Home Search Assistant

Discussion in 'Computer Support' started by Alasdair Baxter, Sep 22, 2004.

  1. Please, how do I get rid of Home Search Assistant which has hijacked
    my IE program? I'v tried sever programs to no avail. About Buster,
    HSRemove, and Hijack This.

    I have tried to use Norton Anti-virus but it is no good. Neither is
    SpyBot Search and Destroy nor Ad-aware Professional 6.

    Whatever I change in the registry gets changed back again as soon as I
    re-load IE6.


    --

    Alasdair Baxter, Nottingham, UK.Tel +44 115 9705100; Fax +44 115 9423263

    "It's not what you say that matters but how you say it.
    It's not what you do that matters but how you do it"
     
    Alasdair Baxter, Sep 22, 2004
    #1
    1. Advertising

  2. Alasdair Baxter wrote:

    > Please, how do I get rid of Home Search Assistant which has hijacked
    > my IE program? I'v tried sever programs to no avail. About Buster,
    > HSRemove, and Hijack This.
    >
    > I have tried to use Norton Anti-virus but it is no good. Neither is
    > SpyBot Search and Destroy nor Ad-aware Professional 6.
    >
    > Whatever I change in the registry gets changed back again as soon as I
    > re-load IE6.
    >
    >
    > --
    >
    > Alasdair Baxter, Nottingham


    http://www.short-media.com/review.php?r=259
     
    =?ISO-8859-1?Q?R=F4g=EAr?=, Sep 22, 2004
    #2
    1. Advertising

  3. Rôgêr wrote:

    > http://www.short-media.com/review.php?r=259


    Typical, I ask for instructions and all you can do is post a link,
    in the absence of your ability to express the way to resolve the
    problem.

    Don't bother in future, you cop out.

    Alasdair Baxter, Nottingham
     
    Alasdair Baxter, Sep 22, 2004
    #3
  4. Alasdair Baxter wrote:

    > Rôgêr wrote:
    >
    >
    >>http://www.short-media.com/review.php?r=259

    >
    >
    > Typical, I ask for instructions and all you can do is post a link,
    > in the absence of your ability to express the way to resolve the
    > problem.
    >
    > Don't bother in future, you cop out.
    >
    > Alasdair Baxter, Nottingham


    It's a rather lengthy process. In light of your inability to do a little
    work on your own and your possession of a singularly brat-like
    disposition, why don't you **** off and fix your own goddamn computer.
     
    =?ISO-8859-1?Q?R=F4g=EAr?=, Sep 22, 2004
    #4
  5. On Wed, 22 Sep 2004 13:07:58 -0400, Rôgêr <> wrote:

    >It's a rather lengthy process. In light of your inability to do a little
    >work on your own and your possession of a singularly brast-like
    >disposition, why don't you **** off and fix your own goddamn computer.


    I think you are being a little unfair in describing me as having a
    "singularly brast-like disposition". I admit I posted three queries
    in quick succession but that was because I didn't know what the
    problem was until I discovered it was called "Home Search Assistant".

    The Short-Media system is a lenghthy and labour intensive process and
    I have been through it twice but to no avail. I don't mind paying for
    a program to get rid of it but there doesn't seem to be any. I've
    tried Norton Anti-Virus but Symantec never seem to have heard of "Home
    Search Assistant". Three programs have been written to get rid of it
    but neither work; they are About Buster, Hijack This and HSRemove.

    I bought Ad-aware Professional and downloaded Spybot but they don't
    work either.

    Am I a brat because I spent a lot of money and time to try and get rid
    of a virus or whatever it is and am now getting a bit fed up?
    --

    Alasdair Baxter, Nottingham, UK.Tel +44 115 9705100; Fax +44 115 9423263

    "It's not what you say that matters but how you say it.
    It's not what you do that matters but how you do it"
     
    Alasdair Baxter, Sep 22, 2004
    #5
  6. Alasdair Baxter

    °Mike° Guest

    On Wed, 22 Sep 2004 18:35:49 +0100, in
    <>
    Alasdair Baxter scrawled:

    >On Wed, 22 Sep 2004 13:07:58 -0400, Rôgêr <> wrote:
    >
    >>It's a rather lengthy process. In light of your inability to do a little
    >>work on your own and your possession of a singularly brast-like
    >>disposition, why don't you **** off and fix your own goddamn computer.

