searchx and heretofind problem

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Lorddamien27, Sep 9, 2004.

  1. Lorddamien27

    Lorddamien27 Private E-2

    Ok. First I've been battling searchx for about a week and it keeps coming back, Ad-Aware, CWShredder, Spybot, nothing works. And just today heretofind showed up on my comp, and it looks to act the same way as searchx. I've followed the steps in the instruction page, but they're still there. Any suggestions?
     
    Lorddamien27, Sep 9, 2004
    #1
  2. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    ALL the steps, you didnt mention using Stinger and Nortons online virus scan. If you have done them all, please post your logfile so we can look at it. Be sure you have done all steps.
     
    Major Attitude, Sep 9, 2004
    #2
  3. Lorddamien27

    Lorddamien27 Private E-2

    Well the online scan fixed the searchx problem, at least, for now. However the heretofind problem is still present. Also I've noticed that about a minute after I sign on a program tries to start, I open task manager and it's always a random four letters for the program name. Anyway, maybe you guys can help here's my log.
     

    Attached Files:

    Lorddamien27, Sep 10, 2004
    #3
  4. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Ok, heres some to remove, you will need to reset your home page and search engine. I would do it from safe mode as well as run some of the tools again, CWShredder, Ad-Aware and Spybot. FYI, I do not see the cab files downloaded in your Hijack This log shows you scanned online at none of the sites we told you to. Help us help you. Do the tutorial completely.

    Dont know what SpyCatcher is, uninstall it for now. It sure as hell aint working:
    C:\PROGRAM FILES\SPYCATCHER\SCHEDULER DAEMON.EXE
    C:\PROGRAM FILES\SPYCATCHER\PROTECTOR.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=15&q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:mad:MSITStore:C:\spe\start.chm::/start.html#
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=15&q=%s
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:mad:MSITStore:C:\spe\start.chm::/start.html#
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
    O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=15&q=
    O13 - WWW Prefix: http://www.heretofind.com/show.php?id=15&q=
    O13 - Home Prefix: http://www.heretofind.com/show.php?id=15&q=
    O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=15&q=
    O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=15&q=

    Not sure, if you do not recognize it, delete it:
    O16 - DPF: {1D870C86-AA3C-4451-81E4-71D480A1A652} - http://216.93.172.116/sub2bc.exe

    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1042_pack.cab
    O16 - DPF: {D7B59209-0ED9-4986-BD4A-527BE836C6B2} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1045.cab
    O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
     
    Major Attitude, Sep 10, 2004
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    In addition to what MA has indicated, also fix these lines:
    O9 - Extra button: Corel Network monitor worker - {C2C01060-0270-11D9-88A3-444553540000} - (no file)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {C2C01060-0270-11D9-88A3-444553540000} - (no file)
    O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
    O9 - Extra button: Corel Network monitor worker - {C2C01060-0270-11D9-88A3-444553540000} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {C2C01060-0270-11D9-88A3-444553540000} - (no file) (HKCU)
    O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
     
    chaslang, Sep 11, 2004
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds