Sheesh......a tough one.... I'd check around for a few more scanning tools and to some searching on those items. I'll check some too.....but...as always....it can be resolved....it's just a matter of finding it. But...at least your machine got a fairly good cleaning otherwise. Booting to safe mode can make a huge difference for many items. I'll check around some too. ---------------- ALSO....while this may not solve this particular issue...you'd be surprised what other items will be found if you physically connect the current HD to another computer (that you know is clean) as a secondary drive and use the same tools to scan it from that other computer. The other machine would not need to be in safe mode in such a set-up...but it would need to have the same tools installed and updated on its primary harddrive.

0

Check this thread....it's kinda old....but one of the solutions may work. http://www.markcarey.com/googleguy-says/archives/discuss-spyware-shows-fake-google-results.html Skip past the CWShredder posts and keep reading. (that is....if you're sure you got an up-to-date copy of shredder for your previous try) HTH

0

Another find: From majorgeeks.com ---- Join Date: May 2004 Posts: 1 Default Re: Google fake top page? Managed to finally rid this fake google search. CWShredder crashed running when it got to Smartsearch and had adaware and spybot run and still had this problem. I found that Windows Media Player was hijacked and the wmplayer.exe file had a newer date and there was now a wmplayer2.exe (probably the original file renamed). I restarted in safe mode and deleted this file and also did a search (remember to include hidden & system files in your search) for google in any file names (don't know if I really needed to do this), but when I restarted and ran CWShredder it got past the place it always hung up on and then was able to clear the SearchX hijack and now everything works great. Man this is the worst one I've seen (I'm an IT Administrator and I've seen lots!!) I tried HJT, editing the registry and just about everythinbg else to get rid of this---short or rebuilding the machine!! and now this worked....hope this helps. >>>>>>>>>>>>>> Join Date: May 2004 Location: chicago Posts: 14 Red face Re: Google fake top page? It WORKED !! To everyone out there, i did try everything too. followed all the instructions etc etc. This persisted. i was going to format. (am a little obsessive about the file system) However this worked. I didn't think it was going to because cwshredder didn't really do a whole lot, but i ran it and finished following Mafia's directions, and voila!!! I have google back! Thank you Mafia victoria Quote: Originally Posted by Mafia I FIXED THIS PROBLEM YESTERDAY 1)Google CWShredder.exe (download) 2) Empty all temp folders a) (c:\doc&set\%userprofile\Local settings\temp) b) (c:\doc&set\%userprofile\Local settings\temporary internet files and all subfolers, ie content.IEX) c) (c:\winnt\temp, c:\windows\temp) d) (did I miss any?) 3) Close all Browsers of all kinds 4) Run Spybot or Adware 6 5) REMOVE ALL 6) Run CWShredder 7) Reboot (DO NOT OPEN A WEB BROWSER) 8) Thank me!! The problem happens because the FAKE GOOGLE runs a script that reinstalls an infected file everytime you open it. CWShredder helps rewrite a certain file (haven't figure out which one) that fakes www.google.com (as well as others) Good Luck!

0

Kev, I appeciate you much assisted effort in helping resolve this, much to kind. I folled all those threads. Alot of people talk alot about CWshredder. But i run that and it find nothing at all. I did a search in the registry, and deleted every related to google, stil no go Im gonna pull my drive out, and hook it as a slave to another system, and run all these programs again, and delete all the tmps and cookies. ALso, some people on those post mentioned "HiJack this" so i DL that and ran it, detected a bunch of stuff as well, deleted all it found. still no luck, will follow up...shortly thanks again, let me know if you find any other ideas... this is a tough one...damm

0

Yeesh... I'll let you know if I come across anything else. Post back about that offline scan (drive in another pc)...just so we'll know.

0

PROBLEM SOLVED !!! THE 1 WEEK SPYWARE BATTLE ENDS. PASS IT ON TO ANYONE WHO NEEDS IT. IM NOT SURE WHAT PROGRAM ZAPPED IT BUT HERE IS WHAT I DID. I WENT TO DOWNLOAD.COM, AND DOWNLOADED THE TOP 5 PROGRAMS UNDER "SPYWARE" THEY INCLUDED SPYCATCHER V3.52 SPYWARE SECURITY (aKA junk) DONT USE COUNTER SPY V1.0.29 SPYWALL HIJACK THIS PRIOR TO THOSE ABOVE I ALSO RAN SPYBOT, ADAWARE, SPYSWEEPER, SPYWARE DOCOTOR, & REG MECHANIC, RAN THE UPDATES ON ALL PROGRAMS SCANNED, AND DELETED EVERYTHING THEY FOUND SPYTCATHCHER RETURN THE MOST RESULTS BE SURE ALL TMP FILES AND COOKIES OUT CLEANED OUT DO NOT OPEN EXPLORER ! ! ! RESTARTED SYSTEM YOU MAY HAVE TO REINSTALL THE GOOGLE TOOLBAR ECT.., AND RESET THE HOMEPAGE SETTING BACK TO YOUR PREFERENCE. IT SHOULD BE SET TO ABOUT:BLANK THOSE PROGRAMS SHOULD HAVE CLEARED ANY STORED SETTINGS AND WA LA GOOD OLE GOOGLE BACK TO NORMAL, AND YAHOO TOO. KEV, YOU HAVE BEEN MUCH HELP, I APPECIATE YOUR EFFORT AND TIME, IF I CAN BE OF ANY ASSISTANCE TO YOU, LET ME KNOW.

0

Whew.....finally Good to hear. Do you think what finally did the trick was one of those last programs you mentioned? SPYCATCHER V3.52 COUNTER SPY V1.0.29 SPYWALL HIJACK THIS Also....did you need to scan in safe-mode with the above programs?

0

It was either SPYCATCHER V3.52 or COUNTER SPY V1.0.29 they really apppeared to run a decent scan, and detected things all the others listed above did not. but i was so fed up, i just ran them all back to back before i attempted to see if it was fixed. I did not have to run in safe mode. nor did i have to run the drive as a slave. However i would have if the above did not work. I just rebooted after deleting what they found, and there it was. Such a relief, though i was going to have to reformat, that woulda sucked !

0

Thanks...I've heard that Spycatcher is supposed to be pretty good. Too bad both of those cost, but...it's easy to get spoiled on all the free stuff. Thanks for following up with what worked. I'm sure this will be valuable to many others.

0

Good to see you have solved it. This isn't really for you now but more for other people suffering similar problems and searching the forum... I had a similar problem (although not with google searches) on a friends computer. What i found was that if i scanned the computer with HiJack this (awesome tool!) as soon as i deleted the offending items they would return immediately if i scanned again. This was with all programs closed. What i found was two processes running that should not have been there and i think they were keeping each other alive... ie i would kill one and it would re-load immediately and unfortunately i could not kill both at once. I tried re-booting to safe mode but unfortunately they were still runnign active. The passive scan in another system trick would have fixed me here im sure, although adaware and spyware nuker (both up to date) did not find anything untoward on the system at all. My final fix that worked was to boot XP to the console and delete both of the offending .exe files from the hard drive. Then re-boot in safe mode and run HiJack this, remove all entries and reboot to normal mode. Re-run HiJack this just to check... Problem solved. Admittedly this bit of spyware was a little primitive as i have seen others now that do not show anything in the process list at all....

0