Has anyone here had this nasty little bugger. Thought I would mention it as a when this is detected and deleted it managed to pretty much wipe my hardrive, and it had to totally be re-formatted.

http://securityresponse.symantec.com/avcenter/venc/data/adware.safesearch.html

Here is the link from symatec, describing it. For future reference and to help others, could anyone perhaps explain how to delete this without effecting any important files?

Sco

Here is the link from symatec, describing it. For future reference and to help others, could anyone perhaps explain how to delete this without effecting any important files?

A little bit down the page it shows you how to delete it.

1) Run Norton (with updated defs) and delete viruses.
2) Delete Registry keys

This is from the page you gave us:

3. Deleting the keys from the registry

--------------------------------------------------------------------------------
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
--------------------------------------------------------------------------------

Click Start, and then click Run. (The Run dialog box appears.)
Type regedit

Then click OK. (The Registry Editor opens.)


Navigate to and delete the following keys:

HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO.1
HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO
HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}
HKEY_CLASSES_ROOT\Typelib\{CB5006EE-F57D-4116-B7B6-48EB564FE0F0}
HKEY_CLASSES_ROOT\Interface\{28E6CCE2-3F2C-4B3D-9CB4-2FC8715A3ECE}


Navigate to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


In the right pane, delete the value:

"SafeSearch"="c:\program files\primesoft\safesearch\safesearch.exe"


Navigate to the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar


In the right pane, delete the value:

"{00000000-0000-0000-0000-000000000001}"=""


Exit the Registry Editor.

Or I am sure Spybot or Adaware would find something like this on your computer.

From the description it looks like typical, run-of-the-mill adware. Try Adaware or Spbyot S&D and it should be safely removed with no trouble at all.

Looks like me and CXG posted at the exact same time. You read my mind!

Hi mate!

Please try: http://www.winpatrol.com

The second option is "IE Helpers".............these are BHOs (browser helper objects)...........should let you delete them.

I also think that Hijack This, and/or Spybot Search & Destroy have tools to do it.

Good Luck

The problem was that I deleted these two files...:

HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO.1
HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO

then navigated to the 000000000001 file but it wasnt there, then I exited it and IE wouldnt work, tried to restart it, then it wouldnt work at all after that. After reloading windows it was there so I had to do a total strip down. I dont know where it went wrong???

Andrew

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=256248#post732702) by U_caNt_KiD_M3
The problem was that I deleted these two files...:

HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO.1
HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO

then navigated to the 000000000001 file but it wasnt there, then I exited it and IE wouldnt work, tried to restart it, then it wouldnt work at all after that. After reloading windows it was there so I had to do a total strip down. I dont know where it went wrong???

Andrew

Did you back up your registry beforehand?

Sco, Andrew and U_caNt_KiD_M3.. :D

I answered your question over that the "other" security forum that you posted this at.
See that one for my answer.. you should of asked the question first before destroying your registry which then required you to reformat and reinstall..

the lesson is learned a bit too late..

Tell me about it! I have learnt my lesson! However I did just follow the instructions from symantec, but I must have done something wrong. I will back it up next time.


Sco

no you didn't do anything wrong, there need to be one bho file and this program overwrote it. if your smart now and your computer is running as it should do a reg back-up now. or at least on the keys that get changed by hi-jackers and adware/spyware