InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Need Help Removing SearchMiracle and Elite Toolbar? |
|
Answer» Hi, I did a search and did not find anything on this. I am having a very difficult time removing searchmiracle from a pc. I have tried using the following spyware removers to no avail. AdWare, Spysweeper, Microsoft's Spyware Cleaner/Remover & Hijack This. I have tried many suggestions on other forums to no avail. Any HELP is appreciated, I am a sys analyst so get as technical as you have to. I have already tried cleaning the registry and zero results, just can't remove this bug. BTW, all the spyware removers tell me they find it and delete it only to re-boot and find it again. Thank You in advance for any suggestions.Heckler......How about running hijackthis and posting the log file for us to look at ......I've been doing a bit of looking and it appears that it's the best tool to use to clean it up . Have you run CW Shedder , it will identify and temporarily reset your home page. dl65 Heckler.....I neglected to ask what o/s is on the infected PC? If you open your browser and go up to the "view" button and select toolbars .....does the elite toolbar show up there .......and if you go into control panel ......add/remove programs .........does Elite toolbar show up in there......if it does remove it .......but whats really required is the hijackthis log . dl65 Thanks for the quick response. It is running win2k SP4 I just re-booted the pc after running AD-Ware complete scan and so far no pop ups...not sure if this may have gotten it. Let me know what you think. Here is the log file... Logfile of HijackThis v1.99.0 Scan saved at 1:18:52 PM, on 1/8/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\SYMANTEC Shared\ccEvtMgr.exe C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINNT\Explorer.EXE C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINNT\system32\ctfmon.exe C:\Palm\HOTSYNC.EXE C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [kalvsys] C:\winnt\system32\kalvrgf32.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sdccc.org O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sdccc.org O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sdccc.org O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Thanks run spysweeper and disconnect from the net when sweeping?also this may help in the future>>http://www.wilderssecurity.net/bhblaster.html or dump ie6 and use EITHER firefix or avant browsers?Heckler.....Ok .......Heres what I see ...... Have hijackthis remove ............. R3 - Default URLSearchHook is missing Do you recognise this one ...... O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb028 I dont recognise it ....I would consider removing it ........ All other entries look ok ... Be sure to empty all the temp folders as well . Reboot the pc and then see if things look ok . I think I would also do a search in registry for Elite tool bar and miraclesearch just to be sure .. let us know how it goes . dl65 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe on the hi-jackthis click the info button.dl65-- Thanks for your help and input. I think that when I ran the complete scan with AdWare it finally removed searchmiracle. I did delete the entries that you suggested as a precaution. The O8 mywebsearch is spyware as well so it's gone! :-) I've installed Spyware Blaster to block any future junk from installing as well as Microsoft's spyware sw. I also inastalled Avant, I use it on m pc and WORKS great. Thanks to all for your response and assistance.Read more here>http://www.wilderssecurity.net/bhblaster.htmlmerlin_2 thanks for your response...reading it as we speak |
|