remnants of Looking-For.Home search assistant keep appearing

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by gtiffany, Dec 15, 2005.

  1. gtiffany

    gtiffany Private E-2

    I had a problem a month ago with Startpage virus and you guys helped me get rid of it. What I have now is a minor annoyance compared to that, but I need your help again.

    For the past couple of weeks, CounterSpy has regularly been identifying three registry keys as the Looking-For.Home Search Assistant browser hijacker. It quarantines them and allows me to remove them, but they keep reappearing. I've run HSRemove, Ewido Security Suite, etc, but the keys still keep reappearing. They are as follows:

    Registry Keys:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*000 6#*00B7*00BA*00C4*00D6`I\0000 Service
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*000 6#*00B7*00BA*00C4*00D6`I\0000 Class
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*000 6#*00B7*00BA*00C4*00D6`I\0000 ClassGUID

    Most recently, I've run CCleaner, gone into Safe Mode and run cwsserviceremove.reg, then rebooted, but CounterSpy still finds the same three registry entries. I can delete them and immediately rerun the scan ond they show up again. I'm at a loss as to how to get rid of this. I've attached a hijackthis log that I ran this afternoon. Can you help me please?

    Thanks.

    Gtiffany
     

    Attached Files:

    gtiffany, Dec 15, 2005
    #1
  2. gtiffany

    gtiffany Private E-2

    Sorry I took so long to reply. My daughter graduated from college today and we've been tied up with doing stuff for that.

    Yes, I've followed the steps outlined in the article you referenced. I even went back and re-did them just to be sure. I ran the online scanner at Bitdefender and it found nothing.I ran the online scan at Panda ActiveScan and it found nothing. I booted into Safe Mode and ran CCleaner, Ad-Aware (which found nothing), CounterSpy (which found the three registry keys mentioned before and quarentined and removed them), CWShredder (which found nothing) and Kill2Me (which found nothing).

    I then rebooted to Normal Mode and checked for bad services (there were none), then rah HSremove and About:Buster, saved the log, then botted to Safe Mode and re-ran About:Buster and saved the log, and rebooted to Normal Mode and ran HijackThis. The about:Buster logs and the HijackThis log are attached.

    I also re-ran a CounterSpy registry scan just before posting this and it again found and quarantined the three registry keys noted before.

    What should I do now?
     

    Attached Files:

    gtiffany, Dec 17, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds