Browser Hijacker please help me

[Guest]

Please help me.. I can hardly visit any site without my browser getting re
directed to an annoying search site... the link is
http://t.swapx.cc/h.php?aid=20009 but dont go there because you might get
infected.. how do I fix this problem? I can only visit a few sites.. I cant
even check my email!
Please reply asap I really need help. Ive already used Hijack This and it
doesnt seem to work.

 

[Jan Il]

Please help me.. I can hardly visit any site without my browser getting re
directed to an annoying search site... the link is
http://t.swapx.cc/h.php?aid=20009 but dont go there because you might get
infected.. how do I fix this problem? I can only visit a few sites.. I cant
even check my email!
Please reply asap I really need help. Ive already used Hijack This and it
doesnt seem to work.

 

[Jan Il]

Hi jay187

Oops! Please excuse the previous empty reply, mousie got over anxious and
jumped on the send button too soon...;o)

You have a hijacker, malware, spyware or parasites on your system
causing this problem. Thus, in addition to running your updated anti-virus
program, you should do the following to be sure none of these are present on
your system. Although you may have already run one or more of the programs,
please do so again according to the instructions below. Some variants of
malware can replicate themselves over and over if not removed properly.
Please follow all instructions carefully to be sure your system is
thoroughly cleaned:

Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
Be sure to run CWShredder, Ad-aware and Spybot.
Also be sure to use the About:Buster here
http://www.majorgeeks.com/download4289.html
http://www.atribune.org/downloads/AboutBuster.zip
AdAware se (Free)
http://www.lavasoftusa.com/support/download/
the newest version of CWShredder (2.0) here:
http://www.majorgeeks.com/download3019.html
and the HijackThis. Please do not post your log to this
newsgroup, but to the SpywareInfo or the Aumha HiJackThis forums
http://forum.aumha.org/viewforum.php?f=30, to allow the experts there to
evaluate your log and advise you of the necessary steps to clean your
system.

CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

Also, get a copy of WinsockFix Utility
http://www.dfwonline.net/files/WinsockFix.zip
or
WinsockXPFix available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
Also, with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also
From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
also ....
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)

Also.........

Courtesy of Jim Byrd -

Download Sysclean.com, from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest pattern
file, here:
http://www.trendmicro.com/download/pattern.asp
Be sure to read the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt
You might also want to get Art's updater, SYS-UP.Zip, here for future
updating of these: http://home.epix.net/~artnpeg/.
(If you download and use the updater from the beginning, it will
automatically handle downloading the other files. Place them in a dedicated
folder after appropriate unzipping, and then run. This scan may take a long
time, as Sysclean is VERY extensive and thorough

and......

NOTE: If you can not download these programs from the Internet, if your PC
has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to your HD and then install the programs from there
and run them. After you have IE access again, update all programs where
possible to get the latest definitions and run them again in Safe Mode to be
sure there are no lingering items on the system.

also...........

Additional information on how to protect your PC:
The Parasite Fight http://www.aumha.org/a/quickfix.htm
More security tips at http://www.aumha.org/a/parasite.htm
Bugs, Glitches & Stuffups: http://www.mvps.org/inetexplorer/Darnit.htm

So how did I get infected in the first place?
http://boards.cexx.org/viewtopic.ph...ghlight=&sid=53751d8ff5915261af727df08e66ce0d
or
http://snipurl.com/980t

If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.

Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Guest]

Hey Jan Il
Thanks for your help... my computer has been scanned by like 5 different
spyware programs now but the hijacker is still there, it is always my hompage
and ignores most sites I type in the address box.
When I try to install Ad Aware se nothing happens, Ive downloaded the setup
file but when I double click it nothing happens... what does this mean? How
do I install it??

 

[Frederik Vanderstraeten]

With Firefox you never have any browser hijackers. Don't have any idea
what this can be, only know that if you look at this newsgroup, you see
thousands of people all having different problems with their IE. But you
know, for fun I also sometimes help people at the dutch firefox
newsgroup... And there is only something about 1 question a day, and
most questions are like:
I can't find my favorites
or
How can I do this or that... All things that are easily solved... But
only once a month, in the whole Flanders and The Netherlands (about 20
million people), someone has a real problem with firefox. So really, get
firefox at www.getfirefox.com, and you'll really never miss IE... It
automatically imports all you settings and favorites, and IF you ever
should miss IE for whatever reason, just switch back... So there is
really no risk... I hope you consider this,

Thanks,
Frederik Vanderstraeten

jay187 schreef:

 

[Jan Il]

Hi jay187

Then you may have a new variant that needs a bit more Malto-Meal ;o) See if
this will help:

CAUTION!!!!!
Before you try to remove spyware using any of the programs below, download a
copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
XP) The process of removing certain malware may kill your internet
connection. If this should occur, this program, LSPFIX, will enable you to
regain your connection.

Also, get a copy of WINSOCKFIX available at:
http://www.spychecker.com/program/winsockxpfix.html

now.....

This coolwebsearch infection uses a hidden dll to reinfect, thus it
replicates itself over and over if not removed properly.

HOW TO Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

HOW TO Enable Hidden Files
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

About Buster
http://www.majorgeeks.com/download4289.html

CWShredder
Newest version (2.0) here:
http://www.majorgeeks.com/download3019.html

and......

How To Remove CWS Variant 'Home Search Assistant' - 'CWS_NS3'
http://www.bleepingcomputer.com/forums/topict3341.html


if still no joy, then........

New CWS variant removal tool: (about:blank)

CoolWebSearch (CWS) Removal Procedure
http://www.silentrunners.org/sr_cwsremoval.html
For NT - 2000 and XP

or......the text fo the above:

Like any disinfection procedure, it's a bit risky - it deletes an important
registry key and subsequently restores a revised version. If something goes
wrong, your PC may no longer work normally.

YOU USE THIS PROCEDURE AT YOUR OWN RISK!

Download Registrar Lite 2.0, install it and run it.
http://www.majorgeeks.com/download469.html
http://www.softpedia.com/public/cat/12/5/12-5-21.shtml

Navigate to this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
(note...should be all on one line)
and look at the AppInit_Dlls value.

Write down the name of the DLL file that's displayed!

(If you see several values separated by commas or spaces, which is unlikely,
use Windows Explorer to search for each one in the Windows\System32 or
Winnt\System32 directory. The one you can't find is the one to remember!)

Exit Registrar Lite.

Download and run this script. It will delete the CWS AppInit_Dlls value and
reboot Windows. After the reboot, the shield-DLL file is still on the hard
disk, but it's no longer a threat to your PC.
http://www.silentrunners.org/CWS Shield Dropper.vbs

Download Silent Runners here:
http://www.silentrunners.org/Silent Runners.vbs
Run it and look at the list of Browser Helper Objects. One of them will have
a strange name. Write down the the file name (including the full path)!

(If you're not sure which BHO was installed by CWS, reboot into Safe Mode
and follow steps 8-10 here. Commercial programs, such as PestPatrol, are
also available to identify and delete BHO pests.)

Download and run this script to delete the CWS shield-DLL and the BHO files.
No reboot will be required.
http://www.silentrunners.org/CWS File Cleaner.vbs

Reset your Internet Explorer home page. Your PC should now run normally.

If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.

Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Guest]

We're having the same problem but every time we delete the browser hi jacker
and add-in plug, it keeps coming back!!!! Help!!