Search Engine results RXmesa and ezanga???

[Kyle Strawitz]

I am currently running Windows XP Pro w/ sp2 and Internet
Explorer 6.0.2...Whenever I use the MSN search engine I
get the following two sites at the top of each Web Results
page:

www.rxmesa.com
search.ezanga.com

I have been running the Microsoft AntiSpyware program but
have yet been unable to remove this from my search
results...

Are there any solutions out there to this problem???

Thanks,

Kyle

 

[AndyManchesta]

Hi there its obvious you have a search hijacker but the
problem is which one,

check for any of these entries in the Add/Remove screen
and repost if found:

mscman
2020Search
Search 2020
Active Alert
Internet Optimizer
My Search Bar
MyWay Speed Bar
My Web Search Bar
Fun Web Products
Sidesearch
OpenSite

Theres alot more this could be but most of the files
would be in the program files area rather than add/remove
so if you dont find the above download and run these 3
free products:

Ad-Aware SE.......Install, click Check for Updates now
and get any updates, then scan.

http://www.majorgeeks.com/downloadget.php?
id=506&file=11&evp=8dbaff7daca8f4b55bf695220993fc0f


Spybot.....Install, do the search for updates now and get
any updates, then scan(also use the immunize feature).

http://www.majorgeeks.com/downloadget.php?
id=2471&file=11&evp=2470f9bfb0cc682334ff8c4459556118

CWShredder......No installation required! Just unzip it
to a folder and press fix(uncheck the box that says move
files to recycle bin first)

http://cwshredder.net/bin/CWShredder.exe


These might not solve the problem but should tell you
what the parasite is then we can go for manual removal if
needed

Regards Andy

 

[Kyle]

Okay Andy,

First THANKS for the reply...at least I could get some
potential answers here...I've posted on some other site
but didn't get any reply...So first I checked the
Add/Remove entries and didn't find any of your listed
entries...BUMMER. So then I downloaded and installed
AdAware SE Personal and HiJackThis and ran a system scan.
I firat ran AdAware and it found a few critical
issues...One was VX2 and the other was STATBLASTER...so I
corrected these and re-ran a scan after a reboot and it
came up clean. I then ran HiJackThis and saw nothing that
would look like an offensive entry. I then tested out the
Google ad the MSN search and AGAIN the RXmesa and ezanga
entries appeared at the top of the search pages listed. So
I rebooted and did another DEEP scan and this time is was
clear...I repeated this perhaps about three times to see
if some Malware was still running but I saw nothing...So
here i'm sitting and I sort of out of ideas as to what
exactly is causing this. If you think it would help, I can
send you an image of my Add/Remove proram entries or the
log to one of my system scans...Sort of at a lost as what
to do next???

I really appreciate your help with this AGGRAVATING
problem...

Kyle

 

[AndyManchesta]

Hi Kyle

Sorry for the delay in my response the mails get lost
really easy on here with new postings all the time,This
is a tricky one but sure we can get there and remove
it.Its got to be a search hijacker if you are getting
these listed on every search page.

I dont need the image of your add/remove screen but
posting your hijack this log on here would help alot.

With the VX2 problem even though its showing clean can
you download these if you dont have them,update them all
then run them in safe mode(Tapping F8 on rebbot then
choose safe mode.)Thius may look like overkill but it
should narrow it down abit.If the search entries stay the
same after running these then post your hijack this log
on here.

Ad-Aware SE.......Install, click Check for Updates now
and get any updates, then exit.

http://www.majorgeeks.com/downloadget.php?
id=506&file=11&evp=8dbaff7daca8f4b55bf695220993fc0f

Ad-Aware VX2 Cleaner Plug-In.....Install only

http://majorgeeks.com/downloadget.php?
id=4283&file=1&evp=34312f31f5a8511bfb7cf839b1eaff0b

CCleaner.............Install only, then exit

http://majorgeeks.com/downloadget.php?
id=4191&file=11&evp=a12d758b021af1a4f0a6bfe45b0c7a82

Spybot................Install, do the search for updates
now and get any updates, then exit.

http://www.majorgeeks.com/downloadget.php?
id=2471&file=11&evp=2470f9bfb0cc682334ff8c4459556118

SpywareBlaster...Install, click Download Latest
Protection Updates, Check for Updates, and then Enable
All Protection, then exit. It does a great job of
blocking known vulnerabilities as well as known malicious
websites.

http://majorgeeks.com/downloadget.php?
id=2859&file=11&evp=61b0e8ad41924a03c37615f4682b4cef

McAfee AVERT Stinger.....No installation required! Ready
to run as is.

http://majorgeeks.com/downloadget.php?
id=4063&file=1&evp=9cf4d4f57a4c688fe042954e1ef29968


CWShredder......No installation required! Just unzip it
to a folder.

http://cwshredder.net/bin/CWShredder.exe

Kill2me..............No installation required! Just unzip
it to a folder.

http://www.majorgeeks.com/downloadget.php?
id=4166&file=1&evp=e994cf5e9abe6c93b47c01f2922c271f




This covers most hijackers so with Adaware get the VX2
plugin the update and scan then choose plug ins and scan
with that too,Spybot(Update & Run plus use the imunize
feature)Stinger(Just run once downloaded)(CWShredder-
Smae again uncheck the move files to recycle bin then
choose fix)(Look2Me Remover(Download,Unzip,and Run)
(Spyware Blaster - As explained above)


If these fail Kyle then replt with your hijack log and i
will check it for malicious entries and then we can take
it from there,Im in the UK so its getting late here and
im up early for work but will look for a reply when i get
in tomorrow(About 1pm US time)


Regards Andy

 

[AndyManchesta]

Hi again Kyle

I forgot to mention a couple of things before running the
worm remover asssuming this is a worm:

Before running make sure you dont have any browser
windows open,

And: Turn off Windows XP System Restore (Start,Right
click my computer,Properties,then system restore and
disable and apply)

Then run them

Good luck post back the result and we can try something
else if this fails

Andy

 

[Kyle]

Andy...

Yeah I know about the long hours at work so no worries...I
sent you this same message to your "hotmail" account since
keeping track of this page is starting to get difficult...

The 'Splutter Fish / Shave and a Haircut' entries are
valid they are a license server for a rendering engine and
rendering module that I use in my work.

The SuperMicro Health Assistant I wasn't to sure about...I
have a SuperMicro motherboard so I'm thinking it is a
valid entry as well. Since I wasn't too sure I decided to
download and run the Symantic removal tool for the
BAT.Mumu.A.Worm. After running the program on my machine,
it reported back that NO virus had been detected. So yet
another "dead end"...

I installed WebRoot Spy Sweeper the other night and ran
it...it found two tracking cookies but that was all. So
now where does this leave me??? I know there must
be "something" either installed on my machine or "hidden"
somewhere...but where and how do I find it??? When I think
about it, the machine that I'm currently having a search
problem isn't even used to get on the web that much...I
have another machine for that...and when I am on-line I am
VERY careful as to what sites and what I "click" so it
sort of baffles me as to how something so "sealthy" got
embedded so deep in the first place...

Oh well if you have any suggestions as to how I should
proceed I would appreciate the help...

Sorry if I sound a bit fustrated...I feel I have spent WAY
too much time on something like this...

Thanks again,

Kyle