Results 1 to 6 of 6

Thread: Still trying to fix smartsearch

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

Previous Post

Next Post

June 25th, 2004, 12:59 AM #2
meeeeeee

View Profile

View Forum Posts

Visit Homepage
Senior Member

Join Date

Feb 2004

Posts

201
**EDIT: Before you do anything make certain you have the most recent version of CWShredder by clicking the "update" button.

Please boot into safe mode and run CWShredder. Make sure you select "fix" NOT "scan."

********************************

Then select the following with HijackThis. With all windows (including this one!) closed, please select "fix.”

1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.100/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.100/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.31.79.100/search.php
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - its:mhtml:file://c:\MAIN.MHT!http://213.159.117.237:4000/buka.chm::/x.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.100/winsearchie32.c...nsearchie32.exe
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

Next, find and delete the following file:

C:\WINDOWS\System32\winupd.exe

And since that entry is a sign of a Beagle infection please run at least one of the following online virus scanners:

http://housecall.trendmicro.com/
http://www.bitdefender.com/scan/licence.php
http://www.ravantivirus.com/scan/
http://us.mcafee.com/root/mfs/default.asp?affid=294
http://www.pandasoftware.com/activescan/

Lastly, reboot and post a fresh HijackThis log.
Reply With Quote

Quick Navigation Spyware / Adware Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Terms and Conditions | About Us | Privacy Notice | Contact Us | Advertise | Sitemap| California - Do Not Sell My Info

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

All times are GMT +1. The time now is 02:13 PM.