|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
May 27th, 2004, 03:57 AM
|
||||
|
||||
New blazefind hijack
These show up in a HijackThis log as:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe Fix the entries and remove the folder C:\Program Files\WindowsSA and the file C:\Windows\System32\wsaupdater.exe Credit to Bulldog
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#2
June 1st, 2004, 03:19 PM
|
||||
|
||||
|
SearchAssistent
Search Assistant Toolbar Problem
The log will look something like this: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe Fix the above items, then reboot into safe mode and delete: C:\Program Files\WindowsSA <= entire folder C:\Windows\System32\wsaupdater.exe NOTE BEFORE reboot have them check their system32 folder to see that userinit.exe exists!! If necessary they can copy that file from: C:\windows\ServicePackFiles\i386\userinit.exe to: C:\windows\system32\userinit.exe If userinit is missing from system32 folder and the user reboots without the file being replaced...they cannot log back on!! More details in the next post.
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. Last edited by Pieter_Arntz : September 9th, 2004 at 06:06 AM. Reason: Added warning |
|
#3
June 5th, 2004, 05:33 AM
|
||||
|
||||
WSAUPDATER
Do not let the Userinit registry entry be removed by AdAware.
You will not be able to log back on if you are running XP. http://www.wilderssecurity.com/showthread.php?t=35098 http://www.lavasoftsupport.com/index...pic=29727&st=0 First Fix this entry with HijackThis: F2 - REG:system.ini: UserInit=E:\Windows\System32\wsaupdater.exe Then use AdAware (after a reboot). This issue has been resolved in the latest update. "The latest reference-file (01R315 06.06.2004) no longer removes wsupater.exe at all, hence no longer creating the logon issue recently discovered." So. As always, make sure every software you use is fully updated. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. Last edited by Pieter_Arntz : June 7th, 2004 at 04:45 PM. Reason: Added information |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
