Hijacked Ie Search Bar

There is a stubborn malware in my system that keeps changing my IE search bar to http://www.websearch.com/ie.aspx?tb_id=50181. Spyware Guard keeps telling me that the IE search bar has been changed to this web address. I have done everything I can think of, including not limited to the following:

1. Shut off the restore function. My OS is Windows XP Pro.
2. AVG does not catch it.
3. Scan and clean using Spy-bot Version 1.3.
4. Scan and clean using Ad-aware SE 1.04.
5. Scan and clean using TDS-3.
6. Erasing all restore files on the system.
7. Using regedit to clean out 'websearch' items in the registry.
8. Deleting all files in quarantine.
9. leaning the system using Spyware blaster.

What else can I do? Tried to use the tools in spywareinfo.com but site down.

Please help.

Try to do it in safe mode,the scans , etc...

Don't forget CWSShredder. Find a mirror with google, the spywareinfo site is down, I think.

And if all that fails, post a Hijackthis log, but do not remove anything without having someone here look over the log, it's possible to damage your system!

Regards,
Xierox

Xierox, Soda and Copyright:

Thanks. You guys are fast.

I think that I may have solve the problem in the meantime. The websearch.com is a program afterall in my system. By uninstalling it, I may have stopped the 'hijack'. This company puts out a internet search bar that 'refuses' to allow you to use anything else. Hence, the redirecting of the search bar to this site.


Regards.

well.. although you might think you've solved your problem, it's probable that there are remnants left behind. I think you should still post a hijackthis log as xierox suggested. You can attach the txt file to a post in this thread.. (to keep the thread less cluttered)

you might also take a look at some of the logs in this google search..
http://www.google.com/search?hl=en&i...=Google+Search

Xierox:

Attached, please find the Hijackthis log of my system. Let me know which entries shoudl be removed.

Thank you.


Regards,

Dominic Chew.

I’ve had problems with this in the past and found that the site was putting an EXE file in the windows directory. And a reg key pointing to it. Spy Sweeper was able to find it but not remove it
I had to rename the file then del it

yeah i am currently solving that problem with my dad's laptop. he seems to keep catching it few days after i fix it. anyhow. search on your Program Files folders and your registry. u'd deffinately find them there. its sometimes under the category of MyWebSearch. and ad scanners never did it for me. i had to manually go thru my folders and registry to delete the bloody things. i tell yah, they're everywhere.

you know.. I don't really see too much bad here.. perhaps you've used msconfig to turn off stuff and now hijackthis doesn't see it as a result of that ?

but for sure, this one HAS to go..

C:\Program Files\Common Files\WinTools\WToolsS.exe

google on "WToolsS.exe" and you'll see that one of it's names is "Adware.Huntbar"
I don't really think it's the websearch one but it might be..

remove that entry via HJT (with all other windows NOT running) , reboot, delete the "WinTools" directory from under "Common Files" , check that you have windows explorer set to view hidden files and that your stuff is enabled via msconfig.. (and reboot if you did have to enable) then run HJT again and post another log..

I would download the corporate edition of pestpatrol and see what that shows too.
http://download.pestpatrol.com/downl...lcorporate.exe

edit: oh.. I forgot to ask..
I see you have prevx installed and running.. I've checked out this app and found it to be.. well.. "ok I guess: but haven't really seen if it's really DONE anything to protect.
tell me, did you install this after the fact ?

and uh, I guess you know now, or will know.. that an ounce of prevention is worth a pound of cure.. nothing like getting something that pisses you off.. to teach you a few lessons on how to prevent it in the future.. lol..