I got this today and was successful in deleting it. You need 3 programs to do all of it. HiJackThis Uninstaller Pro Ad-adaware 6 The key is to run Ad-adaware first. Then get new definitions file. DISCONNECT from the Internet! Run HiJackThis. Kill of the files about IE startup pages. Kill the file about "addhd" and anything else that looks bad. Run Uninstall to "force" the 3 programs out. Run Adaware and kill the 2 registry and "addhd" file. Reboot. I hope this helps.

Seriously, has anyone tried the system restore feature in WinME/XP yet? It worked for me...well, I'm on day two of freedom from HSA. I also had on my system the other two, "search extender" and the "shopping wizard" and there are no signs of these on my computer at this time. I should also say that I had installed GhostSurf Pro which did nothing to remove HSA, but with the system restore it too was removed. Give it a try, what have you got to lose? Can't tell you how good it feels to be rid of that crap. The jerks that create this stuff should be jailed! I'd sure like to hear from someone else that has been successful with the system restore. I'm worried that as I approach a certain date (whatever that date may be??) it will all come back.

hi guys.. you are all great, erik, i was following your instructions because i also have shopping wizard, search extender, web search toolbar and win tools easy installer. on hijackThis i found a whole list of things but i am affraid of deleting something i should be touching... i have 53 entries... how do i know which ones are bad ones Signature

I have just removed home search assistent like this... 1 Update Ad-Aware (then dis-connect!) customize settings to include scan within archives, scan active processes, scan registry, deep scan registry, scan IE and scan hosts, delete anything dodgy that shows up and delete it from quarantine. 2 Run HiJackThis and delete all files with IE startup pages, anything to do with javahh or addd and anything suspicious. 3 Use ProUninstall and remove the three programs by forcing them out. 4 Use regedit and search for addd and delete these files, make sure you don’t delete anything where addd makes up two other words! 5 Re-boot and pray! It worked for me hopefully for you too… ~CLAIRE

I got rid of it, though it was fairly difficult. I ran a combination of erik's and Jeff's stuff, though when I deleted it using pro uninstaller 04, it came back. What I needed to do was go into C:Windows and C:Windows/system32 and delete all the .exe's it created, and then go into C:Documents and settings/(user name) and delete everything that looked suspicious, including a downloaded installation and application data (and more). Then I tried it all again and pro uninstaller 04 worked. Before all this, I tried system restore. It did not work. The reason for this could be that the programs automatically created files, and system restore does not touch those. vienna, delete anything that looks remotely bad. If it says "msn", then don't, but if it says "addhd" or anything else bad, delete it. You will end up deleting most things HijackThis finds, and if you delete something good, don't worry, I'm sure Windows wil put their crap back in when you're done!

Vienna78, Hijackthis finds files that are mostly unneccessary or hazardous, I was able to remvoe home assistent by removing the items that had something like xmrvd or the word home search in it. It was the first couple of entries, I believe it began with HRO or something like that, follow my instructions again and be sure to remove anything that has xmrvd (close to that) and home search :D

hi all... thanks a lot for your comments... i am having a partial success.at least my IE page is back again. but more i work on this, more problems i find out but no positive solution. i got rid off 2 things but still have shopping wizard and search extedner. but there is also now HSA (was not there yesterday) and few others that i never heard of (bridge, sevinst, shockwave flach). i tried everything inculiding consulting forum/12346 but no change. uninstaller pro 2004 that i have forces them out for a minute or two and after refreshing they are all there again. i deleted most of the hijack this things and now i am missing small messenger,printer, norton and icq icons in down right corner. is this normal? can i get them back? any suggestions? it is totaly anoying to have this crap but is it to expect an update from microsoft that could fix all this at once?

I was going crazy about this thing until i found a solution. I did a system restore to about 2 weeks back and voala. Home Search Assistant is gone

wexlax732, Thanks for reporting on your success. I thought I was the only one who had been able to get rid of this "thing" by doing a system restore. Glad to hear you are free of it. I'm very leary about downloading any other freeware, shareware solutions. I got HSA and its "buddies" by downloading a newer version of one those programs that was supposedly able to protect my system from just such an attack. Thanks.

Thanks Atomic Dog--stopping the service was key! Die search ass's!!!

Hey System restore works for xp. Thank you guys so much. I googled Home search assistant for a while and when I finally tried Home search virus ya'll showed up. Does anyone know how this crap actually got on your computers? I though you had to give a program the ok to download and I didn't see anything. It just jacked my homepage, and slowed every application to a crawl.

NEED HELP!!!! I'm having the same problem with this Home Search Assistent. I tried the System Restore method but its useless because the only dates I have available are after my computer got Home Search Assistent. Does anybody have any other suggestions on how to get rid of it?