    >
    >I think you are being a little unfair in describing me as having a
    >"singularly brast-like disposition".


    I don't think it was unfair, at all.

    > I admit I posted three queries in quick succession but that was
    >because I didn't know what the problem was until I discovered it
    >was called "Home Search Assistant".


    No, it was because of your "I want it, and I want it NOW!" brat-like
    disposition.

    Shame that, because I could have helped you. Bye-bye.

    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Sep 22, 2004
    #6
  7. Alasdair Baxter

    Unknown Guest

    With your attitude you SHOULD fix your own computer. You ask for help and then
    are the most ungracious person on the face of the earth. When you go to a
    doctors office and he gives you a prescription do you act the same?
    "Alasdair Baxter" <> wrote in message
    news:...
    > On Wed, 22 Sep 2004 13:07:58 -0400, Rôgêr <> wrote:
    >
    >>It's a rather lengthy process. In light of your inability to do a little
    >>work on your own and your possession of a singularly brast-like
    >>disposition, why don't you **** off and fix your own goddamn computer.

    >
    > I think you are being a little unfair in describing me as having a
    > "singularly brast-like disposition". I admit I posted three queries
    > in quick succession but that was because I didn't know what the
    > problem was until I discovered it was called "Home Search Assistant".
    >
    > The Short-Media system is a lenghthy and labour intensive process and
    > I have been through it twice but to no avail. I don't mind paying for
    > a program to get rid of it but there doesn't seem to be any. I've
    > tried Norton Anti-Virus but Symantec never seem to have heard of "Home
    > Search Assistant". Three programs have been written to get rid of it
    > but neither work; they are About Buster, Hijack This and HSRemove.
    >
    > I bought Ad-aware Professional and downloaded Spybot but they don't
    > work either.
    >
    > Am I a brat because I spent a lot of money and time to try and get rid
    > of a virus or whatever it is and am now getting a bit fed up?
    > --
    >
    > Alasdair Baxter, Nottingham, UK.Tel +44 115 9705100; Fax +44 115 9423263
    >
    > "It's not what you say that matters but how you say it.
    > It's not what you do that matters but how you do it"
     
    Unknown, Sep 22, 2004
    #7
  8. Alasdair Baxter

    Jim Byrd Guest

    Hi Alasdair - I was going to chime in with one of my 16KB "standard" posts
    about eliminating these particular CWS parasites (that's about how much info
    it takes) until I saw that Roger had already pointed you to all the
    information you need. Now I don't think I'll bother unless you can tell me
    that I've misunderstood something. You did come here asking for assistance,
    didn't you, about something you didn't know how to fix? And then told the
    more knowledgable person who answered you correctly to f**k off? Is that
    about right?

    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In news:,
    Alasdair Baxter <> typed:
    > On Wed, 22 Sep 2004 13:07:58 -0400, Rôgêr <> wrote:
    >
    >> It's a rather lengthy process. In light of your inability to do a
    >> little work on your own and your possession of a singularly
    >> brast-like disposition, why don't you **** off and fix your own
    >> goddamn computer.

    >
    > I think you are being a little unfair in describing me as having a
    > "singularly brast-like disposition". I admit I posted three queries
    > in quick succession but that was because I didn't know what the
    > problem was until I discovered it was called "Home Search Assistant".
    >
    > The Short-Media system is a lenghthy and labour intensive process and
    > I have been through it twice but to no avail. I don't mind paying for
    > a program to get rid of it but there doesn't seem to be any. I've
    > tried Norton Anti-Virus but Symantec never seem to have heard of "Home
    > Search Assistant". Three programs have been written to get rid of it
    > but neither work; they are About Buster, Hijack This and HSRemove.
    >
    > I bought Ad-aware Professional and downloaded Spybot but they don't
    > work either.
    >
    > Am I a brat because I spent a lot of money and time to try and get rid
    > of a virus or whatever it is and am now getting a bit fed up?
     
