InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Need Help Removing SearchMiracle and Elite Toolbar? |
| Answer» <html><body><br/>Hi,<br/><br/>I did a search and did not find anything on this.<br/>I am having a very difficult time removing searchmiracle from a pc. I have tried using the following spyware removers to no avail. AdWare, Spysweeper, Microsoft's Spyware Cleaner/Remover & Hijack This. I have tried many suggestions on other forums to no avail. Any <a href="https://interviewquestions.tuteehub.com/tag/help-239643" style="font-weight:bold;" target="_blank" title="Click to know more about HELP">HELP</a> is appreciated, I am a sys analyst so get as technical as you have to. I have already tried cleaning the registry and zero results, just can't remove this bug. BTW, all the spyware removers tell me they find it and delete it only to re-boot and find it again. Thank You in advance for any suggestions.Heckler......How about running hijackthis and posting the log file for us to look at ......I've been doing a bit of looking and it appears that it's the best tool to use to clean it up . Have you run CW Shedder , it will identify and temporarily reset your home page.<br/><br/>dl65 Heckler.....I neglected to ask what o/s is on the infected PC? <br/>If you open your browser and go up to the "view" button and select toolbars .....does the elite toolbar show up there .......and if you go into control panel ......add/remove programs .........does Elite toolbar show up in there......if it does remove it .......but whats really required is the hijackthis log .<br/><br/>dl65 Thanks for the quick response.<br/>It is running win2k SP4<br/>I just re-booted the pc after running AD-Ware complete scan and so far no pop ups...not sure if this may have gotten it. Let me know what you think.<br/><br/>Here is the log file...<br/><br/>Logfile of HijackThis v1.99.0<br/>Scan saved at 1:18:52 PM, on 1/8/2005<br/>Platform: Windows 2000 SP4 (WinNT 5.00.2195)<br/>MSIE: Internet Explorer v6.00 (6.00.2600.0000)<br/><br/>Running processes:<br/>C:\WINNT\System32\smss.exe<br/>C:\WINNT\system32\winlogon.exe<br/>C:\WINNT\system32\services.exe<br/>C:\WINNT\system32\lsass.exe<br/>C:\WINNT\system32\svchost.exe<br/>C:\WINNT\system32\spoolsv.exe<br/>C:\Program Files\Common Files\<a href="https://interviewquestions.tuteehub.com/tag/symantec-657944" style="font-weight:bold;" target="_blank" title="Click to know more about SYMANTEC">SYMANTEC</a> Shared\ccEvtMgr.exe<br/>C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE<br/>C:\WINNT\System32\svchost.exe<br/>C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe<br/>C:\Program Files\Norton AntiVirus\navapsvc.exe<br/>C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE<br/>C:\WINNT\system32\regsvc.exe<br/>C:\WINNT\system32\MSTask.exe<br/>C:\WINNT\System32\WBEM\WinMgmt.exe<br/>C:\WINNT\system32\svchost.exe<br/>C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe<br/>C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe<br/>C:\Program Files\Citrix\ICA Client\ssonsvr.exe<br/>C:\WINNT\Explorer.EXE<br/>C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE<br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe<br/>C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe<br/>C:\Program Files\Microsoft AntiSpyware\gcasServ.exe<br/>C:\WINNT\system32\ctfmon.exe<br/>C:\Palm\HOTSYNC.EXE<br/>C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe<br/>C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe<br/>C:\unzipped\hijackthis\HijackThis.exe<br/><br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <a href="https://www.msn.com">www.msn.com</a><br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="https://www.msn.com">www.msn.com</a><br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <a href="https://www.google.com">www.google.com</a><br/>R3 - Default URLSearchHook is missing<br/>O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE<br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"<br/>O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"<br/>O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE<br/>O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe<br/>O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon<br/>O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"<br/>O4 - HKLM\..\Run: [kalvsys] C:\winnt\system32\kalvrgf32.exe<br/>O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe<br/>O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE<br/>O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present<br/>O8 - Extra context menu item: &Search - <a href="http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028">http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028</a><br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000<br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll<br/>O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - <a href="http://download.richfx.com/player/mediaversion/005/latest/twophase.cab">http://download.richfx.com/player/mediaversion/005/latest/twophase.cab</a><br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sdccc.org<br/>O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sdccc.org<br/>O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sdccc.org<br/>O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe<br/>O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe<br/>O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe<br/>O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe<br/>O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE<br/>O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe<br/>O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe<br/><br/>Thanks run spysweeper and disconnect from the net when sweeping?also this may help in the future>><a href="http://www.wilderssecurity.net/bhblaster.html">http://www.wilderssecurity.net/bhblaster.html</a><br/><br/>or dump ie6 and use <a href="https://interviewquestions.tuteehub.com/tag/either-967193" style="font-weight:bold;" target="_blank" title="Click to know more about EITHER">EITHER</a> firefix or avant browsers?Heckler.....Ok .......Heres what I see ......<br/><br/>Have hijackthis remove .............<br/>R3 - Default URLSearchHook is missing <br/><br/>Do you recognise this one ......<br/>O8 - Extra context menu item: &Search - <a href="http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028">http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028</a> I dont recognise it ....I would consider removing it ........<br/><br/>All other entries look ok ...<br/>Be sure to empty all the temp folders as well .<br/><br/>Reboot the pc and then see if things look ok .<br/>I think I would also do a search in registry for Elite tool bar and miraclesearch just to be sure ..<br/><br/>let us know how it goes .<br/><br/>dl65 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="https://www.google.co.uk/">http://www.google.co.uk/</a><br/>O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun<br/>O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe<br/>O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s<br/>O4 - HKLM\..\Run: [SystemTray] SysTray.Exe<br/>O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme<br/>O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min<br/>O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui<br/>O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme<br/>O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe<br/>O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe<br/>O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe<br/>O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE<br/>O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S<br/>O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe<br/><br/>on the hi-jackthis click the info button.dl65--<br/><br/>Thanks for your help and input. I think that when I ran the complete scan with AdWare it finally removed searchmiracle. I did delete the entries that you suggested as a precaution. The O8 mywebsearch is spyware as well so it's gone! :-) <br/><br/>I've installed Spyware Blaster to block any future junk from installing as well as Microsoft's spyware sw. I also inastalled Avant, I use it on m pc and <a href="https://interviewquestions.tuteehub.com/tag/works-17618" style="font-weight:bold;" target="_blank" title="Click to know more about WORKS">WORKS</a> great.<br/><br/>Thanks to all for your response and assistance.Read more here><a href="http://www.wilderssecurity.net/bhblaster.html">http://www.wilderssecurity.net/bhblaster.html</a>merlin_2<br/>thanks for your response...reading it as we speak</body></html> | |