• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

arabeyes and arabyonline Malware/hijacker issue

Status
Not open for further replies.
P

pacquit0

New member
My computer unit has been infected with a hijacker/malware named "arabeyes" and "arabyonline" and it was adminitratively embedded on my google browser's search engine. I already scanned my unit using spybot and any other scanners available out there like (malwarebytes, adwcleaner, revouninstaller, kaspersky, avast, avira and even try spyhunter4 but unluckily it needs to be paid first before you can remove it). I manually remove it on the regedit by searching the string "arabyonline" and delete all the registered keys there but still no use. Please give me an idea to remove this hijacker/malware. I am patiently waiting for your reply and kind heart. Best Regards.

Admin Edit
:) Link to forum FAQ https://forums.spybot.info/showthread.php?288
 
in addition to the post this is the picture of the said hijacker embedded on my browser.
 

Attachments

  • issue.jpg
    issue.jpg
    54.9 KB · Views: 7
Please back up your registry!

Backup the Registry:
Credit: Dakeyras

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
TCRB-1.jpg


  • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
TBRB-2.jpg


  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features be viewed HERE


``````````````````````````````````````````````````````
Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs

Farbar Log

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note:
You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

(A simple way to check your system: Start --> Computer (right click) --> Properties
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked

  • Do not check
    *List BCD
    *Drivers MD5
    *Shortcut txt
Or your logs will be too long to post.


  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"
  • Please copy and paste logs into your topic.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please post that along with the FRST.txt into your reply.


aswMBR Log

Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.

Please download aswMBR to your desktop.


  • Double click the aswMBR icon to run it.
  • If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) logs.
 
You can remove the add-ons or extensions from your browser(s) and also change your default search and homepage back to its original settings.

Please restore your browsers:

Internet Explorer

- Open Internet Explorer, click on the gear icon at the top (far right), then click again on Internet Options.

- In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button.

- In the Reset Internet Explorer settings section, check the Delete personal settings box, then click on Reset.

- When Internet Explorer finishes resetting, click Close in the confirmation dialogue box and then click OK.

- Close and open Internet Explorer.

Mozilla Firefox

-At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu (on Windows XP, click the Help menu at the top of the Firefox window), and select Troubleshooting Information.

- Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.

- To continue, click Reset Firefox in the confirmation window that opens.

- Firefox will close and be reset. When it’s done, a window will list the information that was imported. Click Finish

Google Chrome

- Click the Chrome menu on the browser toolbar.

- Select Settings.

- Click Show advanced settings and find the "Reset browser settings” section.

- Click Reset browser settings.


Please see the following link(s) for more information on removing this threat:
http://malwaretips.com/blogs/arabyonline-com-virus-removal/
 
Status
Not open for further replies.
Back
Top