WTFDon
asked on
CLCKM.COM or Click2Find removal
My sister managed to get a malware infection on my computer. Now when I run any flash content with RealPlayer or Firefox, Internet Explorer 7 (which I don't use for anything unless I absolutely have to!) opens up to this link http://clckm.com/searchinfo?fp=%2F6aThAjcGiWQ2B1S%2BwFvKJtNupP6o2QUcZpyo46OY6d0VwjJ1OCfXWyCefua&pt=2&sp=2&vid=1201313561_3X01X1478346977&rpt=1&rm=1#
I have tried SpyBot, AdAware, avast!, an Kapersky online scan and walking through the registry all to no avail. I'm not the brightest bulb in the box, but I've been doing IT support for 17 years and I can't manage to rid of this crap. I see where someone else posted on EE trying to get help removing this and ended up loading a new image on the PC. I hope someone here has better advice by now... anyway your help will be truly appreciated!
Thanks!
I have tried SpyBot, AdAware, avast!, an Kapersky online scan and walking through the registry all to no avail. I'm not the brightest bulb in the box, but I've been doing IT support for 17 years and I can't manage to rid of this crap. I see where someone else posted on EE trying to get help removing this and ended up loading a new image on the PC. I hope someone here has better advice by now... anyway your help will be truly appreciated!
Thanks!
ASKER
As requested, here's a freshly created HiJackThis log file. Thanks for the quick response!
hijackthis.log
hijackthis.log
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi IndiGenus, it appears to be fixed. I followed the instructions from your link above and the problem still persisted. Even though it's not still causing me any problem, I uploaded the AVG report and HJT log file for prosperity.
The malware had gotten itself attached to a flash player I had downloaded named flvplayer but was using RealPlayer to lauch IE 7 to the clckm.com webpage. Here's how I got to my happy state: I removed and re-installed Adobe Flash, no help. I removed RealPlayer, no help. I removed the flash player and associated .flv files back to Windows Media Player and instantly I was able to view flash videos without IE lauching the Click2Find crapware. The file may still be on my computer somewhere but it seems that it is not actively working any more.
Since your suggestion got me moving in the right direction and I'm not having any problem at this point, I'm accepting your solution. Thanks for your help!
Report-Scan-20080126-124629.txt
hijackthis.log
The malware had gotten itself attached to a flash player I had downloaded named flvplayer but was using RealPlayer to lauch IE 7 to the clckm.com webpage. Here's how I got to my happy state: I removed and re-installed Adobe Flash, no help. I removed RealPlayer, no help. I removed the flash player and associated .flv files back to Windows Media Player and instantly I was able to view flash videos without IE lauching the Click2Find crapware. The file may still be on my computer somewhere but it seems that it is not actively working any more.
Since your suggestion got me moving in the right direction and I'm not having any problem at this point, I'm accepting your solution. Thanks for your help!
Report-Scan-20080126-124629.txt
hijackthis.log
ASKER
IndiGenus, if you're able to find anything else that might lead to the name and location of the file, I'd love to hear from you. Thanks again for your help.
Hmm that is interesting, nice work on your part finding the problem.
Question, where did you get the flvplayer from? Was it from a "trusted source" or....?
Question, where did you get the flvplayer from? Was it from a "trusted source" or....?
Not sure what the file is but you identified where it came from so I would make sure to avoid it in the future...
Good luck,
Dave
Good luck,
Dave
ASKER
The player had been working on my PC for about a month before the malware "infected" it. I wouldn't call it a trusted source since I downloaded it from download.com but I don't think it had any nasties in the beginning. My sister who is not blessed with much common sense went to some get-rich-quick site and told my NoScript Firefox add-in to allow everything so she could watch a video and that's when my troubles started. I'll forgive her one day :-)
Thanks,
Don
Thanks,
Don
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php
Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.