Looks like a new variant of some other parasites.
http://www.google.com/search?q="ssearch.biz"&hl=en&lr=&ie=UTF-8&newwindow=1&c2coff=1&sa=N&tab=gw
--
Try this: Tools > Internet Options > Advanced > Browsing
Uncheck the Enable 3rd party browser extensions
If this clears your problem then find out who the culprit(s) is/are with
these tools.
Let AD-Aware Scan your system for advertising Spyware
http://www.lavasoftusa.com
If you use a HOSTS file, beware of this new issue.
Ad-Aware has decided to include a new detection when scanning the HOSTS
file. This now creates a "Bad hosts file entry" in the log file generated at
the end of a scan. The best thing to do is to place a check in each entry,
right-click and select: "Add selection to ignorelist". Otherwise if you let
AWW "fix" these items it will trash the HOSTS file! Even if you have it
"locked" by [example] SpywareBlaster or Winpatrol. It does not return the
attributes and renames the HOSTS file incorrectly to hosts.
and:
SpyBot-S&D
http://security.kolla.de/
p.s Reset the 3rd party browser setting.
More: This may be caused by a third-party program (adware, spyware,
parasite).
Get AdAware and SpyBot and run them both. Keep them up to date.
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm
Additional link:
http://aumha.org/a/quickfix.htm
You may need this removal tool.
More: Complete list by variant with up-to-date information.
http://www.spywareinfo.com/~merijn/cwschronicles.html
More: Removal tool:
http://www.spywareinfo.com/~merijn/files/CWShredder.exe
CWShredder - Tutorial
http://www.bleepingcomputer.com/forums/index.php?showtutorial=47
IMPORTANT:
Before trying to remove spyware, download a copy of LSPFIX from
the URL below - some malware may kill your internet connection when it is
removed, this program will enable you to regain your connection.
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
XP)
Important: "So how did I get infected in the first place?"
http://forums.net-integration.net/index.php?showtopic=3051
===
If all fails then get help from this forum.
Go to
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Download "Hijack This!" [freeware] Latest version is 1.98.
Unzip the Download file in a NEW FOLDER that you can create before you start
the download.
DO NOT install in your Desktop folder.
DO NOT use any of the TEMP folders that are presently in your computer.
Double-click "HijackThis.exe" and Press "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates "hijackthis.log")
Next, HijackThis | Config [button] | Misc Tools [button]
Click: Generate StartupList log [button] (generates "startuplist.txt")
Next, go to the below location:
http://forums.spywareinfo.com/
Sign in, then copy/paste your HijackThis .log file in your message.
HijackThis Quick Start Help
http://www.tomcoyote.org/hjt/
The Tutorial if you want to know more about the results or the .log file.
http://www.merijn.org/htlogtutorial.html
Henri Leboeuf
Web page:
http://www.colba.net/~hlebo49/index.htm
===
Richard Roseweir said:
Inquiring on behalf of a workmate using WinXP Home and IE6.
His IE browser appears to have been "hijacked" and the Homepage
consistently resets itself to something like "ssearch.biz" which is
ironically, a website selling anti-adware amongst other things. Even
the default "about:blank" homepage now points to this "ssearch.biz"
webpage. Also, all search functions from Address Bar are screwed up as
well.
Is there a way by which I can assist this lad...he's a jolly decent chap
with an increasingly unhappy IE experience. TIA.
