We help IT Professionals succeed at work.

Removing ASK.COM

imccoy
imccoy asked
on
I have a user that had ask.com an other spyware on her PC. I followed all of the steps on this page: http://forums.majorgeeks.com/showthread.php?t=139313 and it scans clean now. The problem is whenever she goes to a web page a second page pops up an tries to go to http:///#æÅ—.

I've deleted all cookies an temp files. Any suggestions?
Comment
Watch Question

Hi

Try:
Control Panel > Internet Options > Advanced > reset

Regards
Shahan AyyubSenior Software Engineer

Commented:
Try this:

1) Internet options-> Security tab -> Restricted ->Site Button
     Enter name of the site. i.e., http:///#æÅ—. (you mentioned)

2) Make sure your All Temporary Files and Cookies and History are cleared once.



Commented:
first use "clean tempfile" software to wipe out hidden temp files,

afrter that run "auruns.exe" to clean registy enty

then run "hijackthis" delete ask.com related entries

finally run the "registry mechanic" it'll delete unwanted registry entries automaticaly
  1. Click Start | Run, type in services.msc and press [Enter]. Look to see if you have an AG windows service. If so, then stop it first, then disable it.
   2. Click Start | Run, type in regedit and press [Enter]. Browse to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi ces". If you see "AGWinService" in the left pane, right-click it, select "Export", give it a filename of something like "C:\AGWinService_backup.reg" and click "Save". Now right-click "AGWinService" and select "Delete".
   3. Load and run HijackThis. Place a checkmark in the boxes to the left of the following three items:

          R3 - URLSearchHook: AGSearchHookClass -{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\ProgramFiles\AGI\common\agcutils.dll
          O2 - BHO: AGSearchHook Class -{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\ProgramFiles\AGI\common\agcutils.dll
          O23 - Service: AG Windows Service(AGWinService) - Unknown owner -C:\ProgramFiles\AGI\common\win32\PythonService.exe

      and then click the Fix Checked button.
   4. Close HijackThis (and whatever else you have open) and Reboot.

Author

Commented:
Sorry guys. I tried all your suggestions but nothing worked.

Anything else?
Top Expert 2009
Commented:
Can you post Combofix's logfile.
Also scan with Hitmanpro
http://www.surfright.nl/en/hitmanpro

Author

Commented:
I won't be able to work on it until this weekend. I'll get it posted ASAP. Thanks.
Commented:
You may like to try this site i use it a lot for Trojan removal and it does sound like a Trojan to me

http://www.windowsecurity.com/trojanscan/

And run a full scan in safe mode if possible

Author

Commented:
All were good suggestions, but none completely fixed the problem.