IE Hitch Hiker

G

Guest

I picked up a hich hicker while on the internet that bypassed by ad pro hitch
hicker blocker. it came through on a false Lic, pop up window, when i
clicked cancel it automatically down loaded.
The ie hitch hiker will redirect my ie home page after i log on and is
allowing pop ups to bypass my pop up blocker. It runs off my task bar as a
task bar search. I have to use the task manager to shut it down but it still
runs in the background, trying to redirect my page but i can still get to
what ever i looking for with errors. I have tried to shut it down using the
msconfig (start-up menu) but every time i reboot it comes back on.
1- I have used my spy bots to try and delete the file and it detects it and
delets the file but when i reboot it comes back on (reloads).
2- I tried to delete the file using nortons clean sweep but get this message:
A- the file cannot be deleted. you probably do not have the rights to
delete this folder

The home page for this file is hotsearchbar.com
The folder is -ISRVS
location C:\windows\isrvs\ffisearch.exe

I have found all the folders and the downloaded program but cannot find
anything associated by name in my registry.

Any ideas on how i can get rid of the file would be much appreciated....
Thanks Roy
 
P

PA Bear

Desktop Search hijacker!
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090748

See manual removal instructions at above link. In all likelihood, you'll
also have to scan with CWShredder v2.13 and Ad-aware SE, then post your
HijackThis log to an appropriate forum. (Do not post the log here.)

Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

Mastering Newsgroups in Outlook Express
http://www.microsoft.com/windows/ie/community/columns/newsgroups.mspx
 
J

Jon Kennedy

This may be caused by spyware/malware that's gotten installed on
your system. Use Ad-Aware and/or Spybot Search & Destroy to remove it.

Ad-Aware: http://www.lavasoftusa.com/
Spybot: http://www.safer-networking.org/en/index.html
Good sites on how to install and use Spybot -
http://www.safer-networking.org/en/tutorial/index.html
http://tomcoyote.com/SPYBOT/index1.php

More information here:
http://www.spywareinfo.com/
http://inetexplorer.mvps.org/Darnit.htm
http://www.doxdesk.com/parasite/ - runs a little script when loading page to
check for common parasites

If no joy, in IE go to Tools...Internet Options...Advanced tab, Browsing
section, uncheck "Enable third-party browser extensions", click Apply, click
Okay, reboot. If that solves your problem, then more troubleshooting is
needed to find out exactly which program, or Browser Helper Object (BHO) is
causing this problem. You don't want to leave it at that, as some BHOs are
useful or necessary - like Adobe Acrobat for reading .pdf files or an
essential component of Norton AV. Get BHODemon -
http://www.definitivesolutions.com/bhodemon.htm - read all about BHOs.
Disable all items, and then gradually replace one or two at a time to narrow
down the culprit.

Or if you have IE 6 SP-2 you can do this within the browser:
How to manage Internet Explorer add-ons in Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?scid=kb;en-us;883256

If all the above fails, then the problem could be something new that the
spyware cleaners above don't have in their databases yet. In that case....
HijackThis direct download:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Tutorial on how to use HijackThis:
http://www.spywareinfo.com/~merijn/htlogtutorial.html
Then post it's output log to the forum here for analysis and feedback by the
parasite experts:
http://www.spywareinfo.com/forums/
Or the other HijackThis Logs forums listed here:
http://www.spywareinfo.com/~merijn/forums.html

Or try this program to get some of the most nasty malware:
CWShredder direct download:
http://aumha.org/downloads/cwshredder.zip

An alternate resource for all of this and more:
http://www.aumha.org/secure.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IE6 hitchiker 3
IE6 acting up... 1
Privacy Report and its audible alert 1
Registry editing problem 1
IE 7 Saving security settings Local intranet 0
pop up blocker 4
Pop-Up Blocker blocks download from file server when off 1
Preventing pop up for file download 1

Top