Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hello. My internet browser has been hijacked by something called "Search Assistant." Each time I open a new internet browser window, rather than my home page opening, I get a webpage titled "Search for.." and in the address bar I get "about:blank." The webpage that opens has a directory of search topics and every once in a while a pop-up pops up saying something to the effect of I've got spyware installed. Each time I go to Tools < Internet Options < and type in "www.cnn.com" in the Home page Address field, www.cnn.com is the home page each time I click Home, until I close the browser. Once I close the browser and open up a new one, the hijack is back again. I tried going to Control Panel < Add/Remove Programs, but to no avail. The hijack is listed as "Search Assistant Uninstall" in Add/Remove Programs. Each time I try to uninstall it, I get "Uninstall Failed."
Please help me get rid of the hijack, as it is really annoying me.
The PC that is hijacked is running Microsoft Windows 98 First Edition and Microsoft Internet Explorer 6.
Much appreciated.
---Oompah.
If this helps any, here's the HiJackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 7:54:04 AM, on 08/09/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\SA3DSRV.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\ARCHIVOS DE PROGRAMA\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.exe
C:\COMPAQ\INTERNET\WATCHDOG.exe
C:\WINDOWS\SYSTEM\ATICWD32.exe
C:\WINDOWS\SYSTEM\ATITASK.exe
C:\ARCHIVOS DE PROGRAMA\WINAMP\WINAMPA.exe
C:\ARCHIVOS DE PROGRAMA\ZIPCD\DIRECTCD.exe
C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\NAVAPW32.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\ptsnoop.exe
C:\ARCHIVOS DE PROGRAMA\MICROSOFT MONEY\SYSTEM\REMINDER.exe
C:\PROGRAM FILES\TOOLS_95\IOWATCH.exe
C:\PROGRAM FILES\TOOLS_95\IMGICON.exe
C:\ARCHIVOS DE PROGRAMA\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.exe
C:\ARCHIVOS DE PROGRAMA\COMPAQ\ON-SCREEN DISPLAY\OSD.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.exe
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&query=%s&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂnculos
F1 - win.ini: run=,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {7F87E301-E7AD-11D8-9338-D92C24F9B0AB} - C:\WINDOWS\SYSTEM\EFLFKI.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EACLEAN] C:\Archivos de programa\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\ARCHIVOS DE PROGRAMA\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\ARCHIVOS DE PROGRAMA\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Archivos de programa\ZipCD\DIRECTCD.exe
O4 - HKLM\..\Run: [NAV Agent] c:\ARCHIV~1\NORTON~1\NAVAPW32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Reminder] C:\Archivos de programa\Microsoft Money\SYSTEM\reminder.exe
O4 - Startup: Iomega Watch.lnk = C:\Program files\Tools_95\IOWATCH.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program files\Tools_95\IMGSTART.exe
O4 - Startup: Zip Disk Icons.lnk = C:\Program files\Tools_95\IMGICON.exe
O4 - Startup: Iomega QuikSync.lnk = C:\Archivos de programa\ZipCD\QuikSync\QUIKSYNC.exe
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.exe
O4 - Startup: POWERR~1.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Archivos de programa\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Archivos de programa\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\ARCHIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O18 - Filter: text/html - {7F87E300-E7AD-11D8-9338-D92C4BB51530} - C:\WINDOWS\SYSTEM\EFLFKI.DLL
O18 - Filter: text/plain - {7F87E300-E7AD-11D8-9338-D92C4BB51530} - C:\WINDOWS\SYSTEM\EFLFKI.DLL
0 
I am also having this problem, it is really annoying me.
I cant even check my e-mails....it will load up then go straight to that web/search site.
Someone please help us get rid of it
0
Hi!
Sorry if you dont understand, I'm french.
I disabled the page about:blank with the search on the browser. I open the search and I click Custom. I change the search for msn search or you can try another one.
After this I change my home page and I never see about:blank at this time.
Good luck!
Eric Savoie
0
Hi
I also got this hijack problem, but i managed to found its source thanks to "Oomaph" for giving me the tip that it was visible through the add/remove program.
if you check the registry setting under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
you will see that trying to uninstall the "Search Assistant" will only reinstall it!
so, to delete it, delete the registry key mentionned above (optionnal)
and delete a file called gmb.dll located in the system32 folder
on windows 2000 c:\winnt\system32\gmd.dll
on windows xp c:\windows\system32\gmd.dll
im not sure for the other versions of windows, but just search for a file called gmd.dll and delete it !thanks
0
I tried gudenburg's advice, but couldn't find 'gmd.dll' or 'gmb.dll', so what I did was ran regedit (for those of you who don't know, it's: start->run->"regedit.exe") and then, starting at My Computer at the top, went to edit->find, typed in "Searchassistant" and then deleted all values and keys that contained that name. Finally, I ran AdAware to remove the last few bits. Crude, but I think it's worked.
www.chyoo.com
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
