persistent offenders

Discussion in 'SpywareBlaster & Other Forum' started by MrO, Jul 13, 2004.

Thread Status:
Not open for further replies.
  1. MrO

    MrO Registered Member

    Joined:
    Jul 13, 2004
    Posts:
    1
    I have two persitent pests that I can't get rid of. I have and run both Spyware Blaster and Spybot S&D and neither can block them, although Spybot finds 'CleverIEHooker' in my registry every time and can't seem to immunize me from it. The other pest is 'mysearchnow.com' which has taken over my home page on IE.

    I have searched my computer and deleted every reference to these two pests but can't seem to get rid of them. Can anyone help me with this? Or, alternatively, could anyone inform me if they know that neither of these programs is equipped to stop them?

    Thank you.
     
  2. thefly

    thefly Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    3
    Hi MrO,
    To Remove CleverIEHooker, Here's what I found this on the pestpatrol site. I don't know how accurate it is.

    http://www.pestpatrol.com/PestInfo/c/cleveriehooker.asp



    Manual Removal: Follow these steps to remove CleverIEHooker from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Unregister DLLs:

    Unregister these DLLs with Regsvr32, then reboot:

    systemroot+\jeired.dll
    systemroot+\system\jeired.dll
    systemroot+\system\tvmbho.dll
    systemroot+\system32\jeired.dll
    systemroot+\system32\tvmbho.dll

    Clean Registry:

    Remove these registry items (if present) with RegEdit:

    HKEY_CLASSES_ROOT\clsid\{707e6f76-9ffb-4920-a976-ea101271bc25}
    HKEY_CLASSES_ROOT\interface\{707e6f76-9ffb-4920-a976-ea101271bc25}
    HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{707e6f76-9ffb-4920-a976-ea101271bc25}
    HKEY_CLASSES_ROOT\typelib\{707e6f76-9ffb-4920-a976-ea101271bc25}
    HKEY_LOCAL_MACHINE\clsid\{707e6f76-9ffb-4920-a976-ea101271bc25}
    HKEY_LOCAL_MACHINE\software\classes\clsid\{707e6f76-9ffb-4920-a976-ea101271bc25}
    HKEY_LOCAL_MACHINE\software\classes\typelib\{707e6f76-9ffb-4920-a976-ea101271bc25}
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{707e6f76-9ffb-4920-a976-ea101271bc25}

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    systemroot+\jeired.dll
    systemroot+\system\jeired.dll
    systemroot+\system\tvmbho.dll
    systemroot+\system32\jeired.dll
    systemroot+\system32\tvmbho.dll

    Remove Directories:

    Remove these directories (if present) with Windows Explorer:

    programfilesdir+\\tv media

    To Remove 'mysearchnow.com', I found the following in another forum which seems to have helped a victim of this.

    http://forums.maddoktor2.com/index.php?showtopic=550


    Download HijackThis from the following link
    http://www.spywareinfoforum.com/~merijn/files/hijackthis.zip


    Start HijackThis and tick the boxes next to all these, then close all browser and explorer windows, and tell HijackThis to "Fix checked."

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.h...p://about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    Reboot and install all prevention in the links below then tell all your friends how to not be infected on the Internet

    Hope this helps
    Good Luck.

    The Fly
     
    Last edited: Jul 14, 2004
Thread Status:
Not open for further replies.