I don't know if mine was buried in deeper but ALL the above suggestions did not work for me. First, the program is protecting itself by processes and services. If you remove the process the service restarts it and vice-versa. The system service is "Network Security Service". Simply disabling and stopping this is not enough. But the key is not to remove the service because it will create again with next IE execution. Your Guest account is SUPPOSED to be disabled, right? AHA! Set credentials for the service to run as Guest and it will not run. Got your ass now. NOW run Adaware and Spybot to remove pieces left over. Still might need to run Hijack this to clean up too. But this worked for me when ALL above information failed. I do credit all the info above for leading me in the right direction. Thanks guys.

i have this bi#ch on my system and it is not going away i have followed the above steps the only problem is it has a backup somewhere because i have deleted the reg entries i have done ad-aware, hijack this, cw, uninstaller pro, and three virus scanners, not to mention that we already know where it is but, i had it cleaned out for two hours then Bam it was back. the only problem is its not there in the reg or in sys32 no temp folder prefetch is gone hijack doesn't see it and it comes back again and again. short of formatting im out of ideas oh and my friend says that the uninstall they offer is bogus it goes to a saved html i wasn't even connected to the net and it told me i downloaded the file so i figure it uses the uninstall to RE-INSTALL, so i guess if someone could help me here it would be great.

i did the same thing. i followed the steps and advice of many people and i was able to remove the three programs and all the home search assistant stuff, but some where along the line i turned system restore back on. now everything is fine and my homepage is back to normal, but every few minutes only while on internet explorer, i get sent to random sites (mainly porn) and i run hijackthis and ad aware and find nothing resembling what i used to have from home search assistant. All the infected files in windows and system32 are gone, none when i run regedit. The only thing different now is that i get Trojan.Byte Verifier warnings or something and norton says it has removed them...so now i dont know what to look for. any help would be appreciated.

I have tried it all! Would someone be willing to field a call from me to help me get past this thisg? PLEASE!!

I am running Windows ME, and I was able to annihilate this little b---tard by following the procedures that Erik posted back on 6/21. For some reason it didn't take the first time, but the second time through it worked like a charm. I have rebooted my system several times and opened my Internet Explorer several times as well, and thus far it seems to be gone. Woohoo!

Many are getting this little nasty. It is from hell. I battled this thing using all of the conventional methods. I lost. I found this site and tried atomicdog's way of removal. For the most part it worked, but I still had problems. I could not get rid of the three entries mentioned by others. I followed clairebear's advice and dowloaded UninstallPro and Hijack this. I already run Adaware. It seems to have removed HSA and its companions. Now I am left with one problem of an unknown error occurring when I start my computer. Don't know what this is. This nasty creton buried itself deep within my machine. Now, one question, Claire, r u my daughter? Dad virus'! Suck!

Hi all, NEED HELP - anyone, I have been dealing with this crap for a while to no avail - wondering how I actually do a system restore - I have XP Professional. Please help. in the meantime i am trying your suggestions - thank you for the posts arleady up here. Please help me - i know just enough to be dangerous - is there a step by step restore set of instructions for xp? thanks. jcashman

hey....i was searching the web the other day and i closed out my ie browser...i went to re-open it and some home search assistent web page came up....i tried to change my homepage back to google but it wont stay...i went to add/remove programs and saw 3 programs all related. i try to remove them all and they wont uninstall...i have Windows ME ive tried everyones removal processes from above but none of them seem to be for Windows ME...oh ya, the 3 program names are Home Search Assistent, Shopping Wizard, and Search Extender...if someone can PLEASE help me out that would be greatly appreciated!...thanx for all your help!

Out There ? No I dont think i'm your daughter! But I am glad most of your problems where solved.. ~CLAIRE

ok ok ok guys now check this out... My comp is way outa wack... i tried all these things except system restore... beacuase when i do the restore... my comp just restarts by its self and it also does that on it's own when i'm online... so can some one please help me with the home seach stuff and tell me why my comp restarts for no reason :D ... thanks all .. and 1 more thing i have windows xp

Hi there, All these advices were very good for me but nothing worked really because the 3 softs came back each time. I finally found out a file SDKJF32.exe in windows\system32\PREFETCH and in this location, a lot of incredible files. I deleted all and make again the 3 steps (ad-aware - hijackthis - uninstallerPRO ) and EVERYTHING IS GONE !!! Reboot and nothing back ! Hope this will help you as it helps me and don't forget to place your own experience here because we all need to be together against virus !! Thanks Pr.Phosie

i've had this HSA bugger for 2 weeks, can't shake it. spent hours doing regedits, virus hunting, ads-aware, etc.... i want to try the system restore method - can somebody pls tell me how to do it? I am running XP. thanks!

hello... I also have the 3 f***ing Search extender, Shopping wizard and Home search assistent. please, can anybody tell me what can I do if I'm with Windows'98 SE? for me it's the first time that I'm having such a big problem...so tell me the things in a easy way... HELP!!!! thanks,

OK...Phosie is on to something. I've been fighting this thing for 4 days and it just worked. I'm running XP Home and it worked after 2 times. I think you need to hold your mouth to the left and shake your right foot. It worked for me! Thanks Phosie and everyone else that pitched in for me!! Dean

Hey, The boys at MajorGeeks.com had a breakthrough. Download this hijack program and run (at your own risk of course). It worked for me on the first time. Good luck. http://www.majorgeeks.com/download4284.html

DO THIS! I HAVE HAD TRIED EVERY BIT OF ADVICE ON THE INTERNET AND NOTHING WORKED. BUT THIS DID. REMOVED HSA, SHOPPING WIZARD, AND SEARCH EXTENDER AND MY HOMEPAGE DOESN'T RESET ITSELF TO THAT DUMBASS RES:// CRAP!!!!!! http://tools.zerosrealm.com/AboutBuster.zip or http://www.downloads.subratam.org/AboutBuster.zip DOWNLOAD ABOUT BUSTER FROM ONE OF THESE SITES AND RUN THE PROGRAM AND SCAN. ALL .DLL & .DAT FILES WILL BE REMOVED WHICH MUST BE CAUSING THIS PROBLEM. IF THERE ARE ANY "ERROR REMOVING" THEN FIND THE FILE YOURSELF AND DELETE IT. IT WILL SHOW WHERE THE FILE IS. THEN RUN THE HIJACK AND CLICK ON THE BOX NEXT TO THE RANDOM 02 (BHO WHICH IS A .DLL) I DID THIS AND IT WORKED!

Thank you thank you thank you, bryan! that tool worked so simply and awesomely in combination with hijackthis! my computer was cleaned of those f***ing spys in less that 5 minutes and on top of that, 3 various other error messages i was consistantly recieving, now stopped as well. thanks!

Yes, Bryan your solution worked for me also. Thanks. But now I'm getting random returned mail in my hotmail account, I have 11 from today alone! They will say Mail Delivery Subsystem returned mail, or MAILER-DAEMON@infocom.co.ug returned mail, from people I've never heard from. I'm wondering if this could have any connection with these programs. It's almost like they've hijacked my email for the purpose of sending SPAM. I don't understand it. Any suggestions/explanations?

Thanks Bryan, your solution really helped. I am still getting a shell.dll error once in a while, kinda weird. Thanks again. -Anthony- Wains World, Wains World, Party Time, Excellant!!

Brian, thank you so much! I took the liberty to copy/paste your threat to some dutch forums to help more people to get rid of this. Thx thx thx thx

hi bryan it looks like it worked for me as well! i have been following this forum for 2 weeks and tried everything. first, system restore had worked but one day after those three things were back. i hope you way will get them off our systems for good. THANKS! Travis, i am also getting the same emails on my hotmail. if you hear sometnig new regarding this, please let me know! thank you all....

Still have two entries in my ms config file that have no names - just lots of little boxes. Get an error message upon start up saying that Windows can find "little boxes" in my registry, etc. HOW DO I DELETE THESE from the start-up tab?? I tried to just "un check" them, but then get a different error message saying that "you have used the configuration utility to make changes to the way windows starts" and that i am currently in the diagnostic or selective start up mode. How do I fix this, please ?? Thansk!

Hello, I had this problem for about a week and none of the above options worked. Because i have Windows XP, I tried also the systems restore but the only result after reboot was an error massage. For my work it happens more often that i have to remove viruses ed. So I tried the system cleaner of Trend micro and after the first check it returned the massage 2 Trojan viruses found please reboot to clean. After reboot the whole "home search assistant" and all related registry entries and files where removed. You can download this cleaner at the folowing location: http://www.trendmicro.com/download/dcs.asp And you whil need the latest virus patern file: http://www.trendmicro.com/download/pattern.asp Succes. Daniel

Okay guys, This CWS-Trojan crap kept me busy for almost a week. I did most of the actions mentioned above, but I still got the Trojan. The Trendmicro-virusscanner - which was suggested by Daniel - found 2 Trojans and about 30 traces and deleted all of them. But after reboot... hell no! Coolwebsearch was still there!! So the Trojan must have been hiding in Windows system restore. I decided to disable system-restore, although that would delete all my existing restore-points. And it worked! For now, that is. It really looks like I got rid of CWS. Thanks for all suggestions!!

i fixed it!!!!! wow~~~~~!!!!! download HijackThis scan and fix and it will go!!!

oops it came back!!!! every time i del it it comes back!!

Just a quick note to let you know that Erik's procedure (response 44) works like a charm. Thanks heaps you LEGEND!! Go you good thing!!

