| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 4/4 |
| 2004/11/13-14 [Computer/SW/Virus] UID:34875 Activity:high |
11/13 I've run the latest version of Ad-aware and gotten rid of
all the crap that it found. But there is still some crap on
my computer that shouldn't be there. In particular, when I
start up IE, regardless of what I set my home page as, a
"Home Search" page comes up, along with a couple of pop-ups,
before I do anything. I went into Add/Remove Programs and
found at least a couple of programs that shouldn't be there:
"HomeSearchAssistent" and "Shopping Wizard" and a couple others
that I'm nto sure of. When I go to remove them, it says "Problem
with Shortcut: Unable to open
"http://looking-for.cc/uninstall/ShoppingWizard.html" What can I
do to get rid of this crap?
\_ AdAware doesn't find/remove everything. There are a number of
nasties that will reinstall themselves. I suggest running
several tools sequentially, including stuff like SpyBot Search &
Destroy -- http://www.security.de . -John
\_ Oh damn you got the Home Search krugerware. Kill it and comes
back to life. It is going to take a while. But here:
http://www.short-media.com/review.php?r=259
BTW, Spybot/Ad-aware are ineffective against krugerware.
\_ Thanks. I went and tried this and after spending most of my
day trying to rid my computer of these viruses, I got
nowhere. I'm not trying to be sarcastic. I really do
appreciate the advice, but I'm afraid I'm going to have to
reinstall.
\_ Google for "hijakthis"
\_ begin by switching to Firefox. For extra credit, switch to linux.
\_ I think I will switch to Firefox. I have a dual boot with
Linux and am using it right now since my Windows is so damn
unstable.
\_ More costly, but easier to implement solution: buy a Mac.
\_ Reinstall is pretty brute-force and it works but you probably
have a reasonable chance of getting rid of this stuff by hand.
For starters, while you're cleaning up, do not run the compromised
IE. Run Adaware, Spybot, Hijakthis, SpywareGuard, use BHODemon
to disable any and all suspicious-looking BHOs. Get the process
view utilities from http://sysinternals.com to find the resident
processes that have no business being there - google for any
image name that looks weird. Some of them will have generic names
like service.exe - find the location of the executable and look
at the file date, if it's on or after your time of infection,
it is likely bogus, even if it is sitting in system32. Run one
of the many utilities that show startup-launched processes,
disable anything that shouldn't be there. Same goes for services.
After all this, try IE again, although you may want to downgrade
yourself from Admin first. Check security settings of Trusted sites,
remove sites that don't belong there, crank up Trusted sites
settings to something similar to your regular Internet zone, fix
your homepage, etc. As to linux, Macs, Firefox - these things
can help but only in the short term, they are basically
"security through obscurity" and you can be sure malware will
get to them as well. Until systemic solutions appear (if ever)
the only reliable defense is knowing what your environment
looks like when healthy and knowing how to make it so. -pvg |
| 4/4 |
|
| looking-for.cc/uninstall/ShoppingWizard.html" Not Found The requested URL /uninstall/ShoppingWizard.html" was not found on this s erver. Apache/1.3.28 Server at looking-for.cc Port 80 |
| www.security.de target This page requires that your browser supports frames. |
| www.short-media.com/review.php?r=259 Date: September 04, 2004 Why You Should Home Search takes over your browser. If your PC is going places you don't want it to then here's your guide to remove Home Page Assistant hijacks with Short-Media's Home Page Assista nt Removal Guide! Editors foreword: There are the talents of many of our staff that have sp ent countless hours getting this guide and Short-Media's other guides an d tools prepared to help you defeat spyware. If your PC is going places you don't want it to then here's your guide to remove Home Page Assistant hijacks with Short-Media's Home Page Assista nt Removal Guide! Those are some of the names it goes by but people whose computers have be en hijacked by this home page can think of a lot of other names they wou ld like to call it! If it does, you, like many thousands of internet surfers, have been hijac ked by the Home Page Assistant (HSA) hijack. This hijack is widely beli eved to be a new version of the infamous CoolWebSearch (CWS) hijack, one of the most wide spread and well known hijacks to date. CWS had its' n emesis though: the highly popular CWShredder program, which was updated regularly to fight new variations of the infection. However, CWS is bei ng replaced by HSA at an amazingly rapid rate, and the maker of CWShredd er has said he has no plans to try and create a removal tool for HSA at this time. There are a couple of programs on the web that claim to remo ve HSA, but they do not work in every case, as this hijack has a few nas ty tricks that make automated removal harder to accomplish. The Home Search Assistant (HSA) browser hijack is a very persistent hijac k It is characterized by multiple redundant dll and exe infection files , all with random names. These are reinforced with a bogus background service that makes sure the infection stays alive. Users who thought th ey were pretty good at using the Hijack This program to remove malware g ot a sudden surprise. They would delete some randomly named entries and the associated files, and assume they were all cleaned up. But when th ey next opened their browser window, there it was again! while you are busy smack ing one on your arm, another one is landing on your leg. The Home Search Assistant file names follow some recognizable patterns, s o with some patience and determination, it is easy to figure out what th ey are. The key is to identify the hidden service running on your comput er, and disable it, so that new files are not spawned every time you del ete the current one. Easy: malware fighting websites have quickly identified the phony names the services currently hides as, and are eagerly on the watch for new variations. Since being published in mid-August, our removal guide has been viewed by tens of thousands of computer users, and leads numerous search engine h its for this problem. "But I am not very good with computers, I don't know if I can do this!" And if you do have trouble work ing through the guide on your own, help is only a click away! One of our experienced users will point you in the right direction to solve the problem. Home Search Assistant Removal Guide The Home Search Assistant (HSA) browser hijack is a very persistent hijac k It is characterized by multiple redundant Hijack This entries and re- infection files, all with random names. The biggest obstacle to solving this hijack is that the file names and HJ T entries rename themselves when the computer is rebooted. We believe th ere are 2 different ways the files/entries rename themselves: either whe n you shut down the computer, thus ending the active processes; or, when the computer is booted up and the processes first launch. We have had r eports from users that this can happen even at startup in Safe Mode. exe: This program is reported to work in several instances. If HSRemove does not work for you, then you will have to manually remove the files and entries from your s ystem. At the present time, we are using a fix that involves breaking th e renaming cycle by hard-booting the computer. A hard reboot is shutting down the computer and restarting it by killing the power to the system. In other words, DO NOT REBOOT THE COMPUTER USING THE START MENU BUTTONS FOR LOG OFF OR REBOOT. Manually shut the computer down, by either: * yanking the power plug out of the back of the computer or out of the wall outlet, waiting a few seconds, then plugging it back in; t=12261 That thread includes links to the most recommended applications. Finally, after doing all that, you can proceed to remove Home Search Assi stant. I will use some example HJT log entries for this explanation. YOU R HJT ENTIRES AND FILENAMES WILL PROBABLY BE DIFFERENT THAN THESE! Use t he explanations I will provide shortly to determine your problem entries / files. Omegakiller Thousands of users worldwide have become suddenly familiar with unwanted webpages because they had their browsers hijacked. Learn how to protect yourself and download our free custom tool to rid yourself of Omegasearc hcom and its variants. com is optimized for all browsers at 1024*768 resolution. All content is protected by international copyright laws. Reproduction is l imited to 1000 characters, including spaces, and must be prominently lin ked to source material. E very effort is made to ensure that all information is current and correc t at time of posting. E-mail the author with corrections or omissions yo u believe have been made. com, its owners or staff cannot be held responsible for any loss or damage, direct or indirect, resulting from use of information found on this website or its forums. com was designed by Doug MediaMan Kronlund and custom-built line by lin e by Dan Shorty Pass. Please feel free to contact the webmaster with sit e problems and review our privacy policy. |
| sysinternals.com Sysinternals File or Page Not Found Possible malformed HTTP request detected. Appearently you have requested a page or file that is not located on this web server. |