    Jim Byrd, Sep 23, 2004
    #8
  9. On Wed, 22 Sep 2004 18:07:43 -0700, "Jim Byrd"
    <> wrote:

    >Hi Alasdair - I was going to chime in with one of my 16KB "standard" posts
    >about eliminating these particular CWS parasites (that's about how much info
    >it takes) until I saw that Roger had already pointed you to all the
    >information you need. Now I don't think I'll bother unless you can tell me
    >that I've misunderstood something. You did come here asking for assistance,
    >didn't you, about something you didn't know how to fix? And then told the
    >more knowledgable person who answered you correctly to f**k off? Is that
    >about right?


    I did come asking for assistance and I asked very politely. I did not
    write or post the second posting under my name at 18:02. This was
    done by someone writing under my name who, presumably, saw it as a bit
    of a laugh to cause me grief. In case I had taken some sudden mental
    ilness, I checked my Outbox on Forte Agent and that posting does not
    appear. It was not posted by me.

    The only thing I may have done wrong is to post 2 separate threads in
    short order one after the other. When I posted the first one, I
    didn't know the name of the "virus" and I posted the second thread
    when I found that out.

    I thought that Home Search Assistant was a form of virus which would
    have been dealt with by Norton, Panda and the other big anti-virus
    software houses but it appears not. The only people who seem to be
    interested are short-media. I followed their manual to the letter as
    far as I could but it seems to have been written for Windows 98 or ME
    as my Windows 2000 doesn't have a folder c://windows.
    --

    Alasdair Baxter, Nottingham, UK.Tel +44 115 9705100; Fax +44 115 9423263

    "It's not what you say that matters but how you say it.
    It's not what you do that matters but how you do it"
     
    Alasdair Baxter, Sep 23, 2004
    #9
  10. Alasdair Baxter

    Keyser Soze Guest

    Alasdair Baxter wrote:

    > I checked my Outbox on Forte Agent and that posting does not
    > appear. It was not posted by me.


    BWAHAHAHAHAHAHAHAHAH!!!

    ROFL PMSL *COUGH* *CHOKE* *WHEEZE* *SPLUTTER*

    <wipes tears from eyes>

    Thank **** for "checking, eh?
     
    Keyser Soze, Sep 23, 2004
    #10
  11. Alasdair Baxter

    Jim Byrd Guest

    WARNING Long Reply - Re: Home Search Assistant

    OK Alasdair, I'll take you at your word after having looked at the headers.
    The following is my "standard" post relative to these about:home and res://
    type Cool Web Search parasites. Reference your comment about C:\Windows and
    Win2k, generally (although not always) you can just translate removal
    instructions which refer to %SystemDrive%\Windows\System32 to
    %SystemDrive%\WINNT\System32 - IOW, think of it as
    %SystemDrive%\%SystemRoot%\. Although Approach 1 is pertinent to your case,
    please follow the directions and do the About:Blank Specific and Basic
    Cleaning steps first. Remember to test your problem after each step.



    We've been seeing this a lot lately, and these are very difficult CWS
    parasite variants to remove. Read ALL of this carefully to begin with, then
    try About:Blank Specific and then Basic Cleaning, below FIRST and then ONLY
    IF NECESSARY Approach 1 and/or Approach 2 and/or Approach 3 and/or Approach
    4 and/or Approach 5.

