdwCleaner and Malwarebytes’ Anti-Malware detected nothing, even after running a full scan with Malwarebytes’ Anti-Malware after the quickscan found nothing, and I’m not sure if OTL or aswMBR did anything but from the fact “searchprotection.exe” is still running I doubt they did.

Even more worrisome, I can’t seem to update the Engine and Virus definitions or Program itself, as each time I get a “This package is broken” error message. I am running version 8.0.1489. I’m not sure as to what extent Spigot screws with my system and if it can block updates, but this isn’t making me feel any more secure.

I’ve attached the OTL log, if any others are needed please tell me since I’m having issues attaching multiple files apparently.

Oh I’m stupid, it was ScriptSafe that was blocking the multiple files. This should be everything needed then.

and I'm not sure if OTL or aswMBR did anything
they do nothing until instructed.... but first a removal expert need to see the log

removers are notified

Thank you!

Do you mind me asking for an ETA on that, and how successful they’ll be at removing it? From what I’ve learned about this shit, it can be stubborn to take out.

one is online already…he may take your case. :wink:

succsess… close to 100% case solving. :smiley:

Hi, :slight_smile:

Do you have Extras.txt log from OTL?

I do not. I did not see the file pop up the last time I ran the program, and it didn’t seem to save automatically anywhere. Let me run OTL again real quick.

Irrelevant for now. OTL will created Extras.txt only once. Please confirm if the problem is resolved after this OTLScript. :slight_smile:

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:commands
[CREATERESTOREPOINT]

:OTL
PRC - [2013/05/22 05:48:40 | 000,740,712 | ---- | M] (Spigot, Inc.) -- C:\Users\Admin\AppData\Roaming\Search Protection\SearchProtection.exe
O4 - HKU\S-1-5-21-3859096991-3752564451-105516432-1000..\Run: [SearchProtection] C:\Users\Admin\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)

:Files
dir /s /a "C:\Program Files (x86)\Temp" /c
dir /s /a "C:\Users\Admin\Searches" /c 
C:\Users\Admin\AppData\Roaming\Search Protection
ipconfig /flushdns /c

:commands
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

------------- NEXT --------------

Re-run OTL, click on QuickScan and attach here fresh OTL.txt logreport.

Looks like that did it! ;D Here are the logs to be sure.

That’s it. OTL log looks good.

Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only prevent infection, but it will immediately clean flash drive, memory card or external HDD.

Awesome, thanks! I’ll definitely be giving MCShield a go.