My Anti Spyware

News | Forum | Free Software | Online Scanners | Tutorials - HowTo

1. Been infected with spyware? Tell us about your problem.
2. Protect your PC from viruses, spyware.
3. For fast automatic spyware removal, try CounterSpy, SUPERAntiSpyware

How to remove safenavweb.com hijacker

Symptoms: system keeps popping up warning messages & launching Internet Explorer & directing it to safenavweb.com

For fix safenavweb.com malware, make follow steps:

Download HijackThis and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.

Download CCleaner. Double click on the file for install.
Download and unzip Avenger to your desktop.
Download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Start HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspkfxt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O21 - SSODL: hostctrl - {20D7F2C0-86AB-4F63-88E4-E3F4887E0CC1} - C:\WINDOWS\hostctrl.dll
O21 - SSODL: hstsys - {44195BC8-06C2-4D25-81E9-1607B1313715} - C:\WINDOWS\hstsys.dll

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Run Avenger.
Check the ‘Input script manually’ option. Click the Magnifying Glass icon. In the box that opens, copy,then paste the following text:

Files to delete:
C:\WINDOWS\ntspkfxt.dll
C:\WINDOWS\htunistock.dll
C:\WINDOWS\hostctrl.dll
C:\WINDOWS\hstsys.dll

Then click on ‘Done’.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Boot your PC again in Safe Mode.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).

You will be prompted : “Registry cleaning - Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.

The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.

Download the HostsXpert 3.7 - Hosts File Manager.

# Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
# Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
# Click “Make Hosts Writable?” in the upper right corner (If available).
# Click Restore Microsoft’s Hosts file and then click OK.
# Click the X to exit the program.
# Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Run CCleaner.

Click Analyze button. After scan your system, click Run Cleaner.

Reboot your PC.

Disable system restore to flush out infected restore points. Reboot your computer again. Turn on Windows System Restore. After that click START > ALL PROGRAMS > ACCESSORIES > SYSTEM TOOLS > SYSTEM RESTORE. click on “create new restore point” > click on NEXT and follow the prompts.

If you are still having problems with spyware after completing these instructions, then please follow the steps outlined in the topics linked below

Help | How to remove safenavweb.com hijacker
Spyware removal - Read Before Posting

10 Comments »

RSS feed for comments on this post. TrackBack URI

Hi,Great, worked as it says.
slight differences in the Hijacking checkmark options, but apart from that 100%

Comment by rusty — November 29, 2007 #
Hello, yes works perfectly fine! Certain fields require different checkmarks, but that requires simply some common sense. Worked very well.

Comment by strong — December 15, 2007 #
Thank you so much. This works. Your help is immensely appreciated. Don’t stop helping out others!

Comment by Cameron Hunter — December 25, 2007 #
Like the rest said, the hijacking checkmark options are slightly different, but yeah. Thanks a mil!

Comment by Nighthawkz — December 31, 2007 #
Excellent instructions… as others have stated it there were some minor differences, but the basic flow remains the same. Thank you.

Comment by Jay Hiremath — January 1, 2008 #
Thanks, this worked great for me. If you have this hijacker, look no further for a solution.

Comment by Sully — January 6, 2008 #
hi, i have mi pc infected too. I noticed too the differences in the checkmarks, but i\’m not able to determinate wich ones should i check. if you can help me or someone else i\’ll be very gratefull. thanks

Comment by augusto — January 7, 2008 #
Augusto, follow the steps: How to use Spyware Removal Forum - MUST READ

Comment by Patrik — January 7, 2008 #
Marvelous!two thumb up!..first time i get this problem…really frust!..first thing i think to solve it..just format my pc.hu3!…but i try your ways, it quit complex for me, but it done well!..thanks so much..(^^,)

MALAYSIA PC USER

Comment by mrjinggozzz — February 19, 2008 #
Worked a treat, thanks for this great assistance. I also noted many differences with the hijacking checkmark, and it helped me to get rid of a couple of nasty things lurking that I did not know about.

Comment by atrperth — February 24, 2008 #