U-search Malware Removal - help please

Viruses and worms
1

Hi Guys,

I’m another fool who found Groovedown too good to be true and now I’m having trouble getting rid of u-search. I used Malwarebytes which managed to remove some of the infection but it remains the default search in IE10.

I have followed the guidance on the sticky “Logs to Assist in Cleaning Malware” and attach the files mbam-log, OTL.txt and Extras.txt.

In the OTL.txt file there are two lines (Registry?) which reference u-search.

I will post the avast log next.

I would be most grateful for your help in getting rid of this infection.

Thanks

Chris

2

Also run AdwCleaner…!!
Instructions: http://forum.avast.com/index.php?topic=53253.0

3

This fix in conjunction with AdwCleaner should fix it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
IE - HKLM\..\SearchScopes\{A5D31807-CC14-46F5-8DF1-B7DF66CFD4BE}: "URL" = http://u-search.net/?a=1&e=1&q={searchTerms}
IE - HKU\S-1-5-21-2139887252-1024883632-3113565718-1001\..\SearchScopes\{A5D31807-CC14-46F5-8DF1-B7DF66CFD4BE}: "URL" = http://u-search.net/?a=1&e=1&q={searchTerms}
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
[2013/05/27 14:37:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/27 14:37:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/20 14:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - File not found


:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

4

Hi Guys,

Just a note to thank Essexboy for the script, which has rid me of the u-search problem, at last.

I’m really glad you guys are there for us idiots.

Best Wishes

Camfers

5

Run OTL and press the cleanup button to remove it and its associated files