Kolmic web site Hijaking my default Search

Hi All,

need help with Kolmic its a web site that is hijacking my default search engine.

If i enter an unknown URL in both IE 6 and Firefox it puts http:// in front of it and gose to a web site called Kolmic, not Kolmic.com search engine.

when I try to change the default search engine in IE I get a runtime error.
I go to search > Custom

and get the following error:
------------------------------------------------------
An error has occurred in the script on this page
line: 125
Char: 5
Error: Permeations denied
code: 0
URL: http://ie.search.msn.com/en-us/srchasst.htm

do you want to continue running this script [yes] [no]
--------------------------------------------------------
I select yes and get the following:
-------------------------------------------------------

An error has occurred in the script on this page
line: 4
Char: 1
Error: Object dose not support this property or method
code: 0
URL: http://ie.search.msn.com/en-us/srchasst/srchcust.htm

do you want to continue running this script [yes] [no]

----------------------------------------
again select yes and it closes the window. So I cant change the default search engine.

I have gone through the sections READ & RUN ME FIRST. Malware Removal Guide.

I have attached all the files created.

 

2 more reports

I would realy appreciate help on this one as I have been unable to find a selution on the web anyware and its realy getting up my nose now.

Any help or sujestions would be welcome.

By the way I have tried to convert to IE7 and still get the same error

 

Welcome to MG's!

I need a few more logs if possible. Also, as a reference I will post our initial instructions.

 

For now here are the active scan, Hijakthis and Bit defender logs I will add the others when I can access the the others when I get home later.

Edit by bjgarrick: Inline logs attached!

 

Edit by bjgarrick: Inline log attached!

 

From now on please ATTACH all requested logs.

Also, we need to rename HijackThis to "analyzethis.exe"

Once you have completed this post, attach fresh logs from the below.

• GetRunKey
• ShowNew
• HijackThis

 

Hi bjgarrick

I have renamed the Hijackthis.exe to analyzethis and rerun the reports.

By the way thanks for the help.

 

Before we continue you must set the startup to normal in MSCONFIG.

To do so, click Start > Run > type msconfig and press ENTER.

Once in here, click the box next to Normal Startup and click ok and reboot. Once you have rebooted attach fresh logs from GetRunKey & HijackThis.

 

Hi

Set msconfig to Normal Start up and here are the rerun reports.

 

First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed.

Step 2:
Please make sure the Viewing of Hidden Files & Folders is enabled per the READ ME.

Now, please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.

After killing all the above processes, click Back.

Step 3:
Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

Step 4:
Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Step 5:
Next Reset Web Settings & Default Security Settings

Note for IE 6 users:
To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites. For IE 7 users, simply click the "Reset all zones to default level" button.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.


Step 6:
Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Step 7:
Finally, I would like you to install the current version of Sun Java: Sun Java Runtime Environment

Step 8:
After you have completed ALL of the above in the correct order, please attach the following logs.

• HijackThis Log
• ShowNew Log
• GetRunKey Log

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.