IE is hijacked

[alan]

I spent two days on this and I am unable to fix
this obnoxious problem. I even installed third party
software like ad-aware to remove this but it did
not work either.

My browser start page always displays
a very high detail web page with several dozens links
and search page . THe address bar is blank and shows
about:blank. This content is displayed even when the pc
is disconnected from Internet.
When i click on those links, then
the address bar shows they r coming from searchx.cc.

I cannot even uninstall IE and cannot delete the fodler
containing IE executable files.

 

[abc]

I spent two days on this and I am unable to fix
this obnoxious problem. I even installed third party
software like ad-aware to remove this but it did
not work either.

My browser start page always displays
a very high detail web page with several dozens links
and search page . THe address bar is blank and shows
about:blank. This content is displayed even when the pc
is disconnected from Internet.
When i click on those links, then
the address bar shows they r coming from searchx.cc.

I cannot even uninstall IE and cannot delete the fodler
containing IE executable files.

This sounds like the same thing I got, a variant of the coolwebsearch
bho. First download the lastest version of CWShredder (ver 1.56)

http://www.merijn.org/files/CWShredder.exe

If that doesnt work, try this:

From my observation, CoolWeb uses a .dll script file in
windows\server32 to do its dirty business (Win XP).

Its randomly named so finding it can take some work. The first time I
ran spybot, it came back with the exact name of the file, I simply
renamed it and problem solved.

Unfortunately though, I went into my registry editor and removed the
keys settings that coolweb installed so Im not sure (yet) if those are
random or not.

Then it came back again. For some reason spybot knew it was
there but wouldnt give the exact file name. Fortunately tho as I went
through a couple of the dll files with a text editor I found it in a
file starting with "aab". Luck of the draw, I guess, since it
randomly names the file.

Anyways this may help... I hope so because I know your frustration.

One of the registry keys that held the name of the script file was:

My Computer\HKEY_LOCAL_MACHINE_SOFTWARE\Classes\CLSID\
{3B0A5AEE-9AD5-4CDD-A69F-63E5562BE6A0}\InProcServer32

If you find a dll file listed for that key do a search for it (mine
was in the server32 subdirectory of windows. Then open it in notepad
to be sure its the right one (scroll through it and you should see
text that shows up in your about:blank page). Rename it to something
like <filename>.bak. Then reset your default webpage.

 

[mac]

I spent two days on this and I am unable to fix
this obnoxious problem. I even installed third party
software like ad-aware to remove this but it did
not work either.

My browser start page always displays
a very high detail web page with several dozens links
and search page . THe address bar is blank and shows
about:blank. This content is displayed even when the pc
is disconnected from Internet.
When i click on those links, then
the address bar shows they r coming from searchx.cc.

I cannot even uninstall IE and cannot delete the fodler
containing IE executable files.

Try CoolWebShredder
http://www.spychecker.com/program/coolwebshredder.html
check for any update prior to running it.

 

[Guest]

Download Hijack This http://www.majorgeeks.com/downloads31.htm

Please’ post your Hijack This Logs, in any of the following “Expert Forumsâ€
http://forums.net-integration.net/index.php?s=853f186bf90302d57a6840f00475ff6b&showforum=3
http://forums.spywareinfo.com/index.php?s=1413794b9fe306155560c99576acc3a8&showforum=1
http://www.lavasoftsupport.com/index.php?s=c0d583c0e136d2133506ec492cb6bd40&showforum=4
http://www.cybertechhelp.com/forums/forumdisplay.php?f=1
http://boards.cexx.org/viewforum.php?f=1&sid=0b5c7c42dc70e12ffe32f4a0807ff6a
http://www.dslreports.com/forum/security,


----- alan wrote: ----

I spent two days on this and I am unable to fi
this obnoxious problem. I even installed third party
software like ad-aware to remove this but it di
not work either

My browser start page always display
a very high detail web page with several dozens link
and search page . THe address bar is blank and shows
about:blank. This content is displayed even when the pc
is disconnected from Internet.
When i click on those links, the
the address bar shows they r coming from searchx.cc

I cannot even uninstall IE and cannot delete the fodle
containing IE executable files

 

[shuenn]

Here's my solution.
Open your search for files and folders, then look for the file which
contains the text 'http://searchx.cc/search.php',you may see several
dll files. Example, hdhb.dll. Then,you try to delete it. If some
cannot be deleted,you visit
http://www.cbifamily.com/down/200414/network/copylock.zip, click Add
file to delete,browse for the searched dll files. Then, your pc will
be restarted,then you goto run type in regedit,search for all the
infected dll file name. When found, set the value data to blank until
all had been removed. Hope this can help...

 

[H Leboeuf]

Do not modify your registry unless you have to and are knowledgeable.

Get this removal tool.


CoolWebSearch - CWS http://www.spywareinfo.com/articles/cws/
The: Complete list by variant with up-to-date information.
http://www.spywareinfo.com/~merijn/cwschronicles.html
More: Removal tool: http://www.spywareinfo.com/~merijn/files/cwshredder.zip
More: Removal tool:
http://www.symantec.com/avcenter/venc/data/vbs.bootconf.html