been hijacked.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ejlog, Aug 30, 2004.

  1. ejlog

    ejlog Private E-2

    I've taken your advice on necessary downloads to try and get rid of the CoolWebSearch, and other spyware. I just downloaded the SP2 for windows xp and have an array of spyware programs now. Here is my most recent hijack this log:
    [Log Removed -Kodo]

    there are a few that seem questionable, but I need expert advise on what to do. thanks.
     
    Last edited by a moderator: Aug 30, 2004
    ejlog, Aug 30, 2004
    #1
  2. Kodo

    Kodo SNATCHSQUATCH

    Kodo, Aug 30, 2004
    #2
  3. ejlog

    ejlog Private E-2

    search extender / shopping wizard

    I can't remove these programs from "add/remove". these are spyware right? any advise on how to get rid of these pests? below is my hijack this log:

    [Log Removed.. again.. -Kodo]

     
    ejlog, Aug 30, 2004
    #3
  4. Kodo

    Kodo SNATCHSQUATCH

    Re: search extender / shopping wizard

    Notes! Due to Hijack This logs destroying search engine and website searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your logfile, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, email, items in the tray, anything you can close... Close before running Hijack This!

    Do not to install Hijack This to the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT
    http://forums.majorgeeks.com/showthread.php?t=38752


    please post your log as a file- Thank you.
     
    Kodo, Aug 30, 2004
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: search extender / shopping wizard

    ejlog,

    You must follow through all the steps in the first link Kodo gave to you: READ ME FIRST: Basic Spyware Removal & Hijack This Tutorial. Important!

    In addition to all the items in there that you must run, there are also references to HSremove and about:Blank when referring to HomeSearchAssistant (HSA) aka "Only the Best" hijacks. You should be running all of these steps and providing us with results from running them. We will tell you when to post a HijackThis log if it becomes necessary. If those steps due not resolve your problem and you really do have an HSA hijack, the next step would be the below link:

    When all else fails - try Generic Solution to HSA (Only the Best) hijack

    We can and will help you resolve this problem. You just need to follow the Forum guidelines!
     
    chaslang, Aug 30, 2004
    #5
  6. ejlog

    ejlog Private E-2

    I followed all of the steps. Here are some issues I encountered:

    Getting prepared:
    step 3. When I right clicked on the Network Security Service, I got the following msg. "Configuration Manager: A required entry in the registry is missing or an attempt to write to the registry failed."

    Time to start cleaning:
    step2: Adware found 2 Coolwebsearch Reg. Keys after multiple times of searching and removing. It Adware will not remove them.

    Spybot will not remove 4 Entries - DSO Expoits. Tried over and over to remove. Keep showing up.

    Step3: CWShredder does not scan. An error msg. it shows is that Hosts File not present. I tried saving it and running it a few times to no avail, then tried opening it and running it without saving first, again without success.

    About:Buster did not work correctly. The msg. stated the database is either corrupt or missing and to try downloading again.

    I have not tried step 4 yet, I wanted to hear from you about this information first. looking forward to hearing back.
     
    ejlog, Aug 30, 2004
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you already install WinXP SP2?

    Did you actually find a service the exactly said Network Security Service?
    If so, when you clicked okay on the error message, did a Properties window come up?
    If so, what did the "Path to executable" box have in it?

    Were you in safe mode when you ran Ad-aware SE?
    Ignore the Spybot DSO Exploit messages. It is a well known bug.

    What version of CWShredder do you have?
    Did you click Fix or Scan?

    You made the following statement,
    "I tried saving it and running it a few times to no avail, then tried opening it and running it without saving first, again without success."

    I have no idea what you are saying. All you have to do is run CWShredder and click Fix. Please clarify. What do you mean "running it without saving first"? The CWShredder download from Majorgeeks is a ZIP file. You need to download it to your computer, extract it from the ZIP file, and then run it.

    Where did you download about:Buster from?
    What version do you have?
    Did you get that message as soon as you ran it?
    Or during the scan?
    Or did you click update and get the message?
     
    Last edited: Aug 30, 2004
    chaslang, Aug 30, 2004
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds