Subscribe RSS
Home > Need Help > Need Help - Bing.Zugo Spyware/Virus?

Need Help - Bing.Zugo Spyware/Virus?

That is no longer true. Sign In All Activity Home Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc. × Existing user? Nothing on your machine indicates that you have such a problem. Thanks again for all the help, it's greatly appreciated.

Cancel Subscribe to feed Question details Product Firefox System Details Windows XP Firefox 3.6.18 More system details Additional System Details This happened Every time Firefox opened This started when... Mail Scanner;avast! But i will do that after i clean the pc. I have a virus and at first when I started windows normally, it would not bring up any icons or taskbar, and ctl+alt+del would not work either.

It may reboot your system when it finishes. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. Click View scan report at the bottom. That eliminated getting the Bing search bar every time I opened a new tab.

Web Scanner;e:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384] S0 uqtpbxog;uqtpbxog;e:\windows\system32\drivers\fgdxi.sys --> e:\windows\system32\drivers\fgdxi.sys [?] S3 avast! Register now Not a member yet? Portions of this content are ©1998–2017 by individual contributors. This is normal.

Again in program files, find and delete: Mozilla FireFox\searchplugins\bing-zugo.xml 5. Find the tool bar at the top left of your computer screen: "File Edit View History Bookmarks Yahoo Tools Help" 2. But something must have done it...whether it was the prefetch, or deleting AVAST or whatever. view publisher site scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3264) e:\windows\system32\WININET.dll e:\windows\system32\msi.dll e:\windows\system32\ieframe.dll e:\windows\system32\webcheck.dll e:\windows\system32\WPDShServiceObj.dll e:\windows\system32\PortableDeviceTypes.dll e:\windows\system32\PortableDeviceApi.dll

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This is to ensure that I am giving you the best possible advice. Hope this works for everyone! No matter what type of protection i use, my sister always seems to some how get viruses or infections.

Information on A/V control HEREWe also need a new log from the GMER anti-rootkit Scanner. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.--RogueKiller-- Download & SAVE to your Or do you actually have to use the program. It has just been simply installed on this machine, i just never removed it from the pc.

System restoration was an excellent idea! Two last pieces of advice. It takes less than a minute and is completely free! Edited by jeff matthews, 13 January 2012 - 08:50 PM.

If you'd like to assist in the fight against malware, click here The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing That's it, you're on your way to heaven...and don't take any wodden nickels. For your Firefox memory problems associated with "plugin.exe," I think you mean "plugin-container.exe." Firefox uses this program to keep a/v plugins from messing up the rest of your Firefox browsing experience. Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password?

It didn't work for me. Please help and Thank You in advance.Attached are the requested reports.attach.txtdds.txt Share this post Link to post Share on other sites gringo_pr    Staff Moderators 10,734 posts ID: 2   Posted Any help would be appreciated.I am also having browser redirects constantly.

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal

Every new tab in FireFox defaulted to the Bing search engine. Select all files and delete them. 2. Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe E:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Alwil Software\Avast5\AvastSvc.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Creative\Shared Files\CTAudSvc.exe svchost.exe Please do the following.

#In the location bar where you normally type in a web address, type '''about:config''' and hit Enter.

#In the filter at the top, type: '''keyword.URL'''

#Double click

CAUTION: Do not mouse-click ComboFix's window while it is running. Contents of the 'Scheduled Tasks' folder 2010-03-12 e:\windows\Tasks\Ad-Aware Update (Weekly).job - e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 08:10] 2010-03-11 e:\windows\Tasks\AppleSoftwareUpdate.job - e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . . ------- Supplementary Scan ------- . That may cause it to stall. **Note** When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. That is a question I've always wanted to ask.

Did you flush the contents of the prefetch folder as I had asked you? Back to top Advertisements Register to Remove #11 Sunyata Sunyata Constantly Learning Authentic Member 1,056 posts Posted 13 January 2012 - 05:28 PM Hello jeff mathews The file you uploaded Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. I tried all the stuff mentioned in different forums.

I wanted to say that before combofix ran, it came up with a message that stated that "Exploit:java/CVE-2008-5353.Zn" was a very dangerous exploit file and i think it removed it first


© Copyright 2017 All rights reserved.