    ********Please post back with your results in detail if possible - what you
    tried, what happened, how you ended up - so that we'll know better what to
    advise others.********

    #########IMPORTANT#########
    Before you try to remove spyware using any of the programs below, download
    both a copy of LSPFIX here:

    http://www.cexx.org/lspfix.htm

    AND a copy of Winsockfix
    http://www.tacktech.com/pub/winsockfix/WinsockFix.zip
    Directions here: http://www.tacktech.com/display.cfm?ttid=257
    The process of removing certain malware may kill your internet connection.
    If this should occur, these programs, LSPFIX and WINSOCKFIX, will enable you
    to regain your connection.
    #########IMPORTANT#########


    Approach 1 - If your hijacker is Home Search Assistant or one of these:

    - Only The Best
    - Home Search Extender
    - Shopping Wizard
    - res://****.dll/index.html#***** (or simply res .dll)

    first see here:
    http://www.short-media.com/forum/showthread.php?p=172774#post172774, then
    you can try AT YOUR OWN RISK, HSRemove, free, here:
    http://www.hsremove.com/. "A few days ago I got hijacked - Nothing new in
    that, except this time it was a real [censored] to get rid of. - There were
    simply no tools available to remove this "Home Search" thing. Finally I
    ended up creating my own tool for it. USE IT AT YOUR OWN RISK. And if you
    find it helpful, then please do not hesitate to make a contribution."


    Approach 2 - You can try this AT YOUR OWN RISK. I normally wouldn't advise
    using a malware provider's uninstall, but this particular approach has been
    reported to work ONLY IF you have the about:blank CWS variant (there appear
    to be at least three or four currently) which leads you to a Search page.
    Paste the following IP into your browser:

    195.190.118.131

    On the screen you arrive at, you see a "Search For" window, and below it a
    red "Uninstall Software". Download their uninstaller, uninstall.exe. At this
    point I would either use TotalUninstall or make a complete backup/Restore
    Point of my system for safety's sake (on the basis of "at least keep what
    you've got"). Total Uninstall, http://www.geocities.com/ggmartau/tu.html or
    direct dwnld here: http://files.webattack.com/localdl834/tun234.zip

    Run this uninstall program that you downloaded from the malware site, then
    UPDATE them and go to Safe mode to run UPDATED versions CWShredder, AdAware
    and SpyBot per the directions in Basic, below.



    Approach 3 - Courtesy of "Win" (Win J. Moore) in 24hoursupport.helpdesk

    "I had a variant of this CWS.SearchX sucker for about 3 weeks, and I FINALLY
    seem to be rid of it for good! It is aka Troj_StartPage.sp and
    BackDoor.Agent.BA. This is what I did:


    1. Run Regedit, and DELETE the following key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Windows\AppInit_DLLs

    The value of this key may look blank for you, but it is not. They hide the
    value so you can't see it. This registry key tells Windows to load the
    Trojan DLL every time ANY application is run giving it complete control to
    do whatever it wants. So you need to remove it so that the Trojan DLL cannot
    load and keep re-infecting your PC. The way to remove the registry key is
    not obvious. If you just delete it from RegEdit, since the Trojan DLL is
    loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs
    registry key and hit F5. Notice that it's added right back by the Trojan).

    So what you have to do is the following which worked for me (many thanks to
    "acomputerpro" at the SpywareInfo.com forums!)

    2. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
    folder to Windows2.

    3. Now delete the AppInit_DLLs key under the Windows2 folder.

    4. Hit F5 and notice that AppInit_DLLs doesn't come back.

    5. Rename the Windows2 folder back to Windows. Now that AppInit_DLLs is
    gone, run the latest AdAware 6 to remove the Trojan for good.

    6. Reboot your machine, and check the registry and make sure AppInit_DLLs is
    still gone.

    Your computer should be free of this for good now. Hope it works for you...
    It seemed to do the trick for me!"