Hey all, this is the first time I've posted in here, but I wanted to share with you how I got rid of Home Search Assistant on my computer. I'm running XP Home with Service Pack 1. I tried deleting registry files, I tried using Hijack This, I tried using HSRemove and following the instructions to a T, and I also tried About Blaster. NONE OF THEM WORKED. What I ended up doing was restarting the computer, hitting F8 before the Windows startup screen, and went into Safe Mode. It said to click "No" if I wanted to do a System Restore. So I clicked "No." Luckily, I had installed Dreamweaver MX yesterday, so I just chose that day for the System Restore. Clicked Next, Windows did its Restore thing, rebooted, and NO TRACES OF HOME SEARCH ASSISTANT. Not sure if this is the route everyone wants to go, but it worked for me, and I just wanted to share. Thanks.

I just want all of you to know, that I have Windows ME, and I have completely given up on being able to get rid of CoolWebSearch, looking-for.cc, Home Search Assistent, Search Extender, Shopping Wizard, Only the Best, about: blank, lookfor.cc, search-to-find.com, 171203.com, 69.31.79.101/index.html, res://*****.dll/index.html#*****. It has survived everything that I have tried, or heard suggested, in the last three full days that I have spent working on it. The IE Trojan Virus that operates it, apparently is the real heart of the problem and I have no idea how to get at it. I've read lots of good sugestions on how to get rid of the "symptoms"...that is, all the .exe, .dat and .dll files and registry changes it makes. I have downloaded all kinds of software that fixes those problems. But the problem is deeper rooted, because all of the syptoms come back, as soon as I log onto the net, or reboot....or sometimes even after I just wait a few minutes. Those who have described it as a "bitch" and a "demon" are dead on, for I have given up hope that it can be resolved without completely reformating my drive. For all the suggestions I've heard, I have read precious few that adress the virus that is at the heart of it all. How do I kill the trojan??? How do I keep this thing from coming back???? I am going to detail what I have done so far, so others will not waste their time doing the same, useless "surface" fixes. First, reluctant to download anything, I looked up information on how to manually find and delete the files associated with the spyware/adware. Don't waste your time. You'll never be able to find all the files and problems without software. I've been able to remove other adware manually, but no way on this thing. The only lasting thing I did manually was to fix my "hosts" file, which had a bunch of porn ISPs. I probably deleted a few files that I shouldn't have too. Don't ty to fix this manually. I turned off systems restore, so I could get rid of this stuff, without it ever coming back. I used the following programs, only after disconnecting from the Internet.... I downloaded CWShredder. While I appreciate the effort that went into its creation, it seems to be pretty useless now. This thing does not even scrath the surface of the problem. The only useful thing I got from this, was the link to information on how to remove the MS Java Virtual Machine vulnerability from IE. By the way, I got this virus, even though I have the last build of MS Java VM, so don't bother with any patch. I downloaded Hijak This. It is useful for clearing the register keys, but I don't really understand the rest of it. Unfortunately this virus mutates A LOT. I can't keep track of all of its random names, so finding "obvious" problems in the Hijak This report is rare. I downloaded AdBuster. This is great software and I love it. It finds most of the problem files very quickly, and simply eliminates them. At first, this program gave me hope. But the problem kept coming back. This is probably the only thing that is allowing me to get on the Internet without being redirected, because it resets the homepage effectively (albeit temporarily, once I'm on the net). By the way, you need to run in safe mode or end task on that one .exe that AdBuster can't kill. I downloaded the free AdAware software from Lavasoft, and updated it. Good software, and again, I had hope...beause it found a whole lot of files that AdBuster apparently missed (including Clear Search, AdDestroyer, Virtual Bouncer, 180 Solutions, Shop At Home, SahAgent, DO.exe and Alexa). However, the problems persisted. I downloaded the shareware version of Uninstall Pro '04, in an attempt to use a "forced uninstall" of Home Search Assistent, Search Extender and Shopping Wizard. It will delete all of these. But they will load back on in less than a minute... Nothing I do seems to keep these files from coming back! I figrued out that I need a combination of AdBuster, AdAware and Hijak This to get rid of all the "symptom" components of the problem. But I have nothing to stop the real problem, or permanently eliminate the HSA programs. Soooo.....what do I do now? It isn't working. None of it! It just comes back, sometimes, worse than it was. Sorry Jeff and Erik...no go! How do you kill this damn trojan???? I've heard that a systems restore is useless with Windows ME, and I'm not totally sure when I got it the first time (I know that I got the "bad" stuff 3 days ago, but I had a not-so-bad version of it, that I ignored, several months ago). My only solution seems to be to completely reformat my drive. Is that the best I can do? Is there no way to beat this piece of crap??? If it helps, I'll let you know what problems my computer is having with this. In addition to my homepage and searches being changed, my "Notepad" program keeps shutting down every minute or two and Windows Media Player won't run, unless I use "Open With."