Spybot problem

I got the following error:

Spybot - Search & Destroy has detected an important registry has been changed.

Category: browser page
Change: Value changed

Entry: SearchAssistant

Old data: hxxp: //www.gmzyisweqmetvcepralik.biz/iTiDE
New data: hxxp: //www.qihxzppktbk.biz/iTiDErIUlrhPgrZwr2B


Then i can choose to allow the change or deny the change, but I have no idea what this is. Can anyone help me?

 

That's not an error - that is Spybot's Teatimer telling you that some search assistant spyware is attempting to install itself.

 

Yes, and also Detox, what concerns me looking at that, it's trying to update itself by the looks.

The 'old' value and the 'new' value both have identical components in it.

Unless I am way off the mark, but to me it would be a concern.

TAS

 

ok thanks, but what should i do?

 

Hi negative creep, and welcome to Wilders.

Since you are using Spybot S&D, you could go to Net-Integrations forum and post a HijackThis log where one of the spyware removal experts will analyse it and post back instructions on how to remove the hijacker.

When you go to their forum, please look up near the top and click on the "Malware Removal Procedures". Follow the steps listed there before posting your hijackthis log in their forum.

Let us know how you do.

Regards,

snap

 

I guess I should ask, lol. You have done a scan with Spybot S&D since you received that alert from Tea Timer, and fixed everything Spybot S&D listed in red?

If not, please do a scan and fix anything it lists in red, reboot and scan again until nothing else is listed in red. Then go to Net-Integrations and follow their posting proceedures for posting a HijackThis log.

Regards,

snap

 

hi snapdragon,

I had already scanned with spybot and deleted all things in red. Now I scanned again and found the same two, I have deleted them again. I hope this fixes it

problem kind

C2.lop 2 entries
DSO Exploit 5 entries

 

Well I still have the problem, again it's the search assistent entry, but the old data has changed since yesterday and the new data is changing everytime I click deny change.

Old data: hxxp ://www.ffejqvlhxwoep.com/iTiDErIUQlrhF
new data: hxxp ://www.bdypuwvdvz.net/iTiDErIUQlrhPgr

 

Hi

I've found at thread at Net-Integrations where a few other's have posted the similar alerts from Tea Timer:

http://forums.net-integration.net/index.php?showtopic=21660

You may want to go to that link and read through it, then followup with posting a HijackThis log in the appropriate forum there (please remember to read their posting procedures first.)

For the 5 DSO Exploit entries. Those you can ignore if your windows is fully up-todate with it's patches/critical updates. These are false/positives which should be fixed in the next final release. Here's another link that also explains it: https://www.wilderssecurity.com/showthread.php?t=45842

Please post back and let us know what happens.

Regards,

snap

 

Should I click on remember this decision? Will the problem be solved then?

 

No, I'm fairly sure the problem won't go away until the hijacker is removed completely. I don't want to guess when it comes to these kind of hijackers (constantly changing like this one is), that is why I have suggested you post a hijackthis log so the file that has put the hijacker there will be exposed and deleted. Spybot S&D (and from what I've read in that thread at NI, Adware also) do not seem to be removing this one. It may take manual removal.

snap

 

thank you for the link. I have posted there.
But hijackthis log

What is a hijackthis log?

sorry for being a newbie.

NC

 

Hi negative creep...

You could try another program AdAware SE, but in all liklihood you will still have to follow snap's advice in posts above.

Download AdAware SE Personal here: http://www.lavasoft.nu/

Instructions in case you are not familiar with it:

When installed, start it, and on the main GUI, you will see a link: "Check for Updates Now" click that.
A window will open, and it will commence to download updates.
When updates dl'd, the Cancel button will change to Proceed, click that.

Now on top right of main GUI you will see some symbols, click the one that looks like a gear cog. [AdAware Configuration Window for Settings]
A window will open which will give you options, click on the Scanning button and check off like mine.

Click Proceed.

Back on main window, click on Start, it will take you to another screen within the main GUI.
Select Full System Scan in the 'Select a Scan Mode' option, then click next.
Let it run thru and see if it can find anything.
When scanning finished, you will see what to do next.
Check items and click Next and it will ask if you want to quarantine the selected items. OK...

But, as I said, you probably will have to follow snap's directions above.

OH.. DSO Exploit.. Quote from LowWaterMark:

Cheers, TAS

EDIT: lol.. I see snap has already said AdAware also may not fix it.
Oh well you will have 2 scanners anyway.

If you already have posted, they should tell you where and what to do with HiJackThis. Best wait for instructions from them.

 

hi tassie_devils,

I already had Adaware SE

It all started like this:

Yesterday I turned on my computer and I found new shortcuts on my desktop . . Things like casino, travel something, ink cartridges. (also my starting browser page changed to something unknown) I deleted those and I ran Adaware. I deleted everything that was found. Next thing i know, same shortcuts again on my desktop. That's when I downloaded spybot S&D and deleted everything in red.

c2.lop
dso entries
coolwwwsearch (or something like that, I can't remember the exact name)

No more unkown shortcuts on my desktop, but this problem with teatimer.

NC

 

Hi negative creep...

Coolwebsearch... very bad news mate.

Follow snap's advice and also the Rules/etc. at NI when they ask you to post a HJT log. You will be in fine hands.

Cheers, TAS

 

you could try a couple of these options first... to get coolwebsearch under control a bit.

Download and unzip

cwshredder 1.59

Disconnect from the internet, make sure ALL browsers are closed first, then run CWShredder by clicking on the *Fix button and follow the instructions you will receive when the program runs. Reboot if prompted.
Actually do a reboot anyway and rerun Shredder *FIX button NOT scan.

Then..

Disk Cleanup Utility [Information only, not actually something you download.

Go to your Start button -->Select 'Run' and type in the box: cleanmgr, hit enter/click OK This will bring up the Disk Cleanup Manager from your system.

Place a check mark in the box beside Temporary Files, Temporary Internet Files, and Recycle Bin.
Then click "OK" and the Disk Cleanup Wizard will delete the files you've placed a check mark beside.

Then rerun Spybot, and post finding at NI, and wait for further assistance. You will still have some work to do.

The reason being that CWShredder is not being updated anymore, and there very well may be mutated strains in your system it won't competely clean.

TAS

 

I downloaded CWShredder and it found nothing. Maybe Adaware fixed it already.

I will now run the disk clean up wizard.

 

the old data changes everytime I restart my computer.
the new data changes everytime I click deny change.

Spybot-S&D Resident currently:

old data: http://www.llvlbouqlsehxbvowxdbrns.com/iT......
new data: http://www.bwtowgespguksgyhmunq.info/iTj........

 

ok NC... I guess that's about all that can be done here at that point I am afraid unless someone else has an idea. But, frankly, it's now a HiJackThis analysis I reckon.

So follow up with your post over at NI.

Please let us know the outcome.

Best, TAS