    Approach 4 - If you've already tried CWShredder to get rid of this parasite
    (See below, v.159.0.1 or better and fully updated before use), then take a
    look at this thread about manual removal of this parasite:

    http://www.akadia.com/services/about_blank_virus.html
    and this one: http://www.daniweb.com/techtalkforums/thread5531.html
    and this one: http://computercops.biz/article-5199-nested-0-0.html
    and this one: http://forum.aumha.org/viewtopic.php?t=6437


    Approach 5 - I don't usually recommend anything but freeware that I've
    confidence in, but AT YOUR OWN RISK, not free ($29.95), Adware Away, here:
    http://www.adwareaway.com/ claims to fix it automatically, and several users
    now have reported success using it. I would backup my system before using
    it, however - always try to "keep what you've got".


    ___________________________________


    About:Blank Specific fixes:

    1) See the procedures here:
    http://www.pchell.com/support/onlythebest.shtml
    and especially here:
    http://www.pestpatrol.com/pestinfo/c/cws_aboutblank.asp Pest Patrol (free)
    claims to remove at least some of the about:blank variants

    2) Download AboutBuster, here: http://www.malwarebytes.biz/AboutBuster.zip
    or here: http://www.majorgeeks.com/download4289.html Then, "First unzip all
    files from the zip folder to a folder or your desktop. Start it and hit ok.
    Then hit update. A new screen should popup. On that screen hit Check for
    Updates. If it sais it found an update hit Download Updates. If it doesnt it
    will automatically tell you and exit. Now for the scanning part. Hit start
    and then Ok. The program should start scanning. Then hit exit and reboot.

    Once rebooted run About:Buster once more to make sure everything is ok.
    The database will be updated very frequently so check your versions once a
    day."

    3) Download dllfix.exe and CWShredder from here:

    http://www.renonce.com/pub/utils/dllfix.exe

    and http://209.133.47.200/~merijn/files/CWShredder.exe
    or http://www.zerosrealm.com/downloads/CWShredder.zip
    or http://downloads.subratam.org/CWShredder.exe

    Unzip or install dllfix.exe to its own folder, run it and do options 1 and
    2.

    Now proceed with the Basic Cleaning steps, below.

    4) It has been reported that the evaluation version of Panda Software's
    Titanium Antivirus 2004, here:
    http://www.pandasoftware.com/regist...&Ref=WW-TIT4-DES&Idioma=2&Country=Us&sec=down
    will completely remove about:blank. I have not been able to independently
    verify this yet, however, so this is AT YOUR OWN RISK. You'll have to give
    them some information, and I expect you may want to uncheck some of the
    "opt-in" boxes at the bottom just above and below the send button.


    Basic Cleaning - Note that this symptom often indicates the possibility of
    other malware. You might want go to this page at Jim Eshelman's site, here:
    http://aumha.org/a/noads.htm or here:
    http://inetexplorer.mvps.org/parasite.htm and wait a little bit (be
    patient), while an analysis of a number of possible parasites on your
    machine will be made to help you identify and remove them. NOTE: You will
    need to disable Ad Blocking in Zone Alarm 3.x, if present or any other Ad
    Blocking software which interferes with Java Scripting for this scan to
    work. You should get a message between the two lines of **** giving the
    results of the scan.


    #########IMPORTANT#########
    All of these removal tools should be run from Safe mode when possible.
    Reboot and test if the malware is fixed after using each tool.
    #########IMPORTANT#########


    Sometimes the tools below will find files which they are unable to delete
    because they are in use. A program called Copylock, here,
    http://noeld.com/programs.asp?cat=misc#CopyLock can aid in the process of
    "replacing, moving, renaming or deleting one or many files which are
    currently in use (e.g. system files like comctl32.dll, or virus/trojan
    files.)" Another is Killbox, here:
    http://download.broadbandmedic.com/Killbox.exe


    Download and run Stinger.exe, here:
    http://download.nai.com/products/mcafee-avert/stinger.exe or from the link
    on this page: http://vil.nai.com/vil/stinger/

    Download sysclean.com , from Trend Micro, here:
    http://www.trendmicro.com/download/dcs.asp along with the latest pattern
    file, here: http://www.trendmicro.com/download/pattern.asp Be sure to read
    the "How-to" info here:
    http://www.trendmicro.com/ftp/products/tsc/readme.txt (You might also want
    to get Art's updater, SYS-UP.Zip, here for future updating of these:
    http://home.epix.net/~artnpeg/). (If you download and use the updater from
    the beginning, it will automatically handle downloading the other files.)
    Place them in a dedicated folder after appropriate unzipping. Disable
    Restore if your on XP or ME (directions here:
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm), then boot to
    Safe mode (HowTo here:
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
    Do a complete scan of your system in Safe mode and clean or delete anything
    it finds. Reboot to normal mode and re-run the scan again.

