|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Search Assistant Browser Hijacker
Please help!! Can not get rid of the pest!! Went into Safe mode to try to delete...no good. Can't get rid of it through HJT. It shows up that its there, but I can't do anything about it. Is there a way to get rid of this through the registry? Thanks!!
|
#2
|
||||
|
||||
Welcome to CTH bsu74. What do you mean you cannot do anything about it? Please post your log.
Transferring to the Cyber Safety Forum. |
#3
|
|||
|
|||
Logfile of HijackThis v1.98.2
Scan saved at 10:34:11 PM, on 11/27/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Customizer XP\RAMIdle.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\Common Files\AOL\ACS\acsd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\America Online 9.0\aolwbspd.exe C:\Program Files\AIM95\aim.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Home Computer\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.americaonline.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = I can not get rid of the Search Assistant program. It will not remove from my program list and I am sure that no one in this house downloaded it! Is this not a browser hijacker? Thanks |
#4
|
|||
|
|||
Thanks for the welcome, also!! I am just glad to try to get some help. My tech guy is not any help at all!!
|
#5
|
||||
|
||||
Hi bsu74, those entries alone do not indicate a hijack. Can you post your full log please.
|
#6
|
|||
|
|||
Logfile of HijackThis v1.97.2
Scan saved at 7:18:19 AM, on 11/28/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Customizer XP\RAMIdle.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\Common Files\AOL\ACS\acsd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\America Online 9.0\aolwbspd.exe G:\!AntiSpy\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe Hi Ann Marie This is all that came up Hope that this helps Thanks |
#7
|
||||
|
||||
#8
|
|||
|
|||
Click Here to Order Online
Click Here to Order Online Click Here to Order Online * DLLCompare Log version() Files Found that Windows does not See or cannot Access *Not everything listed here means you are infected! ________________________________________________ O^E says: "There were no files found " ________________________________________________ 1,265 items found: 1,265 files, 0 directories. Total of file sizes: 241,378,522 bytes 230.20 M How's this look? Thanks for the help, Ann Marie! Also, when I downloaded Hijack This, it said that it is in a temp folder and I need to copy it to put it in my files. Could you please tell me how I do that? I haven't done something like that for a while. Thanks again!! Last edited by bsu74; November 29th, 2004 at 02:56 PM. Reason: Adding to message |
#9
|
||||
|
||||
Degsy has an excellent tutorial here that will help you bsu74. Alternatively, create a new folder on your Desktop, find HijackThis.exe, rightclick on it and choose Copy. Open your new folder and rightclick again and choose Paste.
|
#10
|
|||
|
|||
Ok, thanks. I figured out how to create the folder this AM, but I appreciate the help.
So, I still would like to know how to get rid of the Search Assistant program on my "Add/Remove Programs" list. I have tried safe mode...no luck. When I click on "Remove" it doesn't do anything. I did not put this on my computer voluntarily. Also, did my logs look free of hijackers? Thanks, much |
#11
|
||||
|
||||
I havent seen a log created with the latest version of Hijack This yet bsu74.
|
#12
|
|||
|
|||
I thought that I was using the latest version of Hijack This v.1 98.2 Right? Here is the log that I got from it. let me know if this isn't right, please. I downloaded this version just the other day. Thank you
Logfile of HijackThis v1.98.2 Scan saved at 12:49:38 PM, on 11/30/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Customizer XP\RAMIdle.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\Common Files\AOL\ACS\acsd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\AIM95\aim.exe c:\Program Files\interMute\SpySubtract\SpySub.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\America Online 9.0\aolwbspd.exe C:\Documents and Settings\Home Computer\Desktop\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.americaonline.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{757C5D40-D4BD-4BC2-AE3E-C0D85039E6F8}: NameServer = 205.188.146.146 |
#13
|
||||
|
||||
Your previous log was created using v1.97.2. Before we get rid of the entry in your Registry, I want to be sure that all is well.
Go here and download IEFIX.reg to your Desktop. Doubleclick on it and OK any prompt asking if you want to merge the file with your registry. Reboot and post a new Hijack This log. |
#14
|
|||
|
|||
You are the BOMB!!!! OK here is the latest "Hijack This" log. You know WAY more than the Tech person taking my money does!! Thanks!!
Logfile of HijackThis v1.98.2 Scan saved at 5:23:43 PM, on 11/30/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Customizer XP\RAMIdle.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\interMute\SpySubtract\SpySub.exe C:\Program Files\Common Files\AOL\ACS\acsd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\America Online 9.0\aolwbspd.exe C:\Program Files\AIM95\aim.exe C:\Documents and Settings\Home Computer\Desktop\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.americaonline.com/ O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{757C5D40-D4BD-4BC2-AE3E-C0D85039E6F8}: NameServer = 205.188.146.146 |
#15
|
||||
|
||||
Yep, your log looks fine now. If Search Assistant is still in Add/Remove Programs, go to Start > Run and type:
regedit then OK. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall. In the list of subkeys, you will see the names of all the programs that are in your Add/Remove programs list in Control Panel. If you have uninstalled any program and the subkey is still in your registry, select that subkey and delete it. NB Always back up your registry before making any changes. The easiest way to do this is to select the entry that you are going to delete and go to File and choose Export. Send it to your Desktop and if you have no further problems, rightclick on the reg file on your Desktop and delete it. Do NOT doubleclick on the file unless you want to put it back in your Registry. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Infected with home search assistant, search extender & shopping wizard | a6a14705 | Malware Removal | 5 | January 2nd, 2006 10:56 PM |
Cool Web Search/Buldog-search hijacker | Maddhatter | Malware Removal | 3 | December 15th, 2004 01:16 PM |
Home Search Assistant, Search Extender, Shopping Wizard | Bamahawkeye | Malware Removal | 18 | November 13th, 2004 06:38 PM |
shopping wizard, search extender, and home search assistant | aceetobee | Malware Removal | 1 | November 1st, 2004 04:52 AM |
search assistant | Berta | Windows ME | 4 | July 18th, 2004 04:50 AM |
All times are GMT +1. The time now is 03:09 PM.