searchcentric hijack

Discussion in 'news, general information and FAQs' started by Pieter_Arntz, Dec 1, 2003.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    This one is showing up very frequently.

    In HijackThis fix the R0/R1 items pointing to searchcentrix.com
    And the BHO that starts it:
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINDOWS\gsim.dll

    Other BHO's that are planted by searchcentrix:
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A} - C:\WINNT\system32\wzhelper.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D} - C:\WINDOWS\DOWNLO~1\somatic.dll   
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D7E4-F660B597BF2A} - C:\WINDOWS\SYSTEM\WEBALIZE.DLL
    O2 - BHO: (no name) - {CD2A865B-6C0F-44F9-BAA1-7CDB31E04BC8} - C:\WINDOWS\System32\BarBHO.dll

    Not yet confirmed, but very likely other variants:

    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-98F7-EB6DB99AA93B} - C:\WINDOWS\System32\ifsomatic.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DBC34} - C:\WINDOWS\System32\ifhelper.dll
          

    HTH,

    Pieter
     
Thread Status:
Not open for further replies.