ENJoy search hijacker

Discussion in 'spyware news and general information' started by dvk01, Apr 15, 2004.

Thread Status:
Not open for further replies.
  1. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    as well as fixing the R1 & R0 entries

    stop the running process on & delete this C:\WINDOWS\jushed32.exe
    it doesn't always show in an HJT log in the O4 start ups but is normally in the running processes list

    Updated information:

    We have found out that this file is set to actively hide it's start up registry entry if any of these are run on the computer to make it difficult to find and remove it:
    msconfig
    cwshredder
    hijackthis
    regedit

    It seems that the way to fix it is to run hijackthis, fix all the R1 & R0 entries relating to enjoy search. then open task manger, look in running processes and stop the process on jushed32.exe and then find and delete the jushed32.exe file

    Also check for the existence of this file C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe which might appear in some versions and if there delete it as well, even though cwshredder always targets that file as it is used in several other cws hijacks

    then reboot and run hijackthis again and the O4 run entry for it should appear.

    fix that entry in HJT, reboot again and the hijack should be gone

    then run cwshredder to make sure
     
    Last edited: Apr 16, 2004
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.