Hi
I have a virus that resets my home page to searchclub.ws with the domain http://searchcentral.cc
I can't get rid of it, after changing it back. I have hijack this, if you want the log I have it.

Now I deleted a few strings that keep returning. And I still haven't fixed the problem. I downloaded a program called Hijack blaster, that changes it back, but it has to keep doing that every time I start up. I need to fix this...I checked the registry but I don't know where to look.
Can anyone help?
Thanks

Okay theres more....
Hijack Blaster Says the website is this

http://81.211.105.43/index.php?v=4

I searched the registry for this file and renamed all the files that it came up with to www.google.com.

Still to no avail.
So I think there is a file on my hard drive that is coninuosly activating everytime windows starts....

Help??

HAHAHAHAHAHA

I am a genius.

I downloaded CWShredder. Just for kicks. I had no hopes.
BUT!!! It worked. Everyone should have this program. Yes. I would kiss the creator, If I knew who he was.

Sorry if this post is in the way. I kind of solved the problem myself.

But for all ye who doth have this problem.
Get CWShredder. Its a life saver!!!

Hi!
I absolutely love CWShredder. It is fast, and easy. I like the fact that it updates a lot too. Thanks goodness(knock on wood) my comp has always been clean.
I am so glad that I come here to read a lot. Without this forum, I'd never know about Adaware, CWShredder, SpywareBlaster & Spybot S&D. I think they are all great programs and I use them every single night!
--Viv :)

Donate to your life saver.
Merijn.org

Viv (and everyone else who uses multiple scanning/removal programs) - Make sure you reboot after using each one before you scan with another one. ; )

i have the same f***in searchcentral thing, and i guess it appeared about the same time i uninstalled spybot... maybe spybot got me this?
any idea?
greetings,
thomas

I had the same problem (searchcentral.cc). I testet a lot of progs and my own ideas - they didn't work.
I read this posts and I testet CWShredder. It's the best prog for those problems! Very nice! I'm so happy!
Thanks to all the programmers that think up those progs.
By the way: Are pages as searchcentral.cc in need to do those s---??? I hate the methods thy use!

Greets

Holger
Germany

Well I have the same thing. I just noticed that there is an entry in the registry called:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\tlc

This runs C:\WINDOWS\update12.js

Edit update12.js and you'll find that it's changing your IE Start Page, among other things, to http://81.211.105.43/index.php?v=4 which is http://searchcentral.cc.

Sneaky buggers.

I'd say just delete the tlc registry key, go into IE and change your homepage back to whatever you want it to be and you'll be fine.

Errg! They got me too!
http://81.211.105.43/index.php?v=5 which loads http://seachcentral.cc becomes my home page in ie.

Everytime I change my home page back it does instantly change back to seachcentral. I can even reboot and it dosn't change back it take as an hour or so, before it change back. This is a nightmare. Seach and Destroy didn't find anything. =(
So i looked for the regkey entry noted by Tone, but could not find it. In fact I search for every .js file in the reg and didn't find anything that should not be there. The once I wasn't sure about I opened and maually read. All clear.
So now I will try CWShredder. But I really would like to find out how it was done and remove it manually. So any ideas let me know.

Look for a program called CDilla
Likely location: c:\C_DILLA

Do you have this?? I notice I have this now, and I never installed it! Also noted it was installed on the 24th, which is about the time I started to have this problem.

Coincidence: It’s the same date Baazar posted this problem… ummmm

I did however lie in my last post, search and destroy did find CDilla, I just over looked it. So if it is the culprit then search and destroy can help. I have removed CDilla from my computer if this problem returns I will post it!

I'm having the same problem with searchcentral.cc overtaking my home page...on the site there's a link for tech. support where you can download one of their programs to remove it from your home page...but I'm kinda iffy on trusting any .exe program from a company that is so evil in the first place...Has anyone tried this? Or does anyone think this might be a bad idea?

Lemme know,
Quinn.

Tone is right, but the update12 is run from the RunOnce registry key. so it's deleted every time. The cycle completes as you start IE, i guess search central home page reinstalls it. I solved the problem by renaming update12.js to aupdate10.js and resetting they registry keys it patches

No, removing CDilla didn't work for me. =(

I don't have update12.js on my system. And there is no reference to it in the registry.

Has anyone else found it using a different name?
Could someone send me their copy of update12.js? I will use it to try and find simluar file with different names on my pc.

Thanks

I broke down and used CWShredder.
It found the problem and removed it.

Lets hope it really worked. I guess I will know soon. =)

If didn't work I will post another reply.

To remove initial page go to:

http://www.searchcentral.cc/cleaner.exe

Per rimuovere la odiosissima pagina iniziale di searchcentral, scarica questo file. L'ho provato sul pc del mio amico ed ha funzionato.

http://www.searchcentral.cc/cleaner.exe

In my opinion you would have to be nuts to follow Marcello instructions.
Can you and should you trust running an executable file provided from seachcentrals website. NO of course not!!

CWShredder works, I’ve tried it.

I downloaded the Cleaner.exe File from these thugs and it seemed to have cleaned my Machine from the Homepage HiJacker. But instead they gave me a Keylogger Virus, that records every keystroke and send's it back to them as a text file, so they can read what you do on your machine.....
My Virus Program from Sophos found the keylogger instantly, after I downloaded their infected Virus File.
http://www.searchcentral.cc/cleaner.exe

Domain Name: searchcentral.cc
Registrant: Ivan Sergeev (ranker@pisem.net)
OOO Realny Poisk
25 Krasnih Partizan ap.25
Krasnoyarsk, NONE 660075
RU
+7-902-9414220

Administrative, Technical, Billing Contact: Ivan Sergeev (ranker@pisem.net)
OOO Realny Poisk
25 Krasnih Partizan ap.25
Krasnoyarsk, NONE 660075
RU
+7-902-9414220

Record expires on:
Record created on: Jan 23 2005
Jan 23 2004
Domain Name Servers: ns1.searchcentral.cc
ns2.searchcentral.cc

'ranker@pisem.net' own searchcentral.cc and search-biz.cc
i emailed him to tell him how much he sucks
everyone here should do the same
:)

I've managed to get rid of this annoyance for the most part, however, does anyone have any idea what effect this virus has? Does it just reset your homepage or does it do more such as stealing passwords, etc?