AntiSpyware Beta Host File/SearchAssistant

C

catschool

I've been helping a friend clean spyware from their
system over the last few days. We've run Hijack This and
while we can't seem to rid the computer of
SearchAssistant (as a previous post mentioned) even after
deleting form the registry, I can't figure out why two
computers in my house show one localhost file (127.0.0.1)
(Advanced Tools, System Explorers, Network, Windows Host
File) while he appears to have hundreds of them listed in
his MS AntiSpyware program.

I'm also wondering if this is a result of this
SearchAssistant that HJT removes in Safe Mode but not in
normal mode. Any suggestions or help would be appreciated.
 
J

Jim Byrd

Hi Catschool - Start here. Please post back with your results or if you
need
additional assistance.

Courtesy of Ron Kinner MVP:


"There is a German program called Spoonweg.exe which might
help.

http://lunatic-skydance.de/mr/soft/SpoonWeg.exe

It will start to download. Save it somewhere you can find
it again then Open it and say YES then Click on Trojaner-
Suchen. If it finds the version of about:blank that it is
meant to kill it will go and do it then reboot the PC.
Otherwise it will say Trojaner Spooner wird nicht gefunden.

Another German program is SpHjFix.exe.

http://www.trojaner-info.de/cgi-bin/download.cgi?
file=sphjfix

This one speaks English so just Press on Start Disinfection
If it doesn't find its target it will say Not Infected
across the top of the little window. Otherwise follow the
instructions.

Both of these probably run better in Safe Mode (F8 -
without Networking)

Finally if both of the above fail then try one of the
methods in:

http://www.pchell.com/support/aboutblank.shtml "



I can also recommend the procedures at www.pchell.com .



In addition, for your specific Home Search Assistant parasite, try the
following (extracted from one of my "standard" posts about this family of
parasites):

"If your hijacker is Home Search Assistant or one of these:

- Only The Best
- Home Search Extender
- Shopping Wizard
- res://****.dll/index.html#***** (or simply res .dll)

first see here:
http://www.short-media.com/forum/showthread.php?p=172774#post172774, and
here: http://www.pchell.com/support/onlythebest.shtml. Then you can try AT
YOUR OWN RISK, HSRemove, free, here: http://www.hsremove.com/. "A few
days ago I got hijacked - Nothing new in that, except this time it was a
real [censored] to get rid of. - There were simply no tools available to
remove this "Home Search" thing. Finally I ended up creating my own tool for
it. USE IT AT YOUR OWN RISK. And if you find it helpful, then please do not
hesitate to make a contribution."

Or, you can try AboutBuster, here, which is also designed to remove Home
Search Assistant: http://www.malwarebytes.biz/"


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Host File Entries 5
Mulitple Antispyware Beta Questions 2
Antispyware Beta & Adware.Websearch 1
Advanced tools - host files 9
MS antispyware could not remove spyware 8
Application error (exception) starting AntiSpyware 4
MS-AntiSpyware ver 1.0.509 (Beta 1) failed to remove spyware. 2
windows antispyware host file 5

Top