searchweb2

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ktiz, Sep 28, 2004.

  1. ktiz

    ktiz Corporal

    How can I get ride of it... I have tried spybot, ad aware, cw shredder ect. Is there anything that will get ride of it forever.... Or is it possibly on the server?
     
    ktiz, Sep 28, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please start by following all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal >

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.
     
    chaslang, Sep 28, 2004
    #2
  3. ktiz

    ktiz Corporal

    I have done all of that... Sorry I didn't clarify, I have tried cleaning registries,and I am a little tentative with my HJT, but I have tried some... but it hasn't got it completely. After I deleted 2 HJT Files, my IE came up as about:Blank, I have tried about buster, any other suggestions... anything that could help. I do have before and after, HJT logs, Thanks
     
    ktiz, Sep 28, 2004
    #3
  4. Quinndrew5

    Quinndrew5 Corporal

    is it your homepage that isnt working correctly?
     
    Quinndrew5, Sep 28, 2004
    #4
  5. ktiz

    ktiz Corporal

    well what happens is, I can set my homepage to whatever i wish, but eventually it always changes back to searchweb2,com. it also opens up a search bar, tool bar, and another bar on the bottom.
     
    ktiz, Sep 28, 2004
    #5
  6. Quinndrew5

    Quinndrew5 Corporal

    Quinndrew5, Sep 28, 2004
    #6
  7. Quinndrew5

    Quinndrew5 Corporal

    sry bout that, i just realized you have already done that
     
    Quinndrew5, Sep 28, 2004
    #7
  8. Quinndrew5

    Quinndrew5 Corporal

    do you have hijack this download and unzipped to its own folder?
     
    Quinndrew5, Sep 28, 2004
    #8
  9. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Please post a Hijack This log file, attached.
     
    Major Attitude, Sep 28, 2004
    #9
  10. ktiz

    ktiz Corporal

    I think this might be old version of HJT, but I have new version now... but when I did my logs before, i didn't have it. If u want new HJT Log file with new version, I will post as well, please advise
     

    Attached Files:

    ktiz, Sep 28, 2004
    #10
  11. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Hijack This is current version. Log file isnt bad... First problem though, you have Messenger Plus installed, it is spyware, uninstall it.


    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crtcdtznyvypdlw.com/LzcE/B8z1hl3z1VkpH96c9jCnbyAgzFb_vMm5FFIfsWnBpQgsLeaXJbhO70lhk/B.htm
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
    C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart


    FYI, lot of things running that could free up resources and speed up your PC, try a startup utility like StartupCPL if you want to do that. Im guessing your pc is a slug with all that crap in startup.
     
    Major Attitude, Sep 28, 2004
    #11
  12. ktiz

    ktiz Corporal

    ok... I did that... let me restart and I will let u know
     
    ktiz, Sep 28, 2004
    #12
  13. ktiz

    ktiz Corporal

    Works. Perfect, Do u suggest anything that I should take out of processes when the comp starts up... Unfortunately this is a school computer, so must stuff on there, I have not installed, but I am will do change whatever
     
    ktiz, Sep 28, 2004
    #13
  14. ktiz

    ktiz Corporal

    can u also tell me, if I deleted the right files the first time, I just kinda assumed to delete the file I did just by looking at some HJT suggestions that u guys have made.
     
    ktiz, Sep 28, 2004
    #14
  15. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Thats correct. As for startup, theres a pile that should not need to be started up.

    C:\WINDOWS\System32\qttask.exe
    D:\Kazaa Lite K++\KazaaLite.kpp
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    Those are processes, look for their twins in the lower section of your logfile. Also, Steam can be removed, its a pig.
     
    Major Attitude, Sep 29, 2004
    #15
  16. ktiz

    ktiz Corporal

    Thanks Major. I wish I could post my HJT log from my other comp so u could help me out there, and make sure it is doing alright as well
     
    ktiz, Sep 29, 2004
    #16
  17. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Email it to yourself, then post it :) Either way, we will be here :)
     
    Major Attitude, Sep 29, 2004
    #17
  18. ktiz

    ktiz Corporal

    Thanks for having a look at it... it doesn't look to bad, but if u suggest and processes I should quit or any files I should delete let me know... thanks
     

    Attached Files:

    ktiz, Sep 29, 2004
    #18
  19. ktiz

    ktiz Corporal

    this thread has been dead for a while, I was just wondering if any experts in HJT could let me know if there is anything I should be deleting, or procresses or programs on startup. thanks
     
    ktiz, Sep 29, 2004
    #19
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Question: Is Steam a game?
    E:\Steam\steam.exe

    Personally, It is a bad idea to have anything related to Kazaa on your system. In fact my guess that some of the crap you have down below (some of which are BargainBuddy) came from Kazaa.
    C:\Program Files\Kazaa Lite K++\KazaaLite.kpp

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: (no name) - {DFEF0CEB-02F2-2F26-69AC-40DDAB4598A9} - (no file)
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: (no name) - {C80E3306-EA6F-E457-730E-976571D731EF} - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O16 - DPF: {132BDF97-4059-46E6-BB76-9BFD2527226F} (CChat Class) - http://cuteandsingle.com/downloads/cc.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=3cbaa5cbfe9901c316183e270b9744eabb5565faebcec4663c29a405e890ccd5f74097a4e1063a6370a696cded5d33a3288108ab713c421a:ea3fda0df2f9b3bc67b04dcf28cf3274
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1434d5560647d89ea219/netzip/RdxIE601.cab

    Now reboot in safe mode and delete:
    C:\WINDOWS\System32\nvms.dll
    C:\WINDOWS\System32\mscb.dll
    C:\WINDOWS\System32\msbe.dll

    Reboot normal! Come back and post a new log and tell me how things are working.
     
    chaslang, Sep 30, 2004
    #20
  21. ktiz

    ktiz Corporal

    yes, steam is a game, it's like a loader for counterstrike
     
    ktiz, Sep 30, 2004
    #21
  22. ktiz

    ktiz Corporal

    everything works fine, I rebooted in Safe Mode and I couldn't find those files to delete. I had show hidden files, clicked so I could see everything
     
    ktiz, Sep 30, 2004
    #22
  23. ktiz

    ktiz Corporal

    as per ur request, here is the new HJT log
     

    Attached Files:

    ktiz, Sep 30, 2004
    #23
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log looks clean now! Good job!
     
    chaslang, Sep 30, 2004
    #24
  25. ktiz

    ktiz Corporal

    thanks for the help chas!
     
    ktiz, Sep 30, 2004
    #25
  26. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
     
    chaslang, Oct 1, 2004
    #26

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds