Ad-aware won't remove searchcentrix, control panel won't let me remove either

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Armywife1980, Jun 1, 2004.

  1. Armywife1980

    Armywife1980 Private E-2

    I have an E-Machines W1500 1600+AMD Anthion XP Processor, CD-RW 24x. Max. Write, 128 MB, 56K, 40GB hardrive (Okay, I copied that off of the front of the computer)

    Here is the deal:

    Not only can I not get SearchCentrix crap off of my computer, I am having all kinds of problems. I tried to go to search options on this website to see if my problem was listed in other threads, but keep getting error messages saying that IE cannot open the website, yet it will let me here. That happens a lot on different websites. I went to add/remove programs to get rid of the search centrix stuff, but when I hit remove, it tells me "Access denied". I run Ad-aware on my computer everyday but it hasn't helped my computer as far as I can tell. My computer locks up all the time, especially when downloading updates from Microsoft. I don't know anything about computers at all. Last night, I downloaded the Spyware Blaster but I don't know if that is something that you have to run like Ad-aware or if it does whatever it does by itself. Any help at all would be greatly appreciated and I hope that it accepts all this when I hit post thread and that I can get back in to see if anyone has any answers for me. Thank you all.
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  3. Armywife1980

    Armywife1980 Private E-2

    Okay, searchcentrix.com just tells you to remove it with control panel and the pest control tells you to do all this stuff and remove all this stuff from this and that, which I have NO IDEA what any of it means HA HA!!! Thanks for your help though.
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Basically they are telling you to use task manager to kill a few running processes and then they have you edit the registry to get rid of the stuff the program added. Here try this first. Download HiJaak This from here: http://www.majorgeeks.com/download3155.html It is in a ZIP file. Hopefully you know how to extract from a ZIP. What version of Windows are you running?

    Once you get HiJaak This extracted. Run it. Save the log which will open a notepad file with the log in it. Then you have to copy & paste this log into your next message. If you dont know how to copy and paste, see this: http://www.majorgeeks.com/vb/showthread.php?t=26020
     
  5. Armywife1980

    Armywife1980 Private E-2

    There was only one of the things in the list that matched to the task manager and I deleted it but the other stuff where it said to regedit or whatever it said, I have no idea what that is.

    And no, I do not know how to unzip files. What does that mean?
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I need to know you Windows OS. 95, 98, 98Se, 2K, XP Home, XP Pro?
     
  7. Armywife1980

    Armywife1980 Private E-2

    Sorry, i tried to edit my post and add that I had WIndows XP (I am assuming HOME because this is my private computer) but it wouldn't let me. Ok, here is my hijack thing:

    Logfile of HijackThis v1.97.7
    Scan saved at 12:46:10 AM, on 6/1/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\winppr32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\sllights.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\Cheryl\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
    C:\WINDOWS\System32\eventcls.exe
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc
    O4 - HKCU\..\Run: [eventcls] C:\WINDOWS\System32\eventcls.exe
    O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
    O4 - Startup: SongSpy.lnk = C:\Program Files\SongSpy\songspy.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v54/cubis/cubis.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2C5152-D2B3-4AE5-BC6F-F78A724478AF}: NameServer = 12.14.225.10 12.14.225.11
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0A2C5152-D2B3-4AE5-BC6F-F78A724478AF}: NameServer = 12.14.225.10 12.14.225.11
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0A2C5152-D2B3-4AE5-BC6F-F78A724478AF}: NameServer = 12.14.225.10 12.14.225.11
     
    Last edited: Jun 1, 2004
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    ZIP files are compressed files that can contain many files. It is pretty much an industy standard. See this link http://www.majorgeeks.com/download.php?det=525.

    As far as PestPatrol's site, they wanted you to perform four steps:
    1) shut down running processes with Task Manager
    2) Use "regsvr32 /u filenames" in a command prompt window to unregister a bunch of DLL files. Where I said filenames you would substitute the DLL names the gave you using the full system path to the files. For example where they said: systemroot+\gsim.dll , you would enter the full command as regsvr32 /u c:\windows\gsim.dll That is assuming c:\windows is you systemroot directory as it typically is.
    3) Edit the system registy using regedit to cleanup the stuff put in by SearchCentrix
    4) Remove the files that SearchCentrix was using

    There is more info on this here too: http://www.kephyr.com/spywarescanner/library/searchcentrix.webalize/index.phtml

    I know this may all be confusing to you, but taking it one step at a time we can fix it.

