on-search.com

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by jc1056, Aug 27, 2004.

  1. jc1056

    jc1056 Private E-2

    Has anyone come across this hijacker? I had about:blank and when I got rid of it; this little gem popped up. I have gotten everything else off, but this one just keeps replicating itself. I purge the registries, clean the system.ini, lock the default page setting and within three or four restarts it's back. I used Hijack This, S&D and Adaware, still got it. I have checked with every virus encyclopedia sites I know of and they seem to know nothing about it. I can tell you it is owned by a P.O. box I believe is in Europe. Can anyone help?
     
    jc1056, Aug 27, 2004
    #1
  2. Balbanebeoulve

    Balbanebeoulve Bal. Balba. Babalabawhosemawhutsie

    This is just a guess, but have you tried disabling system restore? Lots of viruses come back using that. Also, I suggest booting in safe mode and getting rid of everything from there.

    By the way, I'm sure the name isn't on-search.com, since there's no record of it on google... ever.
     
    Balbanebeoulve, Aug 27, 2004
    #2
  3. kolborg

    kolborg Private E-2

    Yeah, try doing what balbs said, it worked for me y'know.
     
    kolborg, Aug 27, 2004
    #3
  4. jc1056

    jc1056 Private E-2

    Yeah I turned off system restore and did it in safe mode. All I can think is I have not found all the SID entries it might be under. Below is the who is info that comes up for it.

    Domain Name: ON-SEARCH.COM

    Registrant:
    Searchportal
    Conyc (trasin@hotmail.com)
    P.O.Box 444
    Love
    null,45888
    UA
    Tel. +380.444444444

    Creation Date: 04-Aug-2004
    Expiration Date: 04-Aug-2005

    Domain servers in listed order:
    ns1.searchportal.info
    ns2.searchportal.info


    Administrative Contact:
    Searchportal
    Conyc (trasin@hotmail.com)
    P.O.Box 444
    Love
    null,45888
    UA
    Tel. +380.444444444

    Technical Contact:
    Searchportal
    Conyc (trasin@hotmail.com)
    P.O.Box 444
    Love
    null,45888
    UA
    Tel. +380.444444444

    Billing Contact:
    Searchportal
    Conyc (trasin@hotmail.com)
    P.O.Box 444
    Love
    null,45888
    UA
    Tel. +380.444444444

    Status:ACTIVE
     
    jc1056, Aug 30, 2004
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I know you believe you have run some (but not ALL) of what I'm giving you below but do it again and verify as stated below that you have the same versions we are recommending.

    Please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal >

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    If still having a problem after that, you can post your HijackThis log as an attachment. But, please read the info on posting HJT logs below first.

    NOTE: You should read the tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File > Do not post a HijackThis log until we ask you to and when we do it must be text document attachment to your message.

    Update! Due to Hijack This logs destroying search engine and web site searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your log file, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!

    Do NOT run Hijack This from the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Aug 30, 2004
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds