searchcentric hijack

Discussion in 'spyware news and general information' started by Pieter_Arntz, Dec 1, 2003.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,427
    Location:
    Netherlands
    This one is showing up very frequently.

    In HijackThis fix the R0/R1 items pointing to searchcentrix.com
    And the BHO that starts it:
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINDOWS\gsim.dll

    Other BHO's that are planted by searchcentrix:
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A} - C:\WINNT\system32\wzhelper.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D} - C:\WINDOWS\DOWNLO~1\somatic.dll   
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D7E4-F660B597BF2A} - C:\WINDOWS\SYSTEM\WEBALIZE.DLL
    O2 - BHO: (no name) - {CD2A865B-6C0F-44F9-BAA1-7CDB31E04BC8} - C:\WINDOWS\System32\BarBHO.dll

    Not yet confirmed, but very likely other variants:

    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-98F7-EB6DB99AA93B} - C:\WINDOWS\System32\ifsomatic.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DBC34} - C:\WINDOWS\System32\ifhelper.dll
          

    HTH,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.