Tech Support Forum - View Single Post - s&d keeps finding 180Solutions.SearchAssistant

bry623 · 09-22-2006, 12:56 PM

Hello and Welcome to TSF!!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Also if you have any programs that may prevent system changes (like Spybot's TeaTimer program, Ad-aware's Ad-Watch, and others), make sure you disable them before doing any of the fixes (or accept the changes for the fix we give you when asked by the programs).

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

_______________________________________________________________
________________Downloads and Other____________________________
_______________________________________________________________

If you haven't update ewido, please do so now.

Download and install CleanUp! but do not run it yet

Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:

Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/MediaGateway.BFU

Make sure all IE windows are closed.

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html

_______________________________________________________________
__________________Reboot into Safe Mode________________________
_______________________________________________________________

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.

_______________________________________________________________
_______________________Program Removal_________________________
_______________________________________________________________

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if found:

MyGlobalSearch

_______________________________________________________________
__________________Fix Entries in HijackThis____________________
_______________________________________________________________

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

_______________________________________________________________
_______________________Deletion of Files_______________________
_______________________________________________________________

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\MyGlobalSearch
c:\program files\zango

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the “Temporary Files” and uncheck the box for “Scan drives for file matching” if it’s checked.

Click OK
Press the CleanUp! button to start the program. DO NOT Reboot/logoff when prompted.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

** Ewido scan may take at least an hour

_______________________________________________________________
__________________________The Finish___________________________
_______________________________________________________________

Reboot your system in Normal Mode.

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner

Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

Click on See report then click Save report

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

Paste the Panda Scan report here together with a new HiJack This log and the Ewido log from earlier.

09-22-2006, 12:56 PM	#3 (permalink)
bry623 Manager, The Conversation Pit/Analyst, Security Team Join Date: Apr 2002 Location: NW Territory circa 1787 Posts: 11,692 OS: winxp pro sp2	Hello and Welcome to TSF!! Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Also if you have any programs that may prevent system changes (like Spybot's TeaTimer program, Ad-aware's Ad-Watch, and others), make sure you disable them before doing any of the fixes (or accept the changes for the fix we give you when asked by the programs). While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. _______________________________________________________________ ________________Downloads and Other____________________________ _______________________________________________________________ If you haven't update ewido, please do so now. Download and install CleanUp! but do not run it yet Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip Run the program and click the Web button as shown here: Use this URL to copy into the address bar of the Download script window: http://metallica.geekstogo.com/MediaGateway.BFU Make sure all IE windows are closed. Execute the script by clicking the Execute button. If you have any questions about the use of BFU please read here: http://metallica.geekstogo.com/BFUinstructions.html _______________________________________________________________ __________________Reboot into Safe Mode________________________ _______________________________________________________________ Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. _______________________________________________________________ _______________________Program Removal_________________________ _______________________________________________________________ Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if found: MyGlobalSearch _______________________________________________________________ __________________Fix Entries in HijackThis____________________ _______________________________________________________________ Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe" O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm _______________________________________________________________ _______________________Deletion of Files_______________________ _______________________________________________________________ Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. Also, make sure there is no checkmark beside Hide file extensions for known file types. Click OK. Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Program Files\MyGlobalSearch c:\program files\zango Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the “Temporary Files” and uncheck the box for “Scan drives for file matching” if it’s checked. Click OK Press the CleanUp!* button to start the program. DO NOT Reboot/logoff when prompted. Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). Ewido scan may take at least an hour _______________________________________________________________ __________________________The Finish___________________________ _______________________________________________________________ Reboot your system in Normal Mode. Perform an online scan with Internet Explorer with Panda ActiveScan Click on the "Free To Use ActiveScan" located on the top right hand corner Click Check Now** and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. Turn off the real time scanner of any existing antivirus program while performing the online scan Paste the Panda Scan report here together with a new HiJack This log and the Ewido log from earlier. __________________ "If you aren't a liberal when you're 20, you have no heart. If you aren't a conservative when you are 50, you have no brain"