Solved Unable to remove virus/malware

[little Dom 12]

After running a spybot scan it comes up with 2 infections but is unable to remove them, it shows they are in the registry, the ones it can't remove/ keep coming back are called:

SafeSaver.BHO
W3i.IQ5.fraud

Malware bites cannot detect them yet spybot is showing them as a severe threat can anyone help me remove them or link me to something that can

 

[Golden]

I'm not entirely sure, but I think Spybot S&D isn't what it once was. I'd suggest checking with an alternative. Try the ESET on-line scanner - it is highly regarded.

Free Virus Scan | Online Virus Scanner from ESET

 

[cottonball]

The ESET online scan is a good program. However, it is a rather lengthy process, and can be used after we zero-in on the location of the malware in question.

Please use the tool that follows to get to the target issues...

Zoek:
Download > Download zoek.exe version 5.0.0.0
Click: Download Zoek.exe version 5.0.0.0 (Do not click .zip or .rar)

When the download shows, and you get the option to save, please do so to the Desktop.
Right-click zoek.exe and select: Run as Administrator (Give it a few seconds to appear.)

If your AntiVirus warns you about the program, either allow Zoek to run, or temporarily disable your AV program.
Info on how to disable your security applications > How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

Next, copy and then paste the entire script inside the code box below to the input field of Zoek:

createsrpoint; 
process; 
filesrcm; 
startupall; 
installedprogs;
installer-list; 
uninstall-list;
hijackthis; 
firefoxlook; 
chromelook;  
srinfo; 
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b

Now...

Close any open windows.

Click the Run script button and wait. It takes a few minutes to run all the script.

When finished, the zoek-results.log is opened in Notepad.
If a reboot is needed the log is opened after the reboot.

The log is also found on the systemdrive, normally C:\

:ar: Please post the zoek-results.log in your reply.

Thanks.


.

 

[little Dom 12]

Here you go:

https://www.dropbox.com/s/2uaqdfmhulqjihu/zoek-results.log

I ran the eset scan earlier and it found 3 malware files but none were what spyware was detecting, i have since run a spyware scan and it found the virus/malware again

 

[Britton30]

ESET can take time, that's how it can root our some difficult infections, at times.

You can upload files directly, more convenient.
http://www.sevenforums.com/tutorials/9733-screenshots-files-upload-post-seven-forums.html#post93869

 

[cottonball]

No signs of SafeSaver.BHO or W3i.IQ5.fraud.

Everything looked for came up blank.

What version of Spybot do you have installed?

 

[little Dom 12]

its version 2.1 (atleast thats what it says when i open it) guessing its a problem with spyware then if nothing else can find that particular virus

 

[cottonball]

There is a later version of Spybot Search and Destroy.

Please update your program.

Start the Update through the Spybot tray icon (on the lower right of your Desktop by the clock).

Right-click the Spybot 2 tray icon and select: Update

Next, run a scan, and see if you still get these goodies:
SafeSaver.BHO
W3i.IQ5.fraud

When done, please obtain a Spybot report.

After the System Scan, select: Save scan log
Its on the navigation bar on the left.
Save to the Desktop, and provide in your reply.


Thanks!


.

 

[little Dom 12]

Updated spybot to the latest version and run a scan and it reckons they are still there even after clicking fix and running a scan again

View attachment Scan Results.140118-0937.txt

 

[cottonball]

Aha! Good job.

There is nothing better than knowing what, exactly, is causing the problem. It beats looking at a crystal ball!!

:info: Please right-click Zoek.exe again, and select: Run as Administrator
Give the program a few seconds to appear.

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
Do not copy the word 'code'.

W3i;u
SafeSaver;u
[-HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\SProtector];r
emptyalltemp;
emptyclsid;

Note: This script is written only for use on this computer. Please do not use it on another computer even if the problems are similar!

Now...

Close any open windows.

Click the Run script button and wait. It takes a few minutes to run the script.

When finished, the zoek-results.log is opened in Notepad.
If a reboot is needed the log is opened after the reboot.

:ar: Please post the new zoek-results.log in your reply.

 

[little Dom 12]

here you go

View attachment zoek-results.log

 

[cottonball]

Please run Spybot again, and post its results.

This may all be a false detection.

Thanks!

 

[little Dom 12]

no sign of those 2 this time

View attachment Scan Results.140118-2016.txt

 

[cottonball]

Excellent!!

While we are at it, please download Security Check:
http://screen317.spywareinfoforum.org/
Save to your Desktop.
Double-click: SecurityCheck.exe
Follow the onscreen instructions inside the black box.

When done, a Notepad report opens automatically, it is called: checkup.txt

:ar: Please post the checkup.txt in your reply.
(Please do not take any corrective actions!)

 

[little Dom 12]

Here you go

View attachment checkup.txt

 

[cottonball]

This is a vulnerability you cannot afford to have:

:warn: Adobe Reader out of date!

Please download the latest version of Adobe Reader from:
here.

Once installed, launch it, select Help > Check for Updates, and install any updates.
Then, uninstall earlier versions of Adobe Reader:
Go to Start > Control Panel > Add/Remove Programs, and remove all older versions of Adobe Reader.


One the above is done, if you no longer have malware questions or problems, you are good to go!

Let's wrap up and remove the tools used and their reports. Since these tools are updated frequently, it is best to have their latest version.

Tools and Reports:
Zoek, and its zoek-results.log
Security check, and its checkuo.txt

Also, make sure your security software is ALL enabled and running!

Thanks for following all the instructions and providing the reports!!

Have a great year 2014, little Dom 12 !!

 

[little Dom 12]

Thanks for the help ive ipdated Adobe and at the moment have no more uninvited guests on my pc

 

[cottonball]

Glad to help!

 

[vipul1984]

scan result of Zoek

My all browsers are redirecting to "https://huasvsaier.ru", please help me in this regards.
Thanks
Vipul