    This scan may take a long time, as Sysclean is VERY extensive and thorough.


    For the general hijack case, the best way to start is to get Ad-Aware 6.0,
    Build 181 or later, here: http://www.lavasoftusa.com/support/download/.
    UPDATE, set it up in accordance with this:
    http://forum.aumha.org/viewtopic.php?t=5877 and run this regularly to get
    rid of most "spyware/hijackware" on your machine. If it has to fix things,
    be sure to re-boot and rerun AdAware again and repeat this cycle until you
    get a clean scan. The reason is that it may have to remove things which are
    currently "in use" before it can then clean up others.

    Then, courtesy of NonSuch at Lockergnome, open Ad-aware then click the gear
    wheel at the top and check these options to configure Ad-aware for a
    customized scan:

    General> activate these: "Automatically save log-file" and "Automatically
    quarantine objects prior to removal"

    Scanning > activate these: "Scan within archives", "Scan active processes",
    "Scan registry", "Deep scan registry," "Scan my IE Favorites for banned
    sites," and "Scan my Hosts file"

    Tweaks > Scanning Engine> activate this: "Unload recognized processes during
    scanning."

    Tweaks > Cleaning Engine: activate these: "Automatically try to unregister
    objects prior to deletion" and "Let Windows remove files in use after
    reboot."

    Click "Proceed" to save your settings, then click "Start." Make sure
    "Activate in-depth scan" is ticked green, then scan your system. When the
    scan is finished, the screen will tell you if anything has been found, click
    "Next." The bad files will be listed. Right click the pane and click "Select
    all objects" - This will put a check mark in the box at the side, click
    "Next" again and click "OK" at the prompt "# objects will be removed.
    Continue?"


    Another excellent program for this purpose is SpyBot Search and Destroy
    available here: http://security.kolla.de/ SpyBot Support Forum here:
    http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
    using both normally. After UPDATING and fixing ONLY RED things with SpyBot
    S&D, be sure to re-boot and rerun SpyBot again and repeat this cycle until
    you get a clean "no red" scan. The reason is that SpyBot sometimes has to
    remove things which are currently "in use" before it can then clean up
    others.

    Note that sometimes you need to make a judgment call about what these
    programs report as spyware. See here, for example:
    http://www.imilly.com/alexa.htm


    A currently common parasite is some malware called CoolWebSearch. Do the
    following:

    Download, UPDATE before running, and run:
    http://209.133.47.200/~merijn/files/CWShredder.exe to remove the parasite.
    Be sure to close all instances of IE and OE. You may also get it here if
    that link is blocked: http://www.zerosrealm.com/downloads/CWShredder.zip

    There's a good tutorial about CWS and using CWShredder here:
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=47#domain

    BE SURE that you get v.159.0.1 or later!

    You will need to show Hidden files first and then at the end clear the
    malware garbage from your System Restore backups after you've cleaned up.
    It's best to perform CWShredder (and most other malware fixers too) from
    Safe mode and then reboot. AFTER cleaning things up, then you can disable
    and then re-enable System Restore. See ******** below.

    The following links give instructions on how to do these various functions:


    HOW TO Restart in Safe Mode
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

    HOW TO Enable Hidden Files
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

    HOW TO Disable/Flush System Restore (do this at the end AFTER cleaning or
    use the suggested procedure for XP at the ******'s)
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039
    (WinXP)
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239
    (WinME)



    Then download and run:
    http://www.kellys-korner-xp.com/regs_edits/iegentabs.reg to restore your
    tabs and remove any restrictions that the parasite has put in place.

