Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Im desperat, my browser starts with Lucky-search & Globe Finder. I can get rid of them and i have tried both Ad-aware and Spybot S&D. + CWShredder but they keep coming back
Now i tried the "HijackThis and i shows the following:
Logfile of HijackThis v1.97.2
Scan saved at 12:23:05, on 08-10-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
E:\ROD\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acc.count-all.com/-/?ydtfs about:blank (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?ydtfs (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?ydtfs (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?ydtfs (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?ydtfs (obfuscated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\ROD\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Tapicfg.exe] \tapicfg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011002/qtinstall.info.apple.com/qt502/dk/win/QuickTimeInstaller.exe
O16 - DPF: {59B18099-4C1D-4A08-A9F7-ED0554006749} (Select Class) - http://shopping.jubii.dk:9080/foto/components/photoupload.ocx
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://netalbum.a-photo.dk/upload-classes/Uploader.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O19 - User stylesheet: C:\WINDOWS\Web\win.defI really hope someone can help me what to delete!
Thanx in advance
I was having the same problem and I removed the win.def because it was identified as a Trojan horse. For some reason it was also causing my CPU to shoot up when i moved the mouse around when I was in IE, or when I was typing. I just got the virus very recently and my Norton Antivirus software just picked it up today. Hope this helps. Let me know if this works.
0 
i hav also my browser hijacked by the same thing, and let me tell you, nothing will
get rid of it. i hav tried every virus scan/free program on the net, and still my is coming up globefinder/ luckysearch etc. im going crazy!!!
0
I have been struggling with the same problem since 10/8/03. At first my homepage was directed to lucksearch then globe-finder and now to the message "this page cannot be displayed" with the following url in the addres bar;
http://acc.count-all.com/%2d/?%70%67%64%6f%63%20%20about:blank
Posted by ajdeman
>I was having the same problem and I removed the win.def because it was identified as a Trojan horse.<
When I boot up now a box appears stating that "Nortn Anti-Virus has successfully removed the file C:\windows\win.def and that it is now safe to use your computer". Still the problem presists.
>I just got the virus very recently and my Norton Antivirus software just picked it up today.<
My Norton progam also idnentified and removed 4 new Trjan horses yesterday but when I booted up this morning I see the problem persisits. Each day I go to Internet Options and find that my default homepage reads "about blank" instead of the url I entered the day before.
I have been in touch with Symantec (Norton) online support for 11 days now but so far have not found a solution.Posted by amams
>im going crazy!!! <
Me too!!!! :o)
PS At least now I know that others are having the same problem so maybe we can help each other find an answer to what I'm sure we all agree is an extremely annoying situation.
0
i had the same problem this week. you have to scan your windows directory for the file "tapicfg.exe" and delete it. then the problem should be fixed. it worked for me.
cu
jarwid
0
Jarwid,
Thanks for the tip. My wife just searched in DOS for the tapicfg.exe but it was not there. Maybe it was deleted earlier this morning when we ran a program called "cwshedder" that I learned about here on Computing.net.
I sure hope we are rid if this nuisance soon. It has been a headache for a
couple of weeks now. We restarted the computer after running "cwshredder" and
although it didn't initially go to my default homepage at least my homepage
setting in Internet Options was not switched again to 'about blank'. I won't
claim victory quite yet though because it has tricked me like this before and
then gone back to 'about blank' the next day.Thanks again,
Lincoln
0
yes lincoln, you're right to be still wary,
i have ran cwshredder and it finds all the crap associated with globefinder every time i boot up, and removes it all for you but it still comes back! i hav also ran HijackThis and that found the tapicfg.exe which i removed, but you guessed it, it still came back, its very aggresive it seems to regenerate itself from somewhere.
0
Amans,
Yes it is very aggressive and the perpetrators are undoubtedly some very clever folks.
It's funny, I never had any problems like this until I switched from dail-up to DSL in late August. If I had known then what lay ahead I would have just kept dail-up and had another phone line installed at my home. That was the main reason I switched to begin with. I needed to free up my phone line when we were online.
Of course that's just a wild theory since I really know very little about computers. I just know that since Dec. 1998 (when we first went online) I had no such hassles. We didn't even have any special anti-virus security program except for whatever came with Windows 98. Now since we got DSL and these problems started we have shelled out some more hard earned cash on Norton Internet Sucurity Security Professional thinking that this would solve things. No such luck.
On top of that the 30 day period AT&T gives you to decide as to whether you want to keep the DSL service has expired. Now it will cost $200 to get out of the service contract with DSL before twelve months have passed.
Sorry, I didn't mean to bore you with my troubles. :o(
0
I also erased tapicfg.exe on Saturday, and today is the first day either "globe-finder" or "lucky.net" was not automatically loaded as my home page. Ordinarily, under internet options, it states my homepage is "about: blank", which means globe-finder will be loaded as my homepage. Hopefully, google will now remain my homepage and I will be rid of the internet transmitted disease we call globe-finder. Does anyone know how to remove or delete "locators.com" from their toolbar? It seems that I started having the globe-finder problems, at the same time as locators.com appeared on my toolbar and explorer bar. I deleted "locators.com" from my program files, but still have its remnants on my toolbar.
0
yes lincoln,
i dont now how these virus scan companies
get away with it, i've tried Norton, McAfee,Panda, Stop Sign etc, knowing full well that i have a virus on my pc, yet all these scans have come back saying my pc is clean, its a disgrace, they take your cash
and give absolutely nothing, they are about as useful as a ''microsoft firewall''
need i say more!!
0
Go here. It will explain it all.
http://www.spywareinfo.com/~merijn/cwschronicles.html
I too had this problem, and it has since been deleted from my system. (Two weeks and counting....)
-Doug
0
How do you scan your windows directory for "tapicfg.exe" I am a rookie using windows XP and I have the globefinder- luckysearch problem. Thanks anyone who can help.
0
tommyboy,
go to www.download.com and download the program (HijackThis) its a very small program, open it up and click on scan, look through the list and it(tapicfg exe) should be there. left click so the tick sign comes up and then click 'fix checked' and your problem will be solved!
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
