There is a new broser hijacker directing browser to http://www.search2004.net/ and www.windowws.cc. Does anybody know how to fix it. These domains belong to following people:


http://www.search2004.net/
Registrant:
Robert Stark
Wiesliacher 14
Zürich, CH-8053
Switzerland

Registered through: Vadim Fedorov
Domain Name: SEARCH2004.NET
Created on: 12-Nov-03
Expires on: 12-Nov-04
Last Updated on: 13-Nov-03

Administrative Contact:
Stark, Robert greg1@mail333.com
Wiesliacher 14
Zürich, CH-8053
Switzerland
+41 1 632 44 78 Fax --
Technical Contact:
Stark, Robert greg1@mail333.com
Wiesliacher 14
Zürich, CH-8053
Switzerland
+41 1 632 44 78 Fax --

Domain servers in listed order:
PL0.GREG-SEARCH.COM
PL1.GREG-SEARCH.COM


Domain Name:
windowws.cc
Registrant:
Stas Bekman (greg1@mail333.com)

Aba Silver 12/29
Haifa, NONE 32694
IL
972-(0)4-828-2274
Administrative, Technical, Billing Contact:
Stas Bekman (greg1@mail333.com)

Aba Silver 12/29
Haifa, NONE 32694
IL
972-(0)4-828-2274
Record expires on:
Record created on:
Nov 14 2004
Nov 14 2003
Domain Name Servers:
ns1-hosts.srsplus.com
ns2-hosts.srsplus.com

Hi bert,

Sounds like CWS to me. :(

Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log as a .txt file, and copy and paste its contents into your next post.

Most of what it lists will be harmless, so do not fix anything yet.

Regards,

Pieter