cannot delete SEARCH NOw

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Joe L, Mar 20, 2005.

  1. Joe L

    Joe L Private E-2

    upon starting IR 6.0 I found an unsolicited search bar and several new unwanted, non deletable folders in my favorites. itried all deletion processes in post 35407, including adaware se, adaware vx2, ccleaner, spybot with dso exploit, spyblaster,mcaffee avert stinger,sw shredder, kill2 me,about;busrer, hs remove. and norton av security check and Trens Micro Virus scan. Eberytime I launch IE these the search bar apperas and redirects all searches. The proble DOES NOT OCCUR in FIREFOX, onlr Internet Explorer. i am at wits end and need help deleting thin problem. I cleaned all temp files, all histoyies amd windows prefrtch files.
    I can sent log from Hijack this if needed.
    The properties show "search Now"
    http;//look-today.compassthrough/newpass2.htm
    HELP.
    thanks
    Joe
     
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs. TIP: Create a folder on your C:\ drive for the tools/utilities you will need to use. For example: Navigate to your Program Files directory, right click on a blank spot in the window > choose New > Folder. Name this folder Spyware Tools. Now you can save the needed tools to this folder and if you prefer, create sub-folders named for each individual utility.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    After doing ALL of the above if you still have a problem:

    Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an ATTACHMENT.
    All instructions are covered in the sticky thread
    NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting


    Now post a Hijack This log as an ATTACHMENT to your message (Do NOT copy/paste the log into your post). Please close unnecessary running programs before you run HijackThis. You must close each of the following: your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc.

    DO NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
  3. Joe L

    Joe L Private E-2

    As requested here is my log.....
    Note, I have performed all requested steps prior to this post
     

    Attached Files:

  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First:
    There are no signs of you running the online scans, is there a reason why?

    Second:

    Please close ALL browsers and unnecessary programs while running HJT.

    C:\Program Files\Internet Explorer\iexplore.exe

    After doing ALL of the steps in the sticky post a new HJT log. If you have any problems doing the online scans please let me know!
     
  5. Joe L

    Joe L Private E-2

    As your directions, I downloaded all the scans to a new folder, ran current updates, ran the scans in safe mode. I did not print out a list of detected and fixed problems for each scan, nevertheless the problem still exists.
    Any suggestions or should I start al over? Like ststed earlier, the only program affected is Internet Explorer 6.0. I have XP with SP 2. Should I remove IE?
     
  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Again, I will say..download Hijack This 1.99.1 and attach a current log.
     
  7. Joe L

    Joe L Private E-2

    At 6:45 pm deleted previous versions of Download This, downloaded it again from your web site, closed all browsers, closed emails, closed whatever I did not need, shut off modem, and ran hijackthis. Attached is the file.
    many thanks for your help
     

    Attached Files:

  8. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Are you familiar with Discover Deskshop?


    First:
    Please close ALL browsers and any programs running while using HJT.
    • C:\Program Files\Internet Explorer\iexplore.exe

    Second:

    Please print out these instructions so that you can operate with All Browser Windows CLOSED.

    Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.



    Now, look in Task Manager (Ctrl-Alt-Del) for the following running process and, if you see it, try to END it:

    services.exe


    Now scan with HijackThis and Check the Boxes for the following:

    Make sure All Browser Windows are Closed when you Click FIX.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

    O4 - HKLM\..\Run: [Windows XP] C:\WINDOWS\microsoft\services\services.exe
    O4 - HKLM\..\Run: [BoreHideBarbCreative] C:\Documents and Settings\All Users\Application Data\option bat bore hide\jump chin.exe
    O4 - HKCU\..\Run: [Dvd Dash] C:\DOCUME~1\JOSEPH~1\APPLIC~1\SUPPOR~1\drvwarnhide.exe

    O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
    O9 - Extra button: Support - {AE5B161A-6967-4223-94AE-1C6841359A4D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)

    Again, make sure All Browser Windows are Closed when you Click FIX.

    NOW:
    Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

    C:\WINDOWS\microsoft\services\services.exe

    C:\WINDOWS\about.htm

    C:\Documents and Settings\All Users\Application Data\option bat bore hide\jump chin.exe

    drvwarnhide.exe ←–– Search for this file and delete when found!


    NEXT:
    Run CCleaner and Spybot S&D and have Spybot fix what it finds.
    Note: Dont forget to update Spybot S&D by selecting "Search For Updates"


    Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin


    And Click OK.


    Reboot to Normal Windows , Scan with HijackThis and attach the new log.
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

    Good Luck!:)
     
  9. Slipstream

    Slipstream Private E-2

    EDIT: PP

    Please do not offer copies of copyrighted material and keygens in this forum.

    Thank You! :)
     
    Last edited by a moderator: Mar 21, 2005
  10. Joe L

    Joe L Private E-2

    bjgarrick,
    I am very familiar with DISCOVER DESKTOP and had it installed for some time now. However,....... thank you, thank you, thank you. I followed your most current directions and the problem is solved. No more unwanted toolbar in IE.
    Your patience and understanding are greatly appreciated.
    What may I do to offer my gratitude?
    Again,
    THANK YOU VERY MUCH,
    Joe
     
  11. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Post me one last HJT log to confirm your clean!
     
  12. Mo0nRaY

    Mo0nRaY Private E-2

    Ive done exactly as you've shown above, but still no result. I couldnt fine the windows\ms\services\services.exe file, but i found one in system32 which could not be deleted. im getting more and more desperate here :-/ I couldnt fine the drvwarnhide either. nor the jump chin.exe

    Still i did the cleanmgr and stuff..
    plz help me , if u want, i can post my hjt file..
     
  13. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Please note that the file C:\WINDOWS\System32\services.exe is a legitimate file and a critical windows file.

    Yes, please attach me a current HJT log from normal mode.

    Are you the same as user Joe L? *kinda got confused when I noticed this*
     
  14. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Mo0nRaY,

    You had me confused for a minute there. Please stay in your thread listed below. Do not post anywhere else but in your thread so we can avoid this confusion again. Follow the steps in the sticky I mentioned and then post a HJT log if your still having problems.

    http://forums.majorgeeks.com/showthread.php?t=58416
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds