safesearch homepage browser hijacker infection ****FIXED*****

[Mars]

Hi there, RogueKiller is the only app Iv found that can detect this regenerating infection, but it replaces itself constantly. How do I get rid?? Im starting to have system errors now..... eg. Cannot uninstall Mozilla?

Attached last scan, still there but cannot access Mozilla now.

[Mars]

ok iv managed to get Mozilla back, it was showing a 'Couldn't load XPCOM' message.

I went to Mozilla download page and downloaded it over the top of the old one and its updated and fixed itself, now just couple of 'profile' issues where the beast is lurking....

[Mars]

These are the 3 profiles for Mozilla that I need to 'clean' somehow, I dont know what files should be in there and what shouldnt; one must be a legit profile for me but infected, iv taken lots of screenies of whats contained within. Just doing a RK scan now to see what it picks up and will attach latest report shortly, thank you

[Mars]

Just scanned. It is the last 2 detections foundsitting in the IE and Mozilla areas... (Im ignoring the wordpad entries.)

[Curson]

Hi Mars,

Welcome to Adlice.com Forum.

I think there is a misunderstanding
The WPAD detections are false positives, they are legit entries.

Concerning the [PUM.SearchPage] ones :
PUM stands for Potentially Unwanted Modification. In your case, these entries are perfectly legit.
For more information, please read RogueKiller Documentation.

Regards.

[Mars]

Hi thank you, so its gone!!!???

And the profiles there are ok?

And the PUM RK is finding are ok to NOT remove??

I cant believe it!

[Curson]

Hi Mars,

I think so.
Do you want me to thoroughly analyse your computer to make sure ?

Regards.

[Mars]

This is my registry Hkey Users, does that look ok? I should be only user plus administrator back up account.

I wonder if it was gone before I purchased RK? I dont care, its a great program!

[Mars]

Hi Mars,

I think so.
Do you want me to thoroughly analyse your computer to make sure ?

Regards.

Would you? This has been giving me stress for over a month. Killed my pc had to factory reset lost a load of stuff.

[Curson]

Hi Mars,

The HKEY_USERS hive may contains multiple entries.
Please download Farbar Recovery Scan Tool (x86) and save it to your Desktop.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
  
• Please attach log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.
  

Regards.

[Mars]

ok will do thank you!

[Mars]

FarBar scan results.

I think when I reset to factory I gave the computer a different name than my old one?? That has affected restoring from back up. Can that be changed?

Thank you Im so impressed!!!

[Curson]

Hi Mars,

Yes, you can change your computer name at will : Change Your Computer Name in Windows 7, 8, or 10
Did you install Nanoheal Client yourself ?

Regards.

[Mars]

great!

no it was installed by tech support, not installed but still showing, thats where i heard of RK

[Curson]

Hi Mars,

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

How is the computer running now ?

Regards.