realsearcher virus

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by jdg007, Sep 30, 2004.

  1. jdg007

    jdg007 Private E-2

    Can anyone help. I have the Realsearcher virus: http://realsearcher.com/?aid=533

    I ran the hijack this program, but don't know what to get rid of.

    please help.
     
    jdg007, Sep 30, 2004
    #1
  2. Quinndrew5

    Quinndrew5 Corporal

    Quinndrew5, Sep 30, 2004
    #2
  3. jdg007

    jdg007 Private E-2

    I have tried all of the basics. I used CWschredder, and spybot also. I still can't get rid of the redirect. I would like to post my log file from Hijack this. Where should I post it? I need help as to which files to delete.

    Thanks,
     
    jdg007, Oct 1, 2004
    #3
  4. jdg007

    jdg007 Private E-2

    I have also used all of the tools on the majorgeeks site, and can't seem to get rid of it. Can I post my Hijack this log and have someone tell me what needs to be deleted?

    thanks
     
    jdg007, Oct 1, 2004
    #4
  5. Kodo

    Kodo SNATCHSQUATCH

    attach your log to a post.
     
    Kodo, Oct 1, 2004
    #5
  6. jdg007

    jdg007 Private E-2

    Log Below
     

    Attached Files:

    • hjt.txt
      File size:
      7.7 KB
      Views:
      1
    Last edited by a moderator: Oct 1, 2004
    jdg007, Oct 1, 2004
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No you did not! I see no signs of the online scans being run. Go back and run ALL of READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    But I'll move you along anyway.

    Uninstall WEB_REBATES from Add/Remove programs if found.

    Are these your expect pages? I would not think so. If not, have HJT fix them.
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-abc
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=n-abc
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s-redirect.com/?b=n-abc
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-abc
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=n-abc
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-abc
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-abc
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-abc
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-abc

    Also have HJT fix the following lines:
    O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=0409 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=0409 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=0409 (file missing)
    O9 - Extra button: MindSpring - {C1E064E0-EDD2-11D3-A1EF-E2FD460B952C} - c:\Program Files\MindSpring 4.0\MID4.EXE (file missing) (HKCU)

    These three lines do not seem valid. Do you know what they are? If not, use Task Manager to end the processes and then locate the files and rename them rather then deleting for now (to make sure we don't delete something needed).
    O4 - HKCU\..\Run: [ORS-SYPE] C:\WINDOWS\ORS-SYPE.EXE <--- rename to ORS-SYPE.bad
    O4 - HKCU\..\Run: [MSNTHH64PE] C:\WINDOWS\MSNTHH64PE.EXE <--- rename to MSNTHH64PE.bad
    O4 - HKCU\..\Run: [MSSY32HH] C:\WINDOWS\MSSY32HH.EXE <--- rename to MSSY32HH.bad
     
    chaslang, Oct 2, 2004
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds