How to get rid of :Search Extender, Shopping Wizard, and Home Search Assistent

Discussion in 'Security and Anti-Spyware Community' started by Martin, Jan 23, 2005.

  1. Martin

    Martin Guest

    Neither Microsoft Antispyware or anything else ( Xoftspy,
    Spyware, NoAdware, or Norton AntiVirus 2003) i've tried
    seems to work. What is "the solution" and are any of the
    listed solutions cause or multiply the problem?
    Please HELP!!
     
    Martin, Jan 23, 2005
    #1
    1. Advertisements

  2. Hi Martin,
    Boot into Safe Mode (F8) at startup;
    Empty your temporary files AND your Temporary Internet Files C:\Documents
    and Settings\Username\Local Settings\Temporary Internet Files folder ;
    Run the scan while in safe mode;
    If you are running SP2, open IE--->Tools--->Manage Add-ons, and uncheck any
    BHO's that you don't recognize.

    Ron Chamberlin
    MS-MVP
     
    Ron Chamberlin, Jan 24, 2005
    #2
    1. Advertisements

  3. Before trying to remove spyware:

    Back up all essential data.

    Download the recommended software

    After all software has been downloaded, installed and updated disconnect the
    computer from the internet and/or any network to which it may be attached.

    The software you should download and have ready to use is:

    Lspfix and Winsockfix, available at http://www.cexx.org/lspfix.htm and
    http://www.spychecker.com/program/winsockxpfix.html

    A BHO disabler such as BHO Cop, BHO Demon or BHOCaptor (non XP SP2 users
    only)
    http://www.pcmag.com/article2/0,4149,270,00.asp
    http://www.definitivesolutions.com/bhodemon.htm
    http://www.webattack.com/get/bho.shtml

    AdAware (note that Lavasoft have now released Ad-Aware SE Personal Edition,
    available from http://www.lavasoftusa.com/support/download/ AdAware 6 users
    should update to SE as soon as possible. All previous versions are NO LONGER
    SUPPORTED)

    Spybot Search and Destroy - http://spybot.eon.net.au

    HijackThis - http://209.133.47.12/~merijn/files/HijackThis.exe

    CWShredder - http://www.intermute.com/spysubtract/cwshredder_download.html

    HackerDefender Disabler - http://www.aumha.org/downloads/unhackdef.zip
    Extract the BAT file to your desktop.

    After obtaining the required software above, make sure you check for updates
    and run the programmes in safe mode.

    Malware removal (beginner's guide):

    Go to Control Panel, Folder Options, View Tab. Turn on the option to show
    hidden files. Turn off the option to hide protected system files.
    ***WARNING!! Files are hidden by Windows for a very good reason. It is not
    wise to 'experiment' with these files. Unfortunately, to successfully remove
    modern malware we must turn this protection off. There is a risk to doing
    this. Please turn the protection back on when you have finished cleaning
    your system.***

    Run HackerDefender Disabler. A DOS window will flash onto your screen and
    then disappear. This is normal.

    If you are using Windows XP SP2 download and install Update KB888240 to
    solve a known problem where add-ins will sometimes hide themselves from the
    Add-On Manager. The hotfix is available from:
    http://www.microsoft.com/downloads/...9e-b116-4d38-b00c-ff1d529106c8&displaylang=en

    Go to Control Panel, add/remove programs. Check for malware entries and use
    the uninstall programs, then reboot. Check all 'startup' folders at
    ...\Documents and Settings\All Users\Start Menu\Programs\Startup or
    ...\Documents and Settings\<username>\Start Menu\Startup

    Go to start/run and type MSCONFIG. Go to the startup tab. Disable everything
    that you do not recognise as legitimate (do not disable any power profile
    options).

    Now go to the Services tab. Turn on the option to 'hide all Microsoft
    Services'. Disable everything that remains. If you don't have this option,
    don't worry about it.

    Reboot your computer and hold down the F8 key until the boot menu options
    appear. Choose Safe Mode as your startup choice. You will find information
    about what safe mode is, and what it does, at this link
    [http://inetexplorer.mvps.org/data/safe_mode.htm]

    If you are using Windows XP, go to Tools, Manage Add-Ons and disable
    anything you don't want or recognise. If you are not running XP SP2 use one
    of the BHO disablers mentioned earlier.

    Empty your IE cache and your other temporary file folders, eg: c:\temp,
    c:\windows\temp or C:\Documents and Settings\<name>\Local Settings\Temp (the
    path to your temp folder will change depending on your name) - sometimes
    programmes can be hidden in there - watch out for mysterious *.exe files or
    *.dll files in those folders.

    Go to IE Tools, Internet Options, Temporary Internet Files {Settings
    Button}, View Objects, Downloaded Program Files. Check for unrecognised
    objects there.

    Go to IE Tools, Internet Options, Accessibility. Make sure there is no style
    sheet chosen (under User Style Sheet - format documents using my style
    sheet). If the option is turned on, turn it OFF.

    Start CWSHREDDER and fix anything it finds. Reboot back into safe mode.

    Start AdAware.

    Remember to update using the 'check for updates now' button. Update, then
    select 'start' option.

    Make sure that 'search for negligible risk entries' is turned on. Select
    'use custom scanning options' then select 'customise'. Make sure the
    following options are enabled: 'scan within archives', 'scan active
    processes', 'scan registry', 'deep scan registry', 'scan my IE favorites for
    banned URLs', 'scan my Hosts file'.

    Select the 'tweak' option. Under 'scanning engine', make sure 'unload
    recognized processes and modules during scan' is enabled. Enable 'scan
    registry for all users instead of current users'.

    Under 'cleaning engine' turn on 'always try to unload modules..', 'during
    removal unload explorer and IE if necessary', 'let windows remove files in
    use at next reboot', 'delete quarantined items after restoring'.

    Use the 'select drives and folders to scan' option to ensure that your
    ENTIRE hard drive is scanned (if you have more than one hard drive, scan all
    of them (of course, do not include floppy and CD/DVD).

    Once finished, reboot again into safe mode. Run Spybot S&D. "Fix" anything
    marked red.

    If you are unable to get on to the internet after cleaning up your computer,
    run LSPfix. If that doesn't work, run Winsockfix.

    If you are using XP SP2 and are unable to access the internet after removing
    malware, the following commandline may help - it will reset the winsock
    catalogue:

    netsh winsock reset

    If the malware problem comes back further specialised assistance is
    available via the Hijackthis forum at http://forum.aumha.org - make sure you
    read the top announcements about pre-post steps you should take before
    generating a hijackthis log.
     
    Sandi Hardmeier, Jan 24, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.