Searchv Hijacked removal success

[GrandVicar]

Took a few tries, they have gotten better. I defintely clicked NO but
it installed anyway.

1) Had to disable netowrk clear cache, cookies history etc.
2) Cleared all temp files and flushed dns, reset home page to blank.
3) Delete the msupdater.exe from the startup folder and set the
startup folder to readonly.
4) Set these DNS entries to loopback in my hosts file then set the
file permissions to read only for everyone.
127.0.0.1 www.008k.com
127.0.0.1 www.searchv.com
127.0.0.1 www.v61.com
127.0.0.1 www.00hq.com

5) Search the registry and delete every entry of 008K.com,
searchv.com, v61.com, 00hq.comand

6) Go to the c:\Documents and Settings\USER\Application Data\winshow
directory and unregister the winshow.dll and then delete entire folder
contents.

7)Set the winshow directory permission to deny for everyone.

After that call or email INTERCOSMOS MEDIA GROUP, INC. and let them
know how much you enjoyed being hijacked.

(e-mail address removed); (e-mail address removed); (e-mail address removed);
(e-mail address removed); (e-mail address removed);[email protected];
(e-mail address removed); (e-mail address removed); (e-mail address removed);
(e-mail address removed); (e-mail address removed); (e-mail address removed);
(e-mail address removed)

Registrar Name: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
Address: 650 Poydras Street Suite 1150, New Orleans, LA 70130, US
Phone Number: 504-679-5197
Email: (e-mail address removed)
Whois Server: whois.directnic.com
Referral URL: www.directnic.com
Admin Contact: Sigmund J. Solares
Phone Number: 504-679-5197
Email: (e-mail address removed)
Admin Contact: Donny C. Simonton
Phone Number: 504-679-5182
Email: (e-mail address removed)
Billing Contact: Ron . Eldridge
Phone Number: 504-679-5170
Email: (e-mail address removed)
Billing Contact: Betty . Daigle
Phone Number: 504-679-5170
Email: (e-mail address removed)
Technical Contact: Donny C. Simonton
Phone Number: 504-679-5182
Email: (e-mail address removed)
Technical Contact: Don . Moore
Phone Number: 504-679-5170
Email: (e-mail address removed)
Technical Contact: Monte J. White
Phone Number: (504) 679-5170
Email: (e-mail address removed)
Technical Contact: Michael . Brunson
Phone Number: 504-473-6643
Email: (e-mail address removed)


To contact Technical Support please submit a trouble ticket:
http://www.directnic.com/help/tts/
or send email to: (e-mail address removed)
Submit reports of Abuse through the TTS:
http://www.directnic.com/help/tts/
or send email to: (e-mail address removed)
To contact our sales department, send email to:
(e-mail address removed)
To contact directNIC's Human Resources dept:
(e-mail address removed)
To contact our legal department, send mail to:
(e-mail address removed)
All other inquiries can be sent to:
(e-mail address removed)
For inquires via mail:
Intercosmos Media Group, Inc.
650 Poydras Street, Suite 1150
New Orleans, Louisiana 70130
USA
To contact us via telephone:
Our telephone number: +1 (504) 679-5170
Our telephone support hours: 7 am to 7 pm Central Standard Time
Monday - Friday
Our fax number: +1 (504) 566-0484
Our local time is currently: October 10, 2003, 4:27 pm CDT

 

[Wesley VogelX]

GrandVicar;
Well, you sure included plenty of ways to contact them. I have not been
hijacked, but if I had, I would surely use one to let them know what I think of
the practice.
For the life of me, I can't figure out why, if you want to sell something
to someone, why you would want to make them mad at you first. These people
must not have read any of Dale Carnegie's books.
Wes

 

[cimex]

Doesn't Kelly live near them? Perhaps, for a small consideration, she would
be willing to visit them and give them your best wishes in person...

 

[Joh N.]

cimex, after spending 3 minutes figuring out which end of the pen to use, wrote:

Doesn't Kelly live near them? Perhaps, for a small consideration, she would
be willing to visit them and give them your best wishes in person...

Stupidity is something you seem to treasure more than gold, diamonds,
knowledge, and common courtesy or sense.

Joh N.

 

[Bita-kookoo]

Thank you for your post; I also clicked "no" when prompted by them,
and similarly my machine was compromised by their software. You post
saved me a lot of time and hassle.

However I found one other item that I needed to remove:

-A registry entry was added under
HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-Windows-CurrentVersion-Run
called "sys". This entry calls regedit and merges a file located in
the (Windows) directory called sys.reg into the registry. This resets
the home page to their web page. The registry entry and the file they
put in the (Windows) directory must also be removed. Until this is
removed, on reboot the home page will be continually rewritten.

Thank you for posting all of the contact information. These people
are ridiculous; they cost me hours of my weekend just to remove their
lousy site from my computer.

 

[Ben C.]

Thank you both for these postings. I would not have been able to get
rid of this stupid malware. However I did not find
"HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-Windows-CurrentVersion-Run

called "sys". " anywhere and any version of it. Everything is back to normal thanks to you guys and Spybot and Adware. Thanks again.

Ben

 

[Guest]

I haven't been so fortunate, I can't find any of the 4
DNS entries you've listed, and I've searched my registry
for 008k.com, searchv.com, v61.com, 00hq.comand and they
just aren't there. I guess they are getting better. Any
other ideas for me?

 

[Guest]

I failed to change the subject line of my previous post
from "successful" to "Not successful"