search engines results hijacked.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Amprage, Feb 10, 2005.

  1. Amprage

    Amprage Private E-2

    Hi, I have a problem with my search engines, wether it be google or yahoo etc.. the same first page keeps coming up with the same types of results. stuff like redzip, sirsearch, acoona... i've seen a few posts here from ppl with the same problem, and i dont seem to have any of the files involved that they had. I've done all the rewuested procedures in the sticky threads, but it's still there. Any help would be aprreciated.

    Thanks.
     
  2. PhilliePhan

    PhilliePhan Guest

    Hi Amprage,

    If you are certain that you've exhausted the options in the Cleanup Tutorial ( including the Online Scans), then go ahead and send us a HijackThis Log. Make sure to follow the instructions below:

    Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
    If you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

    Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

    Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

    I’ve been tied up with work these days, but somebody will try to take a look at your log when they get a chance.

    PP :)
     
  3. Amprage

    Amprage Private E-2

    Thanks for the quick response PhilliePhan. Here's my HJT log
     

    Attached Files:

  4. PhilliePhan

    PhilliePhan Guest

    Hi Amprage,

    I don't see too much in your HJT Log. You should probably look in Documents and Settings for this Monkis folder and see what it is - Looks kinda hinky to me!

    C:\DOCUME~1\Monkis\APPLIC~1\oulhshcblst.


    Please print out these instructions so that you can operate with All Browser Windows CLOSED.
    Please make sure the Viewing of Hidden Files is Enabled as per the tutorial.

    Now scan with HijackThis and Check the Boxes for the following:
    O2 - BHO: wuexklnvjvqgptskigcs - {1b177aec-e9bb-400e-8fca-dfbc4eda70c8} - C:\DOCUME~1\Monkis\APPLIC~1\oulhshcblst.dll (file missing)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINNT\system32\DSMANA~1.DLL

    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21756d70c9cf9fce6701/netzip/RdxIE601.cab
    Again, make sure All Browser Windows are Closed when you Click FIX.

    NOW:
    Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if it should remain:

    C:\WINNT\system32\DSMANA~1.DLL

    NEXT:
    Run CCleaner and Spybot S&D and have Spybot fix what it finds.

    Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin


    And Click OK.

    Reboot to Normal Windows and Scan with HijackThis and attach that log.
    Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

    Best luck :)
    PP
     
  5. Amprage

    Amprage Private E-2

    Everything seems to be working fine, searches now come up with the normal page that should be there. I appreciate the help. I had no problems following the instructions you provided. Here's my new HJT log file if you are intersted.

    Thanks again.
    Amp
     

    Attached Files:

  6. PhilliePhan

    PhilliePhan Guest

    Happy to help :)

    You can fix this with HJT if you desire:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    Also, check out Spyware Doctor to make sure it is OK since we fixed this line with the missing file:
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

    Also, have a peek at Chaslang's Suggestions!!

    Happy Computing!

    PP :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds