MakeMeSearch Hijacker

Discussion in 'news, general information and FAQs' started by Pieter_Arntz, Sep 26, 2004.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    A few variants of this hijacker are active:

    Log examples:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=126

    O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\SYSTEM\MTC.DLL

    O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\SYSTEM\MTC.DLL

    Known variants:
    {CLSID} filename
    {9EAC0102-5E61-2312-BC2D-4D54434D5443} mtc.dll
    {9EAC0102-5E61-2312-BC2D-444C4C4F5552} DLL.dll
    {9EAC0102-5E61-2312-BC2D-414456544F4E} ADV.dll
    {9EAC0102-5E61-2312-BC2D-4E4153202020} NAS.dll

    Remove Search Toolbar under Add/Remove Software and fix the entries in the HijackThis log.

    Special credits to Zupe
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    New variant reported by Tony Klein:

    O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-544243544243} - C:\WINDOWS\System32\TBC.dll
    O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-544243544243} - C:\WINDOWS\System32\TBC.dll
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Found another one:

    O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-76746C56544C} - C:\WINDOWS\System32\vtlbar1.dll

    O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-76746C56544C} - C:\WINDOWS\System32\vtlbar1.dll
     
Thread Status:
Not open for further replies.