safesearch.com adware problem
Results 1 to 10 of 10

Thread: safesearch.com adware problem

  1. #1
    Banned
    Join Date
    Feb 2004
    Posts
    20

    safesearch.com adware problem

    Has anyone here had this nasty little bugger. Thought I would mention it as a when this is detected and deleted it managed to pretty much wipe my hardrive, and it had to totally be re-formatted.

    http://securityresponse.symantec.com...afesearch.html

    Here is the link from symatec, describing it. For future reference and to help others, could anyone perhaps explain how to delete this without effecting any important files?

    Sco

  2. #2
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Here is the link from symatec, describing it. For future reference and to help others, could anyone perhaps explain how to delete this without effecting any important files?
    A little bit down the page it shows you how to delete it.

    1) Run Norton (with updated defs) and delete viruses.
    2) Delete Registry keys

    This is from the page you gave us:

    3. Deleting the keys from the registry

    --------------------------------------------------------------------------------
    WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
    --------------------------------------------------------------------------------

    Click Start, and then click Run. (The Run dialog box appears.)
    Type regedit

    Then click OK. (The Registry Editor opens.)


    Navigate to and delete the following keys:

    HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO.1
    HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO
    HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}
    HKEY_CLASSES_ROOT\Typelib\{CB5006EE-F57D-4116-B7B6-48EB564FE0F0}
    HKEY_CLASSES_ROOT\Interface\{28E6CCE2-3F2C-4B3D-9CB4-2FC8715A3ECE}


    Navigate to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


    In the right pane, delete the value:

    "SafeSearch"="c:\program files\primesoft\safesearch\safesearch.exe"


    Navigate to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar


    In the right pane, delete the value:

    "{00000000-0000-0000-0000-000000000001}"=""


    Exit the Registry Editor.
    Or I am sure Spybot or Adaware would find something like this on your computer.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  3. #3
    From the description it looks like typical, run-of-the-mill adware. Try Adaware or Spbyot S&D and it should be safely removed with no trouble at all.

  4. #4
    Looks like me and CXG posted at the exact same time. You read my mind!

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi mate!

    Please try: http://www.winpatrol.com

    The second option is "IE Helpers".............these are BHOs (browser helper objects)...........should let you delete them.

    I also think that Hijack This, and/or Spybot Search & Destroy have tools to do it.

    Good Luck

  6. #6
    Banned
    Join Date
    Feb 2004
    Posts
    20
    The problem was that I deleted these two files...:

    HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO.1
    HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO

    then navigated to the 000000000001 file but it wasnt there, then I exited it and IE wouldnt work, tried to restart it, then it wouldnt work at all after that. After reloading windows it was there so I had to do a total strip down. I dont know where it went wrong???

    Andrew

  7. #7
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Originally posted here by U_caNt_KiD_M3
    The problem was that I deleted these two files...:

    HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO.1
    HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO

    then navigated to the 000000000001 file but it wasnt there, then I exited it and IE wouldnt work, tried to restart it, then it wouldnt work at all after that. After reloading windows it was there so I had to do a total strip down. I dont know where it went wrong???

    Andrew
    Did you back up your registry beforehand?
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    Sco, Andrew and U_caNt_KiD_M3..

    I answered your question over that the "other" security forum that you posted this at.
    See that one for my answer.. you should of asked the question first before destroying your registry which then required you to reformat and reinstall..

    the lesson is learned a bit too late..

  9. #9
    Banned
    Join Date
    Feb 2004
    Posts
    20
    Tell me about it! I have learnt my lesson! However I did just follow the instructions from symantec, but I must have done something wrong. I will back it up next time.


    Sco

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    no you didn't do anything wrong, there need to be one bho file and this program overwrote it. if your smart now and your computer is running as it should do a reg back-up now. or at least on the keys that get changed by hi-jackers and adware/spyware
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •