-
October 17th, 2004, 07:34 AM
#1
Junior Member
Removing Gigasearch.biz Homepage
Hi !
I am having a strange problem which I am unable to resolve. Whenever I open my Internet Explorer, it takes me to "http://www.gigasearch.biz/?134". To change my homepage I have made several attempts i.e. editing / removing the entry in the registry (which reappears automatically in two to three seconds) and changing the homepage in Internet Explorer's properties but was unable to do so.
I have Norton Internet Security 2005 and Ad-Aware SE installed on my machine but this item is not traceble by either of the software. Operating System Windows XP Pro with SP-2 and all the latest updates are also installed. I started facing this problem after reinstalling windows. Please help me in removing this.
Secondly, I want to run Zone Alarm Pro, but the problem with that is it does not allow MS Outlook 2003 to download emails, please also advise in this regard.
Regards,
-
October 17th, 2004, 07:48 AM
#2
You've got some malware, specifically a browser hijack.
Run through this:
http://www.antionline.com/attachment...achmentid=4913
If the problem still exists, post again.
Make sure you follow each step properly, make sure everything you scan with is updated.
I started facing this problem after reinstalling windows. Please help me in removing this.
You do realize that a format of Windows would remove all patches and service packs? Did you update after the install? You probably didn't actually update after the format, or you visited a malicious site between the format and the updates.
Regarding Zone Alarm:
Zone Alarm and SP2 don't get along very well. Consider the Windows firewall, or finding an upgrade of ZA?
-
October 17th, 2004, 08:45 AM
#3
Junior Member
As per guidelines in that document, I scanned the entire system but was not able to remove that gigasearch.biz
Moreover, once I installed the windows, I did update all the updates including service packs for windows and virus definitation.
-
October 17th, 2004, 08:57 AM
#4
Junior Member
As per document, I am attaching the txt files for your review and advice.
Regards,
Zahid Hafeez
-
October 17th, 2004, 03:43 PM
#5
Open up Hijack This in safe mode, check and remove these entries.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gigasearch.biz/?134
R3 - URLSearchHook: GStartBHO Class - {EADD3112-0CF8-444b-AC0F-EBA38E004554} - C:\WINDOWS\Downloaded Program Files\giga32.dll
O2 - BHO: GStartBHO Class - {EADD3112-0CF8-444b-AC0F-EBA38E004554} - C:\WINDOWS\Downloaded Program Files\giga32.dll
O3 - Toolbar: GIGA Search - {D941BEA3-81E9-4033-8822-A733E2A91698} - C:\WINDOWS\Downloaded Program Files\giga32.dll
Then reboot normally and tell us the results. If it's fixed, you're done, if it's not, then attach the hijack this log again.
-
October 17th, 2004, 04:31 PM
#6
If you're going to reinstall windows, it's vital that you use some kind of hardware or external firewall device, while you're installing updates.
This is because, the time taken for an unprotected windows XP system to be come infected with worms is vastly less than the time taken to fully update it.
So you MUST use an external dedicated or hardware firewall while you update your system. If you can't do so, borrow one from someone else (or take your machine around their house / office) while you do it.
Connecting an unpatched Windows box to the internet is a definite way to have it thoroughly riddled almost immediate.
Slarty
-
October 17th, 2004, 07:30 PM
#7
Junior Member
Thanks Soda for your help and time, but even following the steps you mentioned, I am still not able to remove that. What else you advise?
Regards,
-
October 17th, 2004, 07:44 PM
#8
Junior Member
Sorry I forgot to attach the log file.
-
October 18th, 2004, 04:59 AM
#9
Did you restart?
Here are some questionable entries, tell me if you recognize the names, if you use them, or anything you know about them. Don't delete them from HJT yet...
Is this the proxy server you use?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.115.106.236:8080;http=192.115.106.236:8080;https=192.115.106.236:8080
Are you familiar with flipalbum?
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - D:\FlipAlbum 5 Pro\FpLaunch.dll
This has some adware related pages in Google...
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
Familiar with this?
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
Do you use something called DesktopX?
O4 - HKCU\..\Run: [DesktopX] "C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe"
I can't pick out anything specifically, let us know what you know about those entries. You may be hijacked outside the reach of HJT, because there is a lack of information regarding gigasearch online.
groovicus....meeeeee.... where are you?
-
October 18th, 2004, 05:09 AM
#10
Senior Member
I think even I faced a similiar problem... My Norton Antivirus was simply unable to reapir the file... Adware was not detecting any foul....
But then somebody from the forum suggested me to download CWShredder
http://www.spywareinfo.com/~merijn/index.html
Incase your infected PC does not allow to reach to the url try the following link
http://209.133.47.12/~merijn/index.html
http://www.softpedia.com/public/cat/...0-17-150.shtml
I recmmend try running this software before formatting ur PC....
Take Care
Kalp
****** Any man who knows all the answers most likely misunderstood the questions *****
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|