Hijacked Browser [Archive] - Ask Me Help Desk

Katdaddi

Jul 26, 2004, 08:11 PM

I got to this forum because I did a search for "DSO," which is what spybot said I have. I think I effectively removed it following all previous instructions. Thanks. But, my problem still remains... When ever I open IE browser it is hijacked to http://ssearch.biz/?wmid=1010 and I can't use the forward or back buttons. Please help
THANKS IN ADVANCE

I have run spybot and spysweeper as well.

Thanks GTX. I tried that. No Luck though. I ran a program callede HIJACK THIS and I save the following log. Maybe someone can identify the culprit for me from the list.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll (file missing)
O4 - HKLM\.. \Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\.. \Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\.. \RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\.. \Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\.. \Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: AirFortress® Client.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: One-VA VPN Client.lnk.disabled
O4 - Global Startup: RealSecure(r) Desktop Protector.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

Thanks for any help.

ThisTastesNasty

Aug 29, 2004, 11:52 PM

Once again (for the third post this morning) you have CoolWebShredder or an equivalent. This can be taken care of by removing the IEToolbar or MySearch toolbar from your programs list. Get the spyware by running spybot in safemode

argeldeggy

Sep 28, 2004, 12:20 AM

Hey download bazooka scanner.