My browser is hijacked on startup!

[Jacek]

Hello,
I need help to track this scumbug!
After visitng one of the russian websites my browser is now redirected on
startup.
Usually it is
web-searcher.info , sometimes 911-searcher.info or find-on-the-net website
which opens some porno pages.
1. I removed all relevant entries in IE Tools>Options.
2. I get rid off the same entries in the registry.
3. I also removed some suspicious entries from RUN in registry.
I scanned computer using McAfee software (software my company uses).
I scanned online using Norton AntiVirus.
Nothing found.
I cannot use programs like SpyBot because i do not have administrator
privileges on that computer.
The behaviour is always the same:
On Windows startup (before I use IE) I open registry and delete from:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
entries for Search Page and Start Page key.
Despite that when I start IE the browser gets redirected.
I do not think I am the only one having that problem and I am sure someone
already has the solution.
Your input is appreciated.

 

[Jacek]

I forgot to add I also ran Ad-Aware SE and CWShredder to no avail.

 

[Bruce Hagen]

Start with HijackThis. AdAware SE and SpyBot should be run on
occasion for general problems. Always check for updates for each
one before running.

AdAware SE:
http://www.lavasoft.de/

SpyBot S & D:
http://beam.to/spybotsd


CWShredder & HijackThis:
http://www.spywareinfo.com/~merijn/downloads.html

Bruce Hagen
MS MVP - (IE/OE)
~IB-CA~

 

[Jack]

I've used HijackThis as well.
However, I am looking for the hand out solution to that problem.
I am absolutely sure I am not alone having browser hijacked by those sites.

 

[Frank Saunders, MS-MVP IE/OE]

How to remove Coolwebsearch and affiliates
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[Jacek]

I found the source myself.
is IEsearchToolbar.dll valid file in windows XP?
When I remove that file from \Program Files\IEsearchToolbar folder I do not
have hijacking problem anymore.
Is IEsearchToolbar folder valid folder and all files in it?

 

[Frank Saunders, MS-MVP IE/OE]

I found the source myself.
is IEsearchToolbar.dll valid file in windows XP?
When I remove that file from \Program Files\IEsearchToolbar folder I
do not have hijacking problem anymore.
Is IEsearchToolbar folder valid folder and all files in it?

No, it isn't.
First, if you don't have WinXP SP2, get LSP-Fix - a free program to repair
damaged Winsock 2 stacks
http://www.cexx.org/lspfix.htm
save it because you might need to repair the Winsock 2 stacks after removing
the culprit.
For WinXP SP2 this command will restore the Winsock stacks if you can't
connect after clearing the malware.
Go to Start | Run and type
CMD
In the command window type
netsh winsock reset
Then see
How to remove Coolwebsearch and affiliates
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch

If that doesn't clear it remove the whole folder. If you're up to it remove
any entries for it from the Registry.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/