    Now download and run:
    http://www.kellys-korner-xp.com/regs_edits/RestoreSearch2.REG to restore
    your search functions if they've been affected (as they probably will have
    been).


    Be sure that you also download and install hotfix Q816093, here:

    http://support.microsoft.com/?kbid=816093

    which blocks the exploit upon which this parasite family depends.


    If they don't fix it then start here:

    Download HijackThis, free, here:
    http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
    fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
    You may also get it here if that link is blocked:
    http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

    There's a good "How-to-Use" tutorial here:
    http://computercops.biz/HijackThis.html

    In Windows Explorer, click on Tools|Folder Options|View and check "Show
    hidden files and folders" and uncheck "Hide protected operating system
    files". (You may want to restore these when you're all finished with
    HijackThis.)

    Place HijackThis.exe or unzip HijackThis.zip into its own dedicated folder
    at the root level such as C:\HijackThis (NOT in a Temp folder or on your
    Desktop), reboot to Safe mode, start HT then press Scan. Click on SaveLog
    when it's finished which will create hijackthis.log. Now click the Config
    button, then Misc Tools and click on Generate StartupList.log which will
    create Startuplist.txt


    Then go to one of the following forums:

    Spyware and Hijackware Removal Support, here:
    http://216.180.233.162/~swicom/forums/

    or Net-Integration here:
    http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

    or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

    Sign in, then copy and paste both files into a message asking for
    assistance, Someone will answer with detailed instructions for the removal
    of your parasite(s).


    *******
    ONLY IF you've successfully eliminated the malware, you can now make a new,
    clean Restore Point and delete any previously saved (possibly infected)
    ones. The following suggested approach is courtesy of Gary Woodruff: For XP
    you can run a Disk Cleanup cycle and then look in the More Options tab. The
    System Restore option removes all but the latest Restore Point. If there
    hasn't been one made since the system was cleaned you should manually create
    one before dumping the old possibly infected ones.
    *******


    Once you get this cleaned up, you might want to consider installing Eric
    Howes' IESpyAds, SpywareBlaster and SpywareGuard here to help prevent this
    kind of thing from happening in the future:

    IESpyads - https://netfiles.uiuc.edu/ehowes/www/resource.htm "IE-SPYAD adds
    a long list of sites and domains associated with known advertisers,
    marketers, and crapware pushers to the Restricted sites zone of Internet
    Explorer. Once you merge this list of sites and domains into the Registry,
    the web sites for these companies will not be able to use cookies, ActiveX
    controls, Java applets, or scripting to compromise your privacy or your PC
    while you surf the Net. Nor will they be able to use your browser to push
    unwanted pop-ups, cookies, or auto-installing programs on your PC." Read
    carefully.

    http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
    X installs) (BTW, SpyWareBlaster is not memory resident ... no CPU or memory
    load - but keep it UPDATED) The latest version as of this writing will
    prevent installation or prevent the malware from running if it is already
    installed, and it provides information and fixit-links for a variety of
    parasites.

    http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
    install malware) Keep it UPDATED. All three Very Highly Recommended

    Next, install and keep updated a good HOSTS file. It can help you avoid
    most adware/malware. See here: http://www.mvps.org/winhelp2002/hosts.htm
    (Be sure it's named/renamed HOSTS - all caps, no extension) Additional
    tutorials here:
    http://www.bleepingcomputer.com/forums/index.php?s=14f3f9225081133297a8acdd11137c5b&showtutorial=51
    (detailed) and here: http://www.spywarewarrior.com/viewtopic.php?t=410
    (overview)


    Finally, go to Windows Update and ensure that ALL Critical updates are
    installed.




