searchcentric hijack

Discussion in 'spyware news and general information' started by Pieter_Arntz, Dec 1, 2003.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Apr 27, 2002
    This one is showing up very frequently.

    In HijackThis fix the R0/R1 items pointing to
    And the BHO that starts it:
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINDOWS\gsim.dll

    Other BHO's that are planted by searchcentrix:
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A} - C:\WINNT\system32\wzhelper.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D} - C:\WINDOWS\DOWNLO~1\somatic.dll   
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D7E4-F660B597BF2A} - C:\WINDOWS\SYSTEM\WEBALIZE.DLL
    O2 - BHO: (no name) - {CD2A865B-6C0F-44F9-BAA1-7CDB31E04BC8} - C:\WINDOWS\System32\BarBHO.dll

    Not yet confirmed, but very likely other variants:

    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-98F7-EB6DB99AA93B} - C:\WINDOWS\System32\ifsomatic.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DBC34} - C:\WINDOWS\System32\ifhelper.dll


Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.