There is a new broser hijacker directing browser to http://www.search2004.net/ and www.windowws.cc. Does anybody know how to fix it. These domains belong to following people: http://www.search2004.net/ Registrant: Robert Stark Wiesliacher 14 Zürich, CH-8053 Switzerland Registered through: Vadim Fedorov Domain Name: SEARCH2004.NET Created on: 12-Nov-03 Expires on: 12-Nov-04 Last Updated on: 13-Nov-03 Administrative Contact: Stark, Robert greg1@mail333.com Wiesliacher 14 Zürich, CH-8053 Switzerland +41 1 632 44 78 Fax -- Technical Contact: Stark, Robert greg1@mail333.com Wiesliacher 14 Zürich, CH-8053 Switzerland +41 1 632 44 78 Fax -- Domain servers in listed order: PL0.GREG-SEARCH.COM PL1.GREG-SEARCH.COM Domain Name: windowws.cc Registrant: Stas Bekman (greg1@mail333.com) Aba Silver 12/29 Haifa, NONE 32694 IL 972-(0)4-828-2274 Administrative, Technical, Billing Contact: Stas Bekman (greg1@mail333.com) Aba Silver 12/29 Haifa, NONE 32694 IL 972-(0)4-828-2274 Record expires on: Record created on: Nov 14 2004 Nov 14 2003 Domain Name Servers: ns1-hosts.srsplus.com ns2-hosts.srsplus.com
Hi bert, Sounds like CWS to me. Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log as a .txt file, and copy and paste its contents into your next post. Most of what it lists will be harmless, so do not fix anything yet. Regards, Pieter