• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Explorer and IE Hijacked

#1
Hi all

Im Havin Problem after problem Recently lol

ok My Browser when i click search has changed from the regular XP Search and also something called Mysearch Bar shows a toolbar at the top of IE allthough i have disabled it from view it is still there.

I have ran Lava soft Adaware latest updates etc, found a few things and got rid of them, ive ran Hijack this 1.9 and deleted known Entries and ive ran Aranea Spywizard but all aint gettin rid of the problem of the Explorer Search. i have attatched some pics, pls help and list all software free or Purchase which will help, Thanx

Ste_W
 

Attachments

Electronic Punk

willalwaysbewithyou
Staff member
Political User
#2
Open 'Add/Remove Programs' in the Control Panel. Select the 'My Search Bar' (MySearch variant), 'MyWay Speed Bar' (MyWay) or 'My Web Search Bar' (MyWeb) entry and click 'Remove'. For the MyWeb variant, be sure to also remove 'Fun Web Products Easy Installer'.

You can then reset your home page (Internet Options->General->Start Page) if it has been changed, and search settings (Internet Options->Programs->Reset web settings).
 

VenomXt

Blame me for the RAZR's
#3
try spybot search and destroy. other than that i dont know. i think its def spyware. maybe just new and needs some defs.

do what ep said lol he beat me to it.
 
#5
Ok So far i have Ran

Adaware 6 181 Pro
SpyBot
Noadaware
Spyware Doctor
Hijack This
Aranea Spywizard

But still i dont get my normal Search Back and spybot keeps telling me that that Search Assistant is changing something from (for example) fgkjhgkdhgskhk to qwqqljlnmnjk, they really are random letters?
Ive Used Norton System works to Cleanup Temp Files and i use the Wiping Wizard to Delete 2 of the contents in a folder called Upload Coal Live, one files remain in it an cannot be removed called "Itch Program" another folder called Xerox containing the folder "nwwia" cannot be normally deleted, i have no Xerox Products installed tho and also have never installed anything like upload coal live. The companies that do this crap should be destoryed lol Its really annoying!
 

Mainframeguy

Debiant by way of Ubuntu
#6
I think you may need to post up your HiJackthis! log - when you say you ran it you did not say if you had it fix anything. Could also try running in Safe Mode when you do all of this to make sure it's effective and running CWShredder too I guess cannot do any harm.
 
#7
Ok Using Hijack this i have created 2 logs, 1 being the Startup List and 2nd being the Hijack this Log of what it detects. the 3rd upload is just a jpeg version of the Hijack this log if its easier to look at...

Thanx
 

Attachments

#8
Just been in Safe Mode and Got Rid some suspiscious sounding Reg entries using Hijack this, other than that i deleted those 2 folders succesfully and stopped the ITCH program Startup.

First thing i did was log into the Admin User name which is only visible when in Safemode and i clicked "search" on my computer and the default search look for xp appeard, i then logged into my account which still has admin rites n did the same however the search didnt show the default search look!?

Whats goin on?
 

Mainframeguy

Debiant by way of Ubuntu
#9
I'm wondering now if this problem is partly caused because you are running from your D: drive and that is giving any problems for SpyBot or Adaware... seems unlikely though, because %sysroot% should find things anyway.

In your log entry:-
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\mswmp.inf,PerUserStub
and

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
looked suspicious to me - why not fix those and post back?
 
#10
Since do what i said i did b4 in Safe Mode i cant find the stuff u said looked Suspicious?

Heres a pic of what the program finds now, anything look strange?
 

Attachments

American Zombie

Administrator
Staff member
Political User
#11
Mainframeguy, both of the entries you say to take out are part of Windows XP.
First one mswmp.inf is Window Media Player and the second one MarketplaceLinkInstall is Windows Marketplace Link.
Neither are spyware as both come with XP.
 

American Zombie

Administrator
Staff member
Political User
#15
Here are my entries in registry for search:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
 

yoyo

_________________
#16
You have a lop.com infection. Lop.com is bundled with MessengerPlus.

So first uninstall MessengerPlus in Add/Remove programs. If you really think you need it you can reinstall it later, but don't install the "sponsor" this time. There is an option during install.

Also if present uninstall

Window Search
Win Tools

If it isn't there run these two uninstallers:

http://lop.com/new_uninstall.exe
http://lop.com/toolbar_uninstall.exe

Update HijackThis to the latest version 1.98.2

With all other windows closed let HijackThis fix these entries if still present (Where is your HijackThis log anyway? Not so conveniant to copy and paste from a .jpg):
all R0 entries
O4 - HKLM\..\Run: [MessengerPlus3]..
O4 - HKLM\..\Run: [gplclose] D:\PROGR~1\UPLOAD~1\Itch program.exe (in case you don't know exactly what that is)
O4 - HKCU\..\Run: [MessengerPlus3]..

Delete the folders:
D:\Program Files\MessengerPlus!
D:\Program Files\Upload~1 (=folder beginning with upload
there usually is still another folder to delete in \Documents and Settings\All Users\Application Data\ - likely you already fixed the entry indicating the name.

Clear your temp and temporary internet files.

Reboot.
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,014
Latest member
sanoravies