Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

darn updatesearches again [CLOSED]


  • This topic is locked This topic is locked

#1
Tzown

Tzown

    New Member

  • Member
  • Pip
  • 2 posts
im sure u know already what im on about my internet explorer browser has the updatesearches.com as the homepage and i cant change it or get rid of it, and when i try going to websites via my internet explorer the updatesearches website comes back, i cant to anything, with my internet explorer. please help me :tazz:

heres my hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 17:53:51, on 12/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\intmonp.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Voyager100Test\fts.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\system32\intmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Tahir\My Documents\int dwnld\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE...&CM=MsgrInstall
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp502.tmp
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Voyager100Test\fts.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116360942343
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4B77B9E-FEEF-4F4E-988D-9C7003D46DB9}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe


hope this helps, anything you need to know to help me, letme know
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please RIGHT-CLICK: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid


Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\system32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\system32\perfcii.ini
C:\Windows\System32\helper.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\LogFiles
C:\Program Files\Security IGuard

While still in Safe Mode, do the following:

Make sure all programs and windows are closed. Run HiJackThis and place a check next to the following items, if found, then click FIX CHECKED:

******Place hijackthis items to be fixed here********

Close HiJackThis.

Reboot into normal mode.

1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.
  • 0

#3
Tzown

Tzown

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
hi thank you for the quick response, it was very much appreciated, i did exactly what you said apart from when u said 'place a check next to the following items, then click fixed checked' because you must have forgotten to put the following items, so what i did was look at other peoples and then printed them out and checked them, and hoo this is my reults of the hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 00:30:37, on 13/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Voyager100Test\fts.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Tahir\My Documents\int dwnld\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE...&CM=MsgrInstall
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Voyager100Test\fts.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116360942343
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4B77B9E-FEEF-4F4E-988D-9C7003D46DB9}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe


and this is the results of the scan


Incident Status Location

Adware:Adware/CWS No disinfected C:\Documents and Settings\Tahir\Favorites\Online Gambling\Online Gambling.url
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\Tahir\Favorites\online dating.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Tahir\Favorites\Black Jack Online.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy\Adipex.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Tahir\Favorites\Black Jack Online.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Tahir\Favorites\Home Loan.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Tahir\Favorites\Network Security.url
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\Tahir\Favorites\Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\Tahir\Favorites\Online Gambling\Online Gambling.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Tahir\Favorites\Online Gambling.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy\Adipex.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy\Alprazolam.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy\Carisoprodol.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy\Diazepam.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy\Hydrocodone.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy\Lortab.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy\Online Pharmacy.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy\Prozac.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy\Valium.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy\Vicodin.url
Adware:Adware/Perfect-Search No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy\Xanax.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Tahir\Favorites\Online Pharmacy.url
Virus:W32/Smitfraud.A Disinfected C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\uninstIU.exe
i hope the problems is sorted, it seems so, once again thank you for your quick responce and help, i really appreciate it! :tazz::);):)
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Tzown,

My apologies for missing out on the part !!!!!!!!!! :tazz:

Run Hijack This and click on scan. The following items need to be fixed -

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe


Close all windows other than Hijack This and click on Fix Checked.

Reboot the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up and choose the option Safe Mode).

The following files need to be deleted -

C:\Documents and Settings\Tahir\Favorites\online dating.url
C:\Documents and Settings\Tahir\Favorites\Black Jack Online.url
C:\Documents and Settings\Tahir\Favorites\Black Jack Online.url
C:\Documents and Settings\Tahir\Favorites\Home Loan.url
C:\Documents and Settings\Tahir\Favorites\Network Security.url
C:\Documents and Settings\Tahir\Favorites\Online Dating.url
C:\Documents and Settings\Tahir\Favorites\Online Gambling.url
C:\Documents and Settings\Tahir\Favorites\Online Pharmacy.url

C:\WINDOWS\uninstIU.exe

The following folders need to be deleted -

C:\Documents and Settings\Tahir\Favorites\Online Pharmacy
C:\Documents and Settings\Tahir\Favorites\Online Gambling

C:\Program Files\PSGuard

Reboot the PC and post a fresh Hijack This log here. We can then confirm that the entire infection has been removed.
  • 0

#5
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP