My suggestionn would be to post your AAW logfile at the Lavasoft forums explaining what's going on. You have to register there before you can post but it usually doesn't take too long to get a confirmation email. You can get to the forums by clicking on "Team Lavasoft" under my name. How To Post Your Logfile

0

Had the same problem. A friend of mine who knows a bit more about computers than I do fixed it. ther is an .exe somwhere that keeps changing your registry entries and favorites back as soon as you delete them or change them. you must delete this first or all your eforts are in vain. Look here C:\Program Files\Common Files\Services if there are some .exe files with official looking names such as directx.exe or exploreer.exe these may be your culprits. I had 4 of them they were all 22K, and their date created was the same time the problem started. Sorry can't rember all the names. See if any of them are running in Proccesses in your task manager (ctrl+alt+del). Try ending any that are running. See if your registry and favorites still change themselves back now. don't know if they will be in the same place for you. hope this was helpful :-)

0

Here is what WORKED for me. I downloaded StartupCPL from download.com It shows all the programs that are registered to start up with windows. In that you will find "c:\Program Files\Common Files\Services\time.exe". But wait, even if you delete it, it comes back in 10 seconds. So, open up task manager, delete the process time.exe first. Then, go back and delete time.exe from all start up programs. Now if you restart the machine, the monitoring worm will not start. Now go back and revert all the entries like IE home page etc., This was one tough worm to get rid off.

0

I did a similar thing to Prasad. Like he said this was one biatch of a worm. The creator is lucky I'm no Leet hacker otherwise I'll be hacking his ass off! Anyways, access your currently running tasks (ALt Ctrl Del will also do) and close anything that you don't need. Also check your startup programs (run msconfig.sys on windows ME, or use third part programs. I use Spybot on XP) and uncheck all the stuff you don't need. If you are not sure find that particular file and check properties and see where it is from. I then deleted ALL the exe files in c:\Program Files\Common Files\Services\, because there were more than one worm! ALL WERE ABOUT 22 kb. ALso stopped auto restore function in settings and cleaned the RESTORE folder as well and TMP folders. I then ran HijackThis, and removed all the magicserver entiries AND any reference to above folder. Change your homepage to other than Magicserver in explorer. CLoseprogram and restart computer. It should be GONE!

0

This was a hard one to get rid of. It also hides itself in windows/system32/ under names such as: sistem.exe iexplorer.exe and some other names, check dates and size and you will find them. some are impossible to delete with ordinary methods. I renamed them to someting like 123.abc so as to prevent anything to start them. If I ever get hold of the guy who made this; well I have frinds i low places.

0

I've used this site to fix countless programs on my computer, and I had this same problem. I used your guys' suggestions, and got rid of the worm. I can't say thank you enough. I went into C:\Program Files\Common Files\Services and found 8 .exe files that were all 21 kb and were created the day that the problem started. I deleted them all (for some I had to CTRL+ALT+DEL and end the program) and emptied the trash. Then I went into the registry editor and searched for all files containing "magicsearch". I deleted all the files and the problem was gone. THANK YOU THANK YOU THANK YOU!!!!!!!!! The people on these forums are the best! Reed Strickland

0

ok i have had the same problem for over a month and i cant seem to fix it. Im glad i finally found somepeople who have experienced what i am CUZ THIS IS SO ANNOYING!!!! but ya i looked in the C:\Program Files\Common Files\Services folder and i have NO .exe files!!! i am so upset cuz like i havent tried the first part of this discussion because it doesnt appear to be working for other people, now i havent done a registry search because unfortunately im unaware on how to do so. Im in university right now, first year, and i use my computer ALL THE TIME!! like not even norton anti virus or the rez anti virus have been much help whatsoever. What other folders could i check for these .exe files or how do i search my registry???? Anywayz i know misery loves company so im actually happy im not the only one who has gotten this although i feel for every one of u. Ive been coping but still there comes a point where i want to take a hammer to my computer and beat the living crap out of it hahahaha. anywayz if someone could please help me that would be great

0

search folder: C:\Program Files\Common Files\Services file : users32.exe rename or delete it

0

i have the same problem theres actually a guy whos dedicated to killing this trojan. his homepage is here: http://www.merijn.org/cwschronicles.html or http://216.180.233.162/~merijn/index.html

0

I had the same problem. Thanks for the help. I actually had 15 files in the … /Services directory, all 22K and Feb 3rd. There was no Time.exe running in the task manager though. Through a bit of trial and error I found the match between one of the 15 files. It was “window”. The 15 files included a lot of common looking files including, directx.exe, directx32.exe, explore.exe, iexplore.exe, time.exe, uninstall.exe, win32.exe, window.exe, winmngt.exe, win32e.exe, user32.exe, etc. Finished it off by doing a search in regedit for the “magicsearch” URL and changed them back to my preferred page. Everything seems fine now. Thanks again for the help. rob

0

hahah u post the web page and i cant even go to it lol. Anywayz as i said before. I HAVE NO FILES IN THE SERVICES FOLDER so i dont understand it, where could it be man???? this is annoying to no extent. Im going to search for those files and see if i can find them in the same folder, ill delete them from that one but i have no files in that folder man

0

They dont have to be in C:\Program Files\Common Files\Services On my computer they where in c:\windows\system32 And I had to do the thing twice as there was one file that didnt show up until AFTER I got rid of all the others and had restarted.

0

thank you.I search the registry for "magicsearch" and delete all files and change the default in registry to "http://www.yahoo.com" and it works.

0

Guys I need help. My homepage has become some porn site. No matter how i try to change it, it keeps coming back when I restart it. It also leaves some other sites in my favorites. How do I stop this? I'm a complete newb, can someone explain this slowly to me?

0

Man this stupid thing is a pain in my u know what. It is so fucturating that the day i uninstall Nortan Anti Virus, this stupid worm comes on my system. now reading through, maby Nortan wouldn't be as much help as i think. aneyways, i am still having problyms with this.. and as posted before, i cant find the accuall files in my computer. I inabled 'Custom' in Ad-adware and that didn't seem to do the trick. The funny thing is, the tec person who i was on the phone with told me to install SpyBot, and as soon as i searched and installed it to my computer, one of the posts said that SpyBot dosent work. I find that if you want to visit a website outside of 'magicsearch', then you have to type in the FULL URL. Such as Http:// just typing in WWW or the website.com wont let you go outside of the magicsearch site. Now I installed a game, accually a couple of games from Sharewareriver.com it was some simulation games, and they needed DirectX and DirectX3D and stuff like that, i dont know if they installed thoes behind the installation of the games, but maby thats another reason why we are gettin this..? Has aneybody recienlty installed any DirectX programs and came with this problym? Well As I read Through, i didn't quite understand what u guys are saying, i did a searh of the h..what ever files and the js ones too...deleted acually all of them... then manually searched my computer but came up with nothing...can any body help me with this, i may have brains, and have a ideal idea of computers, but when it comes to manually fixing WORMS, VIRUSES and other things without the click of just one butten, then i get lost. Thanks

0

http://magicsearch.ws/contactus.php Anyone try their "instructions"? I'm afraid to do so. Been trying to get rid of this (followed all directions stated above - used adaware & spybot) & so far no luck!

0

i am willing to help! i hav the same problem with you before dudes. but i foud a way to kill this magicsearch.ws Here is the steps. ***HOw to Kill Magicseach.ws SPYWARE**** by Brigs Symptoms: your home cannot be set to any other site but www.magicsearch.ws A.) for XP: Press ctrl+alt+del to run taskmgr.exe Go to processes for Other OS: use any process viewer or killer End or Kill every process named with the one of the following: autorun.exe clrssn.exe directx32.exe explore.exe explorer32.exe inetinf.exe internet.exe sistem.exe uninstall.exe systeem.exe iexplorer.exe exploreer.exe directx.exe time.exe users32.exe volume.exe win32e.exe window.exe winmnt.exe B.) do this in the registry editor : 1.) HKLM\Software\Microsoft\Windows\CurrentVersion\Run must delete string name "coolwebprogram" 2.) HKLM\Software\Microsoft\windows\currentVersion\URL\Prefixes\ Change the value of www from "http://www.magicsearch.ws/?q=" to "http://" 3.) HKLM\Software\Microsoft\windows\currentVersion\URL\DefaultPrefix\ Change the value of www from "http://www.magicsearch.ws/?q=" to "http://" C.) Explorer Delete these files: C:\Program Files\Common Files\Services autorun.exe clrssn.exe directx32.exe explore.exe explorer32.exe inetinf.exe internet.exe sistem.exe uninstall.exe systeem.exe iexplorer.exe exploreer.exe directx.exe time.exe users32.exe volume.exe win32e.exe window.exe winmnt.exe temp.txt init.sys network.sys Wipe your hard drive's free space... Brigs

0

OMFG!! ITS FINALLY GONE!!! yo thanks for that post brigs, i mean i had internet.exe hiding in WINDOWS/system folder and ocne i deleted that i just delete all 'magicsearch' in the registry and IT WAS GONE!! omfg its been like over 2 months about lol muahahaha blow me u f*cking virus

0

Whats the registry editor? :S???

0

For magicsearch.ws, Nachi.A worm and search central removal see the solution by going to www.aameen.org, go to its forum by clicking the button of forum given on top row on website. There on forum there is complete and working solution of it given under Troubleshooting, Virus and adremoval topic/category. iinfoque

0

Thanks Brigs, but before i can try your method, i need to know.... what/how do I get to the registry editor? I'm sorry, but I'm computer illiterate.

0

to: ln187347 I posted the solution to MY problem here: http://bogesoft.bgfree.biz/magicsearch_fix_procedure.txt As I can see from your first post, there seems to be very similar situations. Hope it helps other people too. Also take look at my post to the above mentioned forum: http://forumer.com/index.php?mforum=aameenorg&showtopic=4&view=findpost&p=7 There is something important, that happened to me ;)

0

to get ur registry editor or atleast for win XP go to ur start menu and click run, then type 'regedit' and click ok. Then i went to 'edit' and then 'find' and typed magicsearch. I ended up combining a lot of the suggestions but endinng and deleting the program is the key to it all. as far as the other windows u may hafta search the help files for how to change ur registry

0

Hey i know i have the smae prob... try this it might work... start run type in msconfig and go to startup and take off tike mark for the names ex.. autorun.exe clrssn.exe directx32.exe explore.exe explorer32.exe inetinf.exe internet.exe sistem.exe uninstall.exe systeem.exe iexplorer.exe exploreer.exe directx.exe time.exe users32.exe volume.exe win32e.exe window.exe winmnt.exe temp.txt init.sys network.sys autorun.exe clrssn.exe directx32.exe explore.exe explorer32.exe inetinf.exe internet.exe sistem.exe uninstall.exe systeem.exe iexplorer.exe exploreer.exe directx.exe time.exe users32.exe volume.exe win32e.exe window.exe winmnt.exe Or tehre might be.. some thing like win32e that is one off then to... i beleave... u can see where the file is by jsut lookin at the command collume and restart... it it helps tehn use it ... if not then change it back to what ever... u had before..

0

I GOT ONE MORE answer if u do'nt see any files in C:\Program Files\Common Files\Services ............. Try Goin to C:\Program Files\Common Files\Services and go to tools->FolderOptions->Views->and Unable those ........Hiden Files.... That might help you... See all those hiden Files.... MAn... I AM THE BEST.. j/K lol U guys heldp me get through this much... thanx for telling me its at C:\Program Files\Common Files\Services Have a nice Life.. Bye

0

do u have to remove initial & systemxp to form the C:\Program Files\Common Files\Services ??? plz replay me fast or email me some_911@hotail.com

0

Hey guys - I noticed another couple things this worm did to my computer - there is also a notepad32.exe that it puts in your windows directory. It takes notepad out of the Open with... right click menu and puts notepad32.exe in there (it has no icon). running this will revert everything back to the magicsearch.ws crap. just a warning. Also, since this has happened I haven't been able to go to have it open the program when I "Choose program..." in the Open with... menu. Does anyone know what's going on with this? Thanks.

0

Guys... if i were to delete some text files in my Systems folder, would it mess up my PC?

0

that last has nothing to do with the current problem. Anyway: Yes! You are free to delete any *.txt file from your system folder (if you find any, there aren't much of them there) tcrex2000, if you had read all the posts here, you'll noticed my post above, where I already wrote about that extremely dangerous notepad32.exe file ;)

0

Hello everybody! Need to ask for help. Have the same problem with "magicsearch" (WinXP, IE 6). Tried to look for 22 kb .exe files, look in .hta or .js files for "magicsearch" - found nothing. Instead, found some suspicious folder: C:\WINNT\Prefetch with a plenty of "unknown application .PF files"_ like this: ALOGSERV.EXE-00FDB330.pf START.EXE-2629DD07.pf; etc. created near the time when this bloody "magicsearch" appeared... What kind of crap is this? Please, teach me how to kill this crap. But just one more problem - I'm just user, not a pro...

0

Probably you don't see the files, because they are hidden. In Windows Explorer go to "Tool" -> "Folder Options..." and then to "View" tab. There locate "Show hidden files and folders", select it and Apply/OK After that try to search for the files again. This Prefetch folder is system folder, where WinXP stores information about applications that are one ran. This information is not critical. It is there so XP can start the same applications faster the next time you run them. Hope this helps! Regards, Boian

0

Thank you for reply and the explanations concerning \Prefetch folder... I had an option, where I could see hidden files and folders, but saw no suspicious 22 kb .exe files. I don't know, where they where hidden, and actualy don't care about that anymore, 'cause went on site, as it was advised in Responce #15, downloaded small program, which succesfully cleaned my comp out of this trojan. Only one thing had to do - re-assign proxy and check TCP/IP - somehow it was affected by cleaning, but that was not a problem.

0

Hi I'm having a problem geting rid of a toolbar called enc I think. It appeared around the same time as Magicsearch. No one seems to have mentioned it yet.

0