    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In news:,
    Alasdair Baxter <> typed:
    > On Wed, 22 Sep 2004 18:07:43 -0700, "Jim Byrd"
    > <> wrote:
    >
    >> Hi Alasdair - I was going to chime in with one of my 16KB "standard"
    >> posts about eliminating these particular CWS parasites (that's about
    >> how much info it takes) until I saw that Roger had already pointed
    >> you to all the information you need. Now I don't think I'll bother
    >> unless you can tell me that I've misunderstood something. You did
    >> come here asking for assistance, didn't you, about something you
    >> didn't know how to fix? And then told the more knowledgable person
    >> who answered you correctly to f**k off? Is that about right?

    >
    > I did come asking for assistance and I asked very politely. I did not
    > write or post the second posting under my name at 18:02. This was
    > done by someone writing under my name who, presumably, saw it as a bit
    > of a laugh to cause me grief. In case I had taken some sudden mental
    > ilness, I checked my Outbox on Forte Agent and that posting does not
    > appear. It was not posted by me.
    >
    > The only thing I may have done wrong is to post 2 separate threads in
    > short order one after the other. When I posted the first one, I
    > didn't know the name of the "virus" and I posted the second thread
    > when I found that out.
    >
    > I thought that Home Search Assistant was a form of virus which would
    > have been dealt with by Norton, Panda and the other big anti-virus
    > software houses but it appears not. The only people who seem to be
    > interested are short-media. I followed their manual to the letter as
    > far as I could but it seems to have been written for Windows 98 or ME
    > as my Windows 2000 doesn't have a folder c://windows.
     
    Jim Byrd, Sep 23, 2004
    #11
  12. Re: WARNING Long Reply - Re: Home Search Assistant

    On Thu, 23 Sep 2004 08:57:48 -0700, "Jim Byrd"
    <> wrote:

    >HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    >NT\CurrentVersion\Windows\AppInit_DLLs


    I'm afraid that key doesn't appear on my computer running Win 2K

    --

    Alasdair Baxter, Nottingham, UK.Tel +44 115 9705100; Fax +44 115 9423263

    "It's not what you say that matters but how you say it.
    It's not what you do that matters but how you do it"
     
    Alasdair Baxter, Sep 30, 2004
    #12
  13. Alasdair Baxter

    samuel Guest

    Alasdair Baxter <> wrote in
    news::

    > On Thu, 23 Sep 2004 08:57:48 -0700, "Jim Byrd"
    > <> wrote:
    >
    >>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    >>NT\CurrentVersion\Windows\AppInit_DLLs

    >
    > I'm afraid that key doesn't appear on my computer running Win 2K


    Your shorter link is: http://makeashorterlink.com/?Q50F63A69
     
    samuel, Sep 30, 2004
    #13
  14. Alasdair Baxter

    Jim Byrd Guest

    Re: WARNING Long Reply - Re: Home Search Assistant

    Alasdair, check it again - I suspect that it wrapped. Note that it's
    \WindowsNT\ and \CurrentVersion\ (all together). That key is
    certainly on my Win2kPro machine.

    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In news:,
    Alasdair Baxter <> typed:
    > On Thu, 23 Sep 2004 08:57:48 -0700, "Jim Byrd"
    > <> wrote:
    >
    >> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    >> NT\CurrentVersion\Windows\AppInit_DLLs

    >
    > I'm afraid that key doesn't appear on my computer running Win 2K
     
    Jim Byrd, Oct 1, 2004
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Pool Champ

    taskbar toolbars 'Search Assistant'

    Pool Champ, Jun 2, 2004, in forum: Computer Support
    Replies:
    10
    Views:
    1,893
  2. Douglas

    180 Search Assistant

    Douglas, Oct 5, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    399
    Biffo
    Oct 5, 2004
  3. Buffy

    Removing home search assistant

    Buffy, Dec 21, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    482
  4. merdy

    180 search assistant BAD NEWS

    merdy, Dec 27, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    468
    merdy
    Dec 27, 2004
  5. Buffy

    Removing Home Search Assistant

    Buffy, Feb 24, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    424
    °Mike°
    Feb 24, 2005
Loading...

Share This Page