Help removing hijacker igetnet

[elbosco]

My very computer illiterate father somehow managed to infect my poor computer with malware. I removed the trojan horses easily enough, but Spybot/ad-aware/hijack this keep on detecting 3 redirecting commands contained in my host file. I've removed the lines from my host file, deleted the contents of my windows/temp and temporary internet file folders and yet they keep on coming back. What else can I do?

This is what is put into my host file:

69.20.16.183 auto.search.msn.com
69.20.16.183 search.netscape.com
69.20.16.183 ieautosearch
127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com


Edit:
I've tried both methods mentioned below and neither one worked. The corrupted host file comes back no matter what I do

**Update**

I finally ficed the problem. According to the folks over at lavasoft forums I had the latest version of vx2. After waiting for an updated version of l2mfix, using hijack this, and manually editing the hosts file my computer was finally cured, saving me a format and reinstall.

Thanks for the all suggestions.

 

[daniel49]

try this:

http://www.adoko.com/resource/IGETNET.asp

 

[mechBgon]

Download and install a 30-day trial version of Kaspersky Antivirus Personal 5.0 from http://www.kaspersky.com/trials. It's the best, and against downloaders and Trojans you'll probably need it.

Set Kaspersky's real-time and on-demand scanners to Maximum. Set its Configure Updater to use extended databases.

Also install the Microsoft AntiSpyware Beta software from http://www.microsoft.com.

edit: one more item, get WinSockFix for in case your Internet connection gets busted when you rip out the spyware.

Now.

1) Disable System Restore so stuff can't hide in it and then pop back out.

2) Disable your network/Internet connection.

3) Right-click My Computer > Manage > Local Users & Groups > Users. Right-click each user account and give it a strong password such as elbosco@AT so malware can't use the Admin accounts with a blank password.

4) Fire up the Microsoft AntiSpyware software, and run the full-system scan (not Quick Scan, full scan). Have it remove anything it finds (check the whole list and ensure it's not doing an Ignore on anything).

5) Reboot into Safe Mode.

6) In Safe Mode, run an exhaustive Kaspersky antivirus scan, as well as your antispyware tools (Microsoft's won't run under Safe Mode, but use Spybot Search & Destroy and Lavasoft Ad-Aware). This might take a while.

7) Reboot into normal mode and run all your scans again, see if you come up clean.

8) Make a Limited-class account named "Dad" and don't password-protect it. This will go a long, long way towards keeping him out of harm's way

 

[hertz9753]

I love Kaspersky anti virus. It was included with System Mechanic 5 Professional. I used Panda before. but for me this works better.

 

[elbosco]

Nope, neither method worked. The changes made to the host file keep returning

 

[elbosco]

anyone?

 

[daniel49]

sorry the first link didn't help .
Here are symantecs recommendations for manually removing the adware.
follow instructions explicitly.
http://securityresponse.symantec.com/avcenter/venc/data/adware.igetnet.html

 

[ribbon13]

Nuke and pave. This time ghost it right after you install everything.

 

[elbosco]

Thank you for the link daniel49 but I'm afaid none of those keys were present in the registry

 

[daniel49]

Originally posted by: ribbon13
Nuke and pave. This time ghost it right after you install everything.

lol, have to remember that one ribbon..


elbosco: heres an idea you might want to try???go to igetnet.com click on there support link and tell them to give you the info about how to get rid of there scum sucking spyware before you nuke and pave them.

:Q You might want to nice that up a little though

 

[daniel49]

did you do all 5 suggested steps? also symantec has an online scan that should include there updated definition files.

 

[daniel49]

Here also is a bit of freeware I found that claims to be able to detect igetnet.
Its called bazooka. http://www.kephyr.com/spywarescanner/index.html?source=appvisit


this is thier info page for igetnet adware
http://www.kephyr.com/spywarescanner/library/igetnet/index.phtml

this link also includes a link to Igetnets removal instructions.

gl, what did your dad download to get it you know?

 

[mechBgon]

I'm all for "nuke and pave" too, and using best practices from then onwards. As an academic point, you might want to look through the Services list and see what services are running and whether they're all from Microsoft or not. Start > Run > msconfig might help with that since it has a "hide all Microsoft services" checkbox to help discern what's what.

A HijackThis logfile might help too.

 

[elbosco]

Finally got it fixed!

 

[vikramyogaDOTcom]

Hi elbosco,
where do you get the latest version of l2mfix from? Also can you please provide detailed steps to fix this problem. Running into the same problem here

thanks

 

[mklos]

How did you get this fixed?

I have the exact same problem unfortunately. I've tried everything I can think of to get rid of it and nothing seems to work.