Results 1 to 10 of 10

Thread: Hijacked Ie Search Bar

  1. #1
    Junior Member
    Join Date
    Sep 2004
    Posts
    3

    Hijacked Ie Search Bar

    There is a stubborn malware in my system that keeps changing my IE search bar to http://www.websearch.com/ie.aspx?tb_id=50181. Spyware Guard keeps telling me that the IE search bar has been changed to this web address. I have done everything I can think of, including not limited to the following:

    1. Shut off the restore function. My OS is Windows XP Pro.
    2. AVG does not catch it.
    3. Scan and clean using Spy-bot Version 1.3.
    4. Scan and clean using Ad-aware SE 1.04.
    5. Scan and clean using TDS-3.
    6. Erasing all restore files on the system.
    7. Using regedit to clean out 'websearch' items in the registry.
    8. Deleting all files in quarantine.
    9. leaning the system using Spyware blaster.

    What else can I do? Tried to use the tools in spywareinfo.com but site down.

    Please help.

  2. #2
    Try to do it in safe mode,the scans , etc...
    O.G at A.O

  3. #3
    Don't forget CWSShredder. Find a mirror with google, the spywareinfo site is down, I think.

  4. #4
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    And if all that fails, post a Hijackthis log, but do not remove anything without having someone here look over the log, it's possible to damage your system!

    Regards,
    Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  5. #5
    Junior Member
    Join Date
    Sep 2004
    Posts
    3
    Xierox, Soda and Copyright:

    Thanks. You guys are fast.

    I think that I may have solve the problem in the meantime. The websearch.com is a program afterall in my system. By uninstalling it, I may have stopped the 'hijack'. This company puts out a internet search bar that 'refuses' to allow you to use anything else. Hence, the redirecting of the search bar to this site.


    Regards.

  6. #6
    well.. although you might think you've solved your problem, it's probable that there are remnants left behind. I think you should still post a hijackthis log as xierox suggested. You can attach the txt file to a post in this thread.. (to keep the thread less cluttered)

    you might also take a look at some of the logs in this google search..
    http://www.google.com/search?hl=en&i...=Google+Search

  7. #7
    Junior Member
    Join Date
    Sep 2004
    Posts
    3
    Xierox:

    Attached, please find the Hijackthis log of my system. Let me know which entries shoudl be removed.

    Thank you.


    Regards,

    Dominic Chew.

  8. #8
    Junior Member
    Join Date
    Sep 2004
    Posts
    2
    I’ve had problems with this in the past and found that the site was putting an EXE file in the windows directory. And a reg key pointing to it. Spy Sweeper was able to find it but not remove it
    I had to rename the file then del it

  9. #9
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    yeah i am currently solving that problem with my dad's laptop. he seems to keep catching it few days after i fix it. anyhow. search on your Program Files folders and your registry. u'd deffinately find them there. its sometimes under the category of MyWebSearch. and ad scanners never did it for me. i had to manually go thru my folders and registry to delete the bloody things. i tell yah, they're everywhere.

  10. #10
    you know.. I don't really see too much bad here.. perhaps you've used msconfig to turn off stuff and now hijackthis doesn't see it as a result of that ?

    but for sure, this one HAS to go..

    C:\Program Files\Common Files\WinTools\WToolsS.exe

    google on "WToolsS.exe" and you'll see that one of it's names is "Adware.Huntbar"
    I don't really think it's the websearch one but it might be..

    remove that entry via HJT (with all other windows NOT running) , reboot, delete the "WinTools" directory from under "Common Files" , check that you have windows explorer set to view hidden files and that your stuff is enabled via msconfig.. (and reboot if you did have to enable) then run HJT again and post another log..

    I would download the corporate edition of pestpatrol and see what that shows too.
    http://download.pestpatrol.com/downl...lcorporate.exe

    edit: oh.. I forgot to ask..
    I see you have prevx installed and running.. I've checked out this app and found it to be.. well.. "ok I guess: but haven't really seen if it's really DONE anything to protect.
    tell me, did you install this after the fact ?

    and uh, I guess you know now, or will know.. that an ounce of prevention is worth a pound of cure.. nothing like getting something that pisses you off.. to teach you a few lessons on how to prevent it in the future.. lol..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •