Hi Jim,
Thanks for what looks like an extremely detailed email!
I shall def give everything ago, I did have Lavasoft on
before and suspect that maybe the root of my problems. I
also have a Spybot program. I try the other things and
see where that gets me.
Many thanks for your time and assistance.
Kind regards,
Gordon
-----Original Message-----
Hi Gordon - Download and run:
http://www.kellys-korner- xp.com/regs_edits/RestoreSearch2.REG to restore
your default Search functions. You'll have to manually reselect any
Customization, however.
Note that this symptom often indicates the possibility of other malware.
You might want go to this page at Jim Eshelman's site, here:
http://aumha.org/a/noads.htm or here:
http://inetexplorer.mvps.org/parasite.htm and wait a little bit (be
patient), while an analysis of a number of possible parasites on your
machine will be made to help you identify and remove them. NOTE: You will
need to disable Ad Blocking in Zone Alarm 3.x, if present or any other Ad
Blocking software which interferes with Java Scripting for this scan to
work. You should get a message between the two lines of **** giving the
results of the scan.
For the general hijack case, the best way to start is to get Ad-Aware 6.0,
Build 181 or later, here:
http://www.lavasoftusa.com/support/download/.
UPDATE and run this regularly to get rid of
most "spyware/hijackware" on
your machine. If it has to fix things, be sure to re- boot and rerun
AdAware again and repeat this cycle until you get a clean scan. The reason
is that it may have to remove things which are currently "in use" before it
can then clean up others.
Another excellent program for this purpose is SpyBot Search and Destroy
available here:
http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-
bin/forums/ikonboard.cgi. I recommend
using both normally. After UPDATING and fixing things with SpyBot S&D, be
sure to re-boot and rerun SpyBot again and repeat this cycle until you get a
clean "no red" scan. The reason is that SpyBot sometimes has to remove
things which are currently "in use" before it can then clean up others.
Note that sometimes you need to make a judgement call about what these
programs report as spyware. See here, for example:
http://www.imilly.com/alexa.htm
A currently common parasite which can cause this symptom is some malware
called CoolWebSearch. Do the following:
Download, UPDATE before running, and run:
http://209.133.47.200/~merijn/files/CWShredder.exe to remove the parasite.
Be sure to close all instances of IE and OE. You may also get it here if
that link is blocked:
http://www.zerosrealm.com/downloads/CWShredder.zip
BE SURE that you get v.158 or later!
You will need to show Hidden files first and then at the end disable System
Restore and then reboot your system in order to clear the malware garbage
from the backups after you've cleaned up. It's best to perform CWShredder
(and most other malware fixers too) from Safe mode and then reboot. After
cleaning things up, then you can disable and then re- enable System Restore.
See ******** below.
The following links give instructions on how to do these various functions:
HOW TO Restart in Safe Mode
<
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/ 2001052409420406>
HOW TO Enable Hidden Files
<
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/ 2002092715262339>
HOW TO Disable/Flush System Restore (do this at the end AFTER cleaning)
<
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/ 2001111912274039>
(WinXP)
<
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/ 2001012513122239>
(WinME)
Then download and run:
http://www.kellys-korner- xp.com/regs_edits/iegentabs.reg to restore your
tabs and remove any restrictions that the parasite has put in place.
Be sure that you also download and install hotfix Q816093, here:
http://support.microsoft.com/?kbid=816093#appliesto
which blocks the exploit upon which this parasite family depends.
Now download and run:
http://www.kellys-korner- xp.com/regs_edits/RestoreSearch2.REG to restore
your search functions.
If they don't fix it then start here:
Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?
id=3155&file=3&evp=3304750663b552982a8baee6434cfc13
In Windows Explorer, click on Tools|Folder Options|View and check "Show
hidden files and folders" and uncheck "Hide protected operating system
files". (You may want to restore these when you're all finished with
HijackThis.)
Unzip the downloaded HijackThis to any convenient folder, start it then
press Scan. Click on SaveLog when it's finished which will create
hijackthis.log. Now click the Config button, then Misc Tools and click on
Generate StartupList.log which will create Startuplist.txt
Then go to one of the following forums:
Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/
or Net-Integration here:
http://www.net-integration.net/cgi-
bin/forum/ikonboard.cgi?
s=d3c2c886d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949
or Tom Coyote here:
http://forums.tomcoyote.org/index.php?act=idx
Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s).
*******
ONLY IF you've successfully eliminated the malware, you can now make a new,
clean Restore Point and delete any previously saved (possibly infected)
ones. The following suggested approach is courtesy of Gary Woodruff: For XP
you can run a Disk Cleanup cycle and then look in the More Options tab. The
System Restore option removes all but the latest Restore Point. If there
hasn't been one made since the system was cleaned you should manually create
one before dumping the old possibly infected ones.
*******
Once you get this cleaned up, you might want to consider installing the
SpywareBlaster and SpywareGuard here to help prevent this kind of thing from
happening in the future:
http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it UPDATED) The latest version as of this writing
will prevent installation or prevent 2942 malware items from being installed
or running if already installed, and it provides information and fixit-links
for a variety of parasites.
http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. Both Very Highly Recommended
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In Gordon Smith <
[email protected]> typed:
Dear All,
I used to be able to type a word in my address bar, and IE
would automatically search for web-sites and display the
results in the main window. Recently it has stopped doing
this and I have no idea why?
Can you help?
Regards,
Gordon
.