getting rid of searchmaid.com

Discussion in 'privacy problems' started by Roy Gardiner, Feb 5, 2005.

Thread Status:
Not open for further replies.
  1. Roy Gardiner

    Roy Gardiner Registered Member

    Joined:
    Mar 27, 2004
    Posts:
    6
    Which has hijacked a friend of mine's (no really..) homepage. Not sure of the right forum here, but all help gratefully received. Search didn't show any examples, hence this post.
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    I moved it to an appropriate forum. ;)

    Does your friend have an anti-spyware apps installed?

    Might be a good idea to download Ad-aware and or Spybot S&D.

    http://www.lavasoftusa.com/

    http://www.safer-networking.org/en/index.html


    snowbound
     
  3. Mr Hat

    Mr Hat Guest

    Search your files for a series called "Virtual Maid". Delete all these. Alternatively, one of these is an uninstall file, which appears to work.
     
  4. Yono

    Yono Guest

    I've got the same problem and the uninstall file didn't work, I tried ad-aware, spybot, Spysweeper, spywareinfo x-cleaner, cwschredder.
    Hijackthis give's me several entry's from the IEstart and searchpage but when I delete them they just reapear.
    I didn't find any related dll or exe file If some could give me the related dll file and registry entry's I can delete them with killbox or something else.
     
  5. searchmaid is a very annoying ~snip~. i have encountered it numerous times and exterminated it from system. You cannot just delete the files, it will respawn itself and you definately do not uninstall it too, it will respawn itself into another name.

    If I remember correctly, I use HijackThis to painstakingly zero in on all those dubious files.. for example, there is this tbm.exe which is loaded with the system.ini when you enter Windows. You have to go to safe mode and delete the file physically and also the entry. There is also some dll or exe files that is loaded too at the windows/system32.. you have to zero in on those that look dubious. Use google to help you on it, once detected you have to delete them too. Check all your share folders for all those dubious files like loader.exe or calculator.exe that reside there. Delete them all. Lastly delete all those Virtual Maid directories and also searchmaid's entries at HijackThis.

    Restart your computer and all the best!

    ps - after doing some finding for the source, i have pin-point it to the bittorrent site, torrentreactor.net, please thank them for all their kind work.

    -anti-searchmaid

    Let's keep the language down please - Blackspear
     
    Last edited by a moderator: Feb 20, 2005
  6. kilcat

    kilcat Guest

    Could someone explain in REALLY plain language how to get rid of searchmaid off my PC -

    i'm not a computer expert and any help would be really appreciated
     
  7. vasu

    vasu Guest

  8. Lars (DK)

    Lars (DK) Guest

    I have tried both Spybot and Microsoft AntiSpyware - doesn't help at all (o_O).
     
  9. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    U may want to post a HijackThis log at one of the sites listed here,

    (http://a-sap.org/)

    for the help that u need.



    snowbound
     
  10. Casper (Nl)

    Casper (Nl) Guest

    I've got Windows ME, so I can't install Microsoft AntiSpyware beta. Is there any other freeware I could use to get rid of searchmaid?
     
  11. Magickian

    Magickian Registered Member

    Joined:
    Mar 2, 2005
    Posts:
    1
    Hi boys i got the solution for searchmaid problem!!!

    I had alot of things on my comp, but this was the horribelst! (srry for bad english :u )

    What to do if you get searchmaid
    Close internet, go and search in your comp for the word "searchmaid", you will find some data, but you wont be able to kill the dll data, so you have to open the dll with wordpad, now mark the whole text and erase it, save it.
    As soon you have done this, you will be able to erase the whole searchmaid thing.

    NOW, i did this and my internet explorer was free of this toolbar and the mainpage was restored, only my internet explorer was looking different, so i erased it and reinstalled it new>> all ok. But there were still nasty searchmaid POPUPS, coming every 10 minutes,
    I thought i wont be able to get rid of them, but i did, go get the "security task manager" (search in google :p)
    Now it will show you msmsg.exe, or so i cant remember the name well, clear it with the task manager, when done you will see "popuper", "popuper applications" in the task manager, clear them too!!!
    Now search on you comp for "msmsg.exe" (name can be different) and "popuper"!
    When you found it, clear it! ERASE THE THINGS!
    Now restart!
    ALL CLEAR!!! YUHUHUHU!!!
     
  12. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    the best thing you can do is to follow SnowBound's advice.

    ASAP is the top of the internet security world and your computer will be healthy soon.

    Inf.
     
  13. SphereTic*

    SphereTic* Guest

    Re: Getting rid of searchmaid.com - Virtual Maid

    msmsgs.exe (5.00kb)

    This file may be part of a group of files downloaded to a pc via the internet. Suspect it belongs to Virtual Maid or Searchmaid that is plaguing lots of users all over the world

    I found it in my win2K C:\winnt\system folder

    It set to start at start up with the comman REG:system.ini: Shell=Explorer.exe, msmsgs.exe
    ... as found by hijack this V1.99.1

    After I got rid of this file, Virtual maid never re-installed itself.


    I have to go into safe mode also to get rid of the Virtual Maid folder too.

    Hope that helps

    SphereTic*
     
  14. J?rn-Stian

    J?rn-Stian Guest

    you should also remove the files:
    Virtual Maid.dll (can be done by running the uninstall script in the virtual maid dir (!!!))
    msmsg.exe (system32)
    ole32vbs.exe (same as msmsg.exe, just different name)
     
  15. J?rn-Stian

    J?rn-Stian Guest

    The file c:\winnt\system32\perfcii.ini contais this:
    ---- snip -----
    [404]
    url=http://personal404.com/index.html

    [DNS]
    url=http://dnserror.cc/index.html

    [DefaultSearch]
    url=http://instantsearch.cc/search.php?said=d011&qq=

    ---- snip -----
    doesn't really makew sense to leave that in there either.
     
  16. J?rn-Stian

    J?rn-Stian Guest

    c:\winnt\sites.ini
    ---- snip ----
    www dot instantsearch.cc/text/online_gambling.html
    www dot instantsearch.cc/text/computer_dating.html
    www dot instantsearch.cc/text/online_pharmacy.html
    www dot instantsearch.cc/text/pop_up_blocker.html
    www dot instantsearch.cc/text/internet_poker.html
    ----- snip----

    theres a bonch mroe line in this file, but they all go to the same host.. we deleted that too
     
    Last edited by a moderator: Mar 16, 2005
  17. J?rn-Stian

    J?rn-Stian Guest

    c:\winnt\system32\drivers\etc\hosts

    this file contains a bunch of hosts that is routed to localhost. this makes no sense to me, as the user wouldn't be running any web services? Anyways, I cleared the file, just leaving the loopback for localhost.


    example:

    127.0.0.1 e-finder.cc
    127.0.0.1 fast-look.com
    127.0.0.1 bin.wordsx.cc
    127.0.0.1 s13.tempx.cc
    127.0.0.1 vv7.al.57e.net
    127.0.0.1 ewizard.cc
    127.0.0.1 awmdabest.com

    ...... keep on routing ~40 hosts... weird
     
  18. Hi!

    System restore on my Win XP worked just great for this spyware :)
    I just had to remove Virtual Maid folder in safe mode.
     
  19. monkeybutler

    monkeybutler Guest


    Right, im no expert either, but this is what i did, and it worked a treat - much better than any other suggestions i tried to take up from similar forums to this. It DOES however mean you need to know exactly what date you got infected on.

    If you have XP, simply go to search, leave the search file name bit blank, but search for ALL FILES from that particular day - every file searchmaid downloaded will be there - get rid of everything that was CREATED on that day whether it looks ok or not (this includes msmsgs.exe which look as though they are part of messenger). It worked a treat for me (i put all the files i found through the spybot shredder)

    I accidently deleted a couple of files that were part of XP operating system, so beware of that - however my pc still works just fine, i just cant use restire point to go back to before the infection. Hope this helps.
     
  20. Firewitch

    Firewitch Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    1
    Ok, This is how _I_ got rid of SearchMaid. I will explain in steps even my idiot friends could handle.

    Step 1: get HijackThis from a place like download.com http://www.download.com/HijackThis/3000-8022_4-10307556.html?tag=lst-0-1

    Step 2: Restarted computer and didn't open any browsers so nothing got into the proccesses. You might want to copy and paste this to wordpad so you don't have a browser open. (you might not have to restart but its better to be careful, either way have all browsers closed)

    Step 3: Run Hijackthis and check off all the browser related problems and fixed it.

    Step 4: Find the date that i was infected. i did this by going to c:\program files\ and right clicking on the "Virual Maid" folder and selecting properties. mine was 4/2/2005 8:22pm.

    Step 5: Delete the Virual Maid Folder

    Step 6: Open c:\windows\system32\ then right clicked inside the folder where no icons were and in View clicked Details, then i clicked on the date modified tab and looked for the date 4/2/2005 8:22pm. I found ole32vbs.exe, perfcii.ini, and alot of icon files with that same date & time. Delete all of them.

    Step 7: Repeat steps in c:\windows\ I found and deleted sites.ini and popuper.exe.

    Step 8: Open c:\windows\system32\drivers\etc\ and didn't find a hosts folder but found 3 different hosts files... icalendar file, .bak file, and file (no extention) the one without extension i opened with wordpad and deleted all the hosts except
    127.0.0.1 localhost
    Then i saved it.

    Step 9: i deleted the 3 internet shortcuts on my desktop Spyware removal, something drugs and a dating one. (sorry i just don't remember the exact names)

    Step 10: added a few of the addresses i found to be blocked by my firewall. i won't explain how do use a firewall because there are so many different ones out there. i added searchmaid.com searchmaid.cc groupsearches.com and a few other sites searchmaid bookmarked in my favorites.

    Step 11: clean up your bookmarks... The easy way is to open C:\Documents and Settings\(Insert your profile name)\Favorites and follow the directions in "Step 6:"

    Step 12: Clean up your start menu. You can either right click the internet shortcuts and delete them or you can open C:\Documents and Settings\(insert profile name)\Start Menu and do the same as 'Step 11:'.

    K, I wish you all luck with your nasty infections that dirty maid gave you :p Firewitch Blackrose
     
    Last edited: Apr 4, 2005
  21. seekp

    seekp Guest

    Firstly, I thank you all for sharing the knowledge of removing the nasty searchmaid.com spyware, despite installing Ad-Aware, Spybot, and all sort of antispyware programs.

    However, on top of those steps stated in the last forum, I would like to suggest that to remove searchmaid.com and its associated files from the regedit. After I had done those steps to in attempt to remove those files and stuffs, I was wandering if the regedit still residue the searchmaid trail in regedit. to my horror, it confirmed my suspicion.

    Before entering regedit, pls do backup the regedit, in case of accidental deleting a vital registry, during the process.

    This is how I carry out the search in the regedit.
    1. go to the top of the list on the left hand side of the list, that is my computer, then ctrl-F and type 'searchmaid'
    2. keep searching for the topic, by clicking find next and remove anything that is associated with the topic.

    3. when confirm there is no more of the topic related search, type 'maid' and do step 1 again

    redo step 1 till 3 by typing all the related files stated in the last forum and delete appropriately.

    hope the above help u all as much as it had helped me to resolve the problem

    cheerio!
     
  22. Paturuski

    Paturuski Guest

    Download the FireFox browser (Firefox.com). Then dump your internet Explorer Browser (don't use it). FireFox does not seem to be succeptible to the Searchmaid crap! If you have questions about the FireFox browser, do the research; It is much more secure than Internet Explorer. Maybe someday Microsoft will fix the inherent issues with Internet Explorer. Then send an e-mail to Searchmaid telling them to "Get Screwed". Happy computing!
     
  23. mtf

    mtf Guest

    mr

    i had searchmaid and tried everything to get rid of it but then one day on the gadget show they were talking about this new browser firefox mozilla and as since ive been using it there has hardly been any popups or homepage hijacking so go for that its so much easier the name of it is mozilla firefox do a google for it it will be the first 1 up probobly
     
  24. Tank

    Tank Guest

    ?Popuper?

    One of my friends is having trouble with the popuper i have some computer skills and would greatly appreciate the help on how to erase it and Spybot S & D doesnt work for it either
     
  25. IT WORKS - WELL DONE
     
Thread Status:
Not open for further replies.