How to get rid of this spyware ?? !!

Discussion in 'adware, spyware & hijack cleaning' started by johannes, May 24, 2004.

Thread Status:
Not open for further replies.
  1. johannes

    johannes Registered Member

    Joined:
    May 23, 2004
    Posts:
    1
    An extremely clever spy has hijacked my notebook and causes me lots of trouble. Always dialer programs enter and so on. Neither Spybot-Search & Destroy nor spywareblasterset were able to delete or paralise this little gangster !
    -
    There is a socalled xspysystem C:\WINDOWS\SERVICES\Y.EXE in the Autostart, three of them are in it and i cannot really disable them. When i take away the hooks and restart, at least two hooks are back. Same after deleting this exe in run, run- or runonce, immediately they come back.
    -
    Same with the Start page, it has changed to "http://www.coolsearch.biz/" .. i can't take it away, it always returns. Another phenomena is that the computer can't switched off as usual. Always it freezes and i get a note that there's still a task going on and have to wait.
    -
    The Lavasoft Ad-aware scanner found them .. copied and paste below:

    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.coolsearch.biz

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "http://www.coolsearch.biz/"
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\Main
    Value : Start Page
    Data : "http://www.coolsearch.biz/"

    Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Page.coolsearch.biz

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "http://www.coolsearch.biz/"
    Rootkey : HKEY_USERS
    Object : .Default\Software\Microsoft\Internet Explorer\Main
    Value : Start Page
    Data : "http://www.coolsearch.biz/"

    Found an advise for a similliar problem in a German forum, they said that look for Hkey_Current_User/Software/Policies/Microsoft/Internet Explorer/Control Panel and change the HomePage value from 1 to 0.
    Did so, but still this Gangster page returns in a minute. Phew

    Anyone has a real good idea ??
    Best regards
     
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
Thread Status:
Not open for further replies.