[HyDekar]

It works, it works!! YAY!!

Okay... Here's what to do...

Go to http://www.mwti.net/...e_utilities.asp

Download the program there and run it (it's called eScan Antivirus Toolkit Utility)

Make sure when you run it, check all the boxes for files and everything like that, and make it so it scans all files and not just program files... Then click on "Scan Clean"

It may take a while, and may also find some trojans/viruses/adware that you had no idea that you had! It found 197 Viruses/Trojans/Adware on my computer! AGH!!

Once it's finished, restart your computer, and walla! All fixed!!

*sighs in relief* I'm glad that's over...

Hope that helps Garth... And thanks Coach, because it was all your help that put me on the right track to finding that program...

[Advertisements]

Thanks for the input HyDekar

The latest Windows Update (which I have) does not stop it at all, nor can it fix it. So updating windows isn't the way to go...

There's a very simple reason we require members to update Windows before assisting them. Without Windows updates, and computer can get reinfected almost instantly--just by being connected to the Internet.

These logs do take some time to analyze, and we have many people needing assistance. It just doesn't make sense to spend time helping someone, when we know they'll be right back (here or elsewhere).

[admin]

Thanks for the input HyDekar

The latest Windows Update (which I have) does not stop it at all, nor can it fix it. So updating windows isn't the way to go...

There's a very simple reason we require members to update Windows before assisting them. Without Windows updates, and computer can get reinfected almost instantly--just by being connected to the Internet.

These logs do take some time to analyze, and we have many people needing assistance. It just doesn't make sense to spend time helping someone, when we know they'll be right back (here or elsewhere).

[csm25]

Thanks Hydekar! That a-search.biz problem was driving me nuts ! I like everyone else tried ad-aware, spybot, etc. I usually find that when I get these really tough spyware infections ad-aware and spybot are useless and only anti-virus programs work. Last time I had a tough spyware infection I used Norton's free online scan -- but that took forever.

This free little virus scan worked very quickly. I used the default settings (check for program files only) and it solved the a-search.biz problem. It was a trojan -- it found about 9 alltogether.

One of these trojans must be responsible for the a-search.biz problem, but I'm not sure which one. Here is my log from the virus scan:


File C:\WINDOWS\dllhlp.exe infected by "Trojan.Win32.Bizten.gen" Virus. Action Taken: File Deleted.
File C:\WINDOWS\telnet.exe infected by "TrojanDropper.Win32.Agent.k" Virus. Action Taken: File Deleted.
File C:\WINDOWS\zhelp.exe infected by "Trojan.Win32.StartPage.mw" Virus. Action Taken: File Deleted.
File C:\WINDOWS\loadnew.exe infected by "TrojanDownloader.Win32.Harnig.y" Virus. Action Taken: File Deleted.
File C:\WINDOWS\msxmidi.exe infected by "TrojanDownloader.Win32.Agent.dh" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Q383305.com infected by "TrojanDropper.DOS.Rute" Virus. Action Taken: File Deleted.
File C:\WINDOWS\it.bat infected by "TrojanClicker.Win32.Qhost.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\s-orPE.exe infected by "Backdoor.Small.bb" Virus. Action Taken: File Renamed.
File C:\WINDOWS\System32\NETRUN.EXE infected by "TrojanDownloader.Win32.Small.qs" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\telnet.exe infected by "TrojanDropper.Win32.Agent.k" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\winmm64.exe infected by "TrojanDownloader.Win32.Small.vt" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\s-s-nthh32.exe infected by "TrojanDropper.Win32.Small.kt" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\wmsfake.exe infected by "TrojanDropper.Win32.Small.lq" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\NAGCARDB.dll infected by "TrojanDownloader.Win32.Agent.bh" Virus. Action Taken: File to be deleted on reboot.
File C:\WINDOWS\System32\msfind.exe tagged as not-a-virus:RiskWare.PSWTool.PassView.151. No Action Taken.


Thanks again. If someone feels like trying to figure out which trojan exactly caused this a-search.biz problem it would be just a matter of removing it manually in the future (which is usually much quicker than doing a virus scan if you really don't need to do a whole scan).

[MetalShotz]

thank goodness I'm not the only one. Was at another forum on another site, 40-50 some people kept telling me to upgrade to newest version of Hijackthis, Spybot-Adware etc. Nothing showed up on any scan, everytime I load Internet explorer for the 1st time it would direct me to http://a-search.biz/?wmid=1010. I couldn't find nothing out of the ordinary in the registry.grrrrr. I downloaded that eScan AntiVirus toolkit and voila, it's gone. Thanks for finding the solutions guys. You have no idea how much it's appreciated.

[garthpro]

that was it.
Thanks to all.
nothing like team work, although I did nothing but follow along

[HyDekar]

There's a very simple reason we require members to update Windows before assisting them. Without Windows updates, and computer can get reinfected almost instantly--just by being connected to the Internet.

Ah, k... I had no idea about that ... Thanks...

And believe me, I'm as relieved as all of you that there was a way to get rid of it, lol ... Although had no idea that there were so many infected...

[admin]

Although had no idea that there were so many infected...

Over 800 views in a couple days, I guess it is a pretty widespread problem.

Here's an alternate fix. Run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

Empty your temp folders.
--Windows XP--
Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Click OK and Disk Cleanup will delete those files for you.

--all other version of Windows--
Delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

[garthpro]

Sweeeeet!, I started something huge! I feel like the monkey in Outbreak!

[Grinler]

In case anyone needs to know for the future, I have guide on how to remove this variant here:

How to remove a-search.biz and Ssearch.biz Hijack

[garthpro]

Anyone still here?
I ran that Virus scan and the problem went away, but eScan is finding two other viruses and leaving them. Anyone with experience with this program know how to delete these two files?!

[admin]

Hi garthpro,

To avoid confusion, please start a new topic, and post a Hijack This log.

[garthpro]

gotcha!

[whateverian]

i did that but it only said when performing the scan that "no action taken"
what does that mean?

it said that i need to download escan to be able to take them off

any ideas?

It works, it works!!  YAY!!

Okay...  Here's what to do...

Go to http://www.mwti.net/...e_utilities.asp

Download the program there and run it (it's called eScan Antivirus Toolkit Utility)

Make sure when you run it, check all the boxes for files and everything like that, and make it so it scans all files and not just program files...  Then click on "Scan Clean"

It may take a while, and may also find some trojans/viruses/adware that you had no idea that you had!  It found 197 Viruses/Trojans/Adware on my computer!  AGH!!

Once it's finished, restart your computer, and walla!  All fixed!!

*sighs in relief*  I'm glad that's over...

Hope that helps Garth...  And thanks Coach, because it was all your help that put me on the right track to finding that program...

[coachwife6]

I need you to start a new thread and to post a hijack this log for us to look at it.

Thanks.

[admin]

Closing topic to prevent future hijackers.