Announcement

Collapse
No announcement yet.

spyware / malware problem

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    spyware / malware problem

    Hi Guys,

    A friend of mine is having a problem with IE (yeah, yeah, IE bad) in that his home page is redirected to ssearch.biz.

    I've run spybot and a bunch of other similar programs but they don't detect anything.

    Has anyone heard of this or can anyone maybe suggest a strategy to fix this?

    Thanks.
    P.S. You've been Spanked!
    Tags: None
  • #2
    Have a look in the hosts file and see if that has got his home page to redirect to ssearch.biz instead. If it is, just delete and scan once more to check for anything.

    J1NG

    Comment

    • #3
      sounds like what I had a few months ago.. ran all sorts of cleaners + NAV2004, which all found the culprit, but it returned after a reboot.. I ended up reinstalling
      We have enough youth - What we need is a fountain of smart!


      i7-920, 6GB DDR3-1600, HD4870X2, Dell 27" LCD

      Comment

      • #4
        If you've ran SPYBOT, have you ran ADAWARE?
        The Welsh support two teams when it comes to rugby. Wales of course, and anyone else playing England

        Comment

        • #5
          Originally posted by Paddy
          If you've ran SPYBOT, have you ran ADAWARE?
          He says he's run AdAware.

          As for it being I hosts file issue. I'll check.

          Something I forgot to mention is that it also disables the forward and back buttons in IE.
          P.S. You've been Spanked!

          Comment

          • #6
            It definatley sounds dodgy
            The Welsh support two teams when it comes to rugby. Wales of course, and anyone else playing England

            Comment

            • #7
              make sure he is running the latest versions of sypbot search and destroy and Adaware. Make sure reference files are up to date. Another good cleaner for Cool Web Search type Hijacks is CWShredder. If all else fails download and run Hijackthis and post the log files from the scan to see what all is going on.

              <edit typo>
              Alcohol and Drugs make life tolerable.

              Comment

              • #8
                It's a DLL (don't remember which) in the system directory that can't be deleted unless you:
                1. run command line
                2. kill the Explorer process
                3. use the command line to delete the DLL
                4. Use task manager to relaunch Explorer

                I had something like that a few weeks ago at work.
                "For every action, there is an equal and opposite criticism."

                Comment

                • #9
                  Do a search on the windows directory for files that had been changed/created during the last x days (since he caught the 'virus').
                  You'll probably find the DLL that way.
                  Cut and paste the DLL name in Google before deleting. If it's part of windows, google will tell you.
                  "For every action, there is an equal and opposite criticism."

                  Comment

                  • #10
                    Thanks, I'll try all your suggestions and get back to you.
                    P.S. You've been Spanked!

                    Comment

                    • #11
                      That can be a real pain. Had that problem, that my default page always changed to about::blank but would bring up a ton of popups.

                      I searched for a day or so, then just reinstalled windows, and Firefox.
                      "I dream of a better world where chickens can cross the road without having their motives questioned."

                      Comment

                      • #12
                        Download Process Explorer from systeminternals.com and google for processes and which .dlls they use.

                        Google for processes and you should get to removal instructions.

                        Recently Coolwebsearch has grown to the point that it cannot be automatically remowed and removal is similar to what TransformX suggested.

                        Comment

                        • #13
                          schmosef, after you've got rid of the spyware, tell him to use Firefox ( http://www.mozilla.org ), it is far more secure & very unlikely to let through more spyware
                          Matrox G4x0 32mb SG RAM DVI

                          Comment

                          • #14
                            Any updates ?
                            "For every action, there is an equal and opposite criticism."

                            Comment

                            • #15
                              not yet, I left the PC at my office and didn't get a chance to go back this weekend. I'll be toying with it tomorrow morning. Tx, your suggestion sounds very promising. Thanks.
                              P.S. You've been Spanked!

                              Comment

                              Previous 1 2 template Next
                              Working...
                              X