    An alternative would be to download PestPatrol from here: http://www.majorgeeks.com/download1187.html

    I'm not sure if the downloadable version (without buying it) will clean up the problem. It may be they only detect and you have to buy to clean. Give it a try.

    Also, it may be worth trying SpySweeper: http://www.majorgeeks.com/download3263.html
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    From your HiJaak This log I see the Win32.Sobig-F virus indicated by this line:

    O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc

    You do not seem to have a virus scanner program installed. You need to get one on you system an run a full scan. There are some freeware scanners on MG's. Most people like Avast: http://www.majorgeeks.com/download1968.html
     
  10. Armywife1980

    Armywife1980 Private E-2

    O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc

    Is this something I need to check on the HiJack and have it "fix" it? Or how does this work?
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    One more thing. If you don't want to go with the Avast method right now, download and run the McAfee Avert Stinger tool from here: http://www.majorgeeks.com/download4063.html

    I believe it will clean up this virus too.
    After fixing that, we can get back to the SearchCentrix issue.
     
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Oops! Forgot something. You are running WinXP. You will need to disable system restore before cleaning up this virus, otherwise you risk that it will come back. If you don''t know how to do that, see this: http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

    I gotta get to sleep now! 2:12 am where I'm at. Will continue later (much later) today.
     
  13. Armywife1980

    Armywife1980 Private E-2

    Okay, I ran the stinger thing and got rid of the virus that you saw. Thank you very much for your help and I will be back on tomorrow night to see if I have any new advice. THANK U THANK u
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's good. Can you make sure your Ad-aware is up to date and run a full scan and then also download and install and run SpyBot S&D from here: http://www.majorgeeks.com/download2471.html. Fix whatever they find.
     
  15. Armywife1980

    Armywife1980 Private E-2

    Okay, I have done everything that you have said except download the AVERT anti-virus. I will do that when I get time. My computer only connects at 42.6 Kpbs for some reason. Anyway, it's really slow now that I moved it. But already, just doing that things that you showed me, my computer goes to websites a little faster and I don't get as many pop-ups or error messages. Thank you for your help!!!
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sounds like we are making some progress Armywife, but are you still having SearchCentrix issues?
     
  17. Armywife1980

    Armywife1980 Private E-2

    Well, I don't see anything in the control panel anymore and I haven't had any problems. It's really cleared up a lot of evil stuff in my computer. I also put a password on my computer so my dumba$$ brother can't get on here to look up porn anymore. But, ha ha, I do have a new question. You game?



    Here goes: I downloaded CleanCache but when I go to run it, it I get an error message that states "the application failed to initialize properly". It said it might sometimes do this if you haven't got all of your updates from Windows. So, I went and got this HUGE update that took me like 4 hours to download. Anyway, it downloaded it and installed then got to a part that said that it was running processes and my computer locked up and I don't think it ever installed and that is why my CleanCache won't work. I have no idea. I am about to get out my CDs that came with this computer and start over again. HA HA I don't know if you can do that or not, but I would sure try if I didn't have so much stuff I need on my computer and not computer literite enough to save it all. Okay, done blabbing. :)
     
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It's a good idea to password protect your system anyway (even without your brother being a problem).

    I'm not familiar with CleanCache but I checkout the FAQ on their website and saw your error message. It occurs when Microsoft .NET Framework is not installed. I assume that is what you were trying to download. You should go here http://v4.windowsupdate.microsoft.com/en/default.asp to get your Microsoft updates. Just have it scan your PC. It will give you a list of suggested and critical updates. You can also get a list of what updates are already applied. Perhaps doing it from here would work better. I know you have slow connection but you need to stay current with updates. After that maybe CleanCache will install okay. By the way, I think Crap Cleaner may be better than CleanCache. Check it out here: http://www.majorgeeks.com/download4191.html
     
  19. Armywife1980

    Armywife1980 Private E-2

    Okay, I removed CleanCache and downloaded the one you listed. It removed over 53 MILLION bytes or whatever it was. That seems like a whole lot. Anyway, with the Microsoft updates. I had already went to the website, had it scan my computer, then when it told me what I needed, I downloaded it and it took like 4 hours to complete. Then it started to unstall the download, finished that, then said it was running something or the other and then my computer locked down and I had to shut it off so I don't know if it got complete installed or not.
     
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds