Spyware, Viruses, & Security forum


Help with 'Search Here'/'help.do' malware?

by septhen / January 9, 2013 8:49 AM PST

Hi, and thanks for taking time to read this post. Although I am yet to notice any adverse effects from this malware, I want to just get rid of it all and be able to use my computer safely again.

Alright, let me get right into the problem. I'll add now that my laptop is running Windows 7 Home Premium on a 64 bit OS, and I use Mozilla Firefox as my main browser.

The problems started when i stupidly downloaded an flv player from a dodgy-looking website. I should've known not to download from such a site, but went ahead anyway. However, after some quick reconsideration I stopped the installation process midway (after installing the setup files, which were apparently enough to infect my computer) and thought that the problem would end there.

I proceeded to re-open Firefox, and found that a 'Search Here' tab had appeared in the toolbar. Not really thinking much of it, I put Mozilla Firefox into Safe Mode which made the tab disappear, then put my laptop away and went to bed (different time zone).

I woke up this morning, got on Mozilla and found that my usual netVibes homepage had been replaced by a 'snap.do' homepage and that my default search engine had been switched to a 'snap.do' search engine. In a slight panic, I trawled the Internet looking for answers. Some sites suggested I remove the application 'snap.do' or Search Here - I couldn't find any such apps to uninstall. Other sites suggested processes on Firefox through which to remove the search engines - however, doing this only removes the visible part of the problem.

I tried to open Norton Antivirus, but an error message conveniently pops up whenever I try and open it (Error 8504, 104). The error message box looked fairly dodgy though, so it's obviously the virus.

I eventually downloaded a free antivirus program with 'Anvil' in the name,which I have forgotten the exact name of; and performed a full scan of my computer. Three threats were subsequently removed - however, the search engines were not. To be safe, I also restored my system to a previous backup.

Although the threats were apparently removed and my system 'restored', Norton continues to malfunction, I still have the 'Search Here' tab, and the Windows updates following the restoration failed to install. If anybody has encountered this virus, it would give me great pleasure to be rid of it once and for all. Thank you very much for any help and suggestions.

P.S. Am I able to add photos to my post, or do I need to reach a higher number of posts first? I have some screenshots of the errors I described.

Many thanks! Stephen

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: Help with 'Search Here'/'help.do' malware?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Help with 'Search Here'/'help.do' malware?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Re snap-do and search here
by mchainmchain / January 9, 2013 5:17 PM PST

Things to try: http://forums.cnet.com/7726-6132_102-5098912.html

An additional tool made to remove unwanted webware toolbars and browser hijacks here: http://general-changelog-team.fr/fr/downloads/view.download/2

Even tho the website is French, this tool is effective in removing the above malcreants.

You need to tackle the issue with Norton by uninstalling it and reinstalling if it continues to throw error codes. Here: https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=v62545568_EndUserProfile_en_us&product=home&pvid=f-home&version=1&lg=en&ct=us Be sure to follow all steps exactly.

Important tip: Be sure to back up all personal data before embarking on any cleaning routines. Norton Power Eraser is a very powerful tool, and can cause operating system damage if used improperly.

Once the system is free of malware and clean, we can then address the Windows Update failure issue.

AdwCleaner is safe to use, so try that first.

You may have a rootkit infection; running the tools in the first c|net link will either confirm the presence of a rootkit or will show you do not have one.

Unlike some antivirus forums, there is no posting requirement to attach or link to photos here. Instead of that, use a website such as mediafire or such and provide the link to your photo files in your next reply.

Suggest using a webutation add-on for FF here, to better avoid dodgy sites in the future: http://www.mywot.com/
AdBlock Plus is good as well: http://adblockplus.org/en/

Collapse -
About that AdwCleaner link...
by mchainmchain / January 9, 2013 6:13 PM PST
Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

Coming soon

Get behind the wheel with Roadshow

Love cars? Climb into the driver's seat for the latest videos, reviews, shopping advice and picks by our editors delivered to your inbox every week.