searchmeup hijacking

Discussion in 'adware, spyware & hijack cleaning' started by vwayne40, Jun 3, 2004.

Thread Status:
Not open for further replies.
  1. vwayne40

    vwayne40 Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    2
    I have cleaned up everything I can but still have the problem with the reboot causing homepage changes. It appears to be a swap file situation as the .bak file goes to the site I was using before the original hijacking occurred.
    I could use a little help with this one.The hijacking program pack was very complex and included at least four seperate programs for defense and two for actually accomplishing the hijacking as well as a number of included misc other spyware items and trojans just to cloud the waters,a total of about a doze different items in one quick package.
    Currently I believe I am down to just one remaining part, the reboot component.
    Spybot, shredder, and hijack show me nothing that I can pin point. I would like to know of a program that will log all activity on a computer during reboot to allow me to look for the offending program.
    I have inclded a hijack log below.
     

    Attached Files:

  2. dave38

    dave38 Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    377
    Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = javascript:window.close()

    O4 - HKLM\..\Run: [SystemBoot] C:\WINDOWS\wer.exe

    Reboot, and delete

    files
    C:\WINDOWS\wer.exe

    These may be hidden files. See HERE for how to show hidden files.

    Please post a followup Hijack this log, and say if your problems persist.
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    you do ned to post full hjt log

    you have only posted half of it and it's hard to help fully without all the log in view
     
  4. vwayne40

    vwayne40 Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    2
    It's fixed , Thank You for the help.
    The wer.exe was a dead end and had exited there for several years but I did not delete it due to a lack of knowledge as to the function .
    The java script was the key to the fix and I had thought ,due to the wording that it was harmless.
    I also deleted the O6 references with no adverse effects noted.
    The BHO is a product of Spy Bot , I believe.
    I saved several of the nasties that I found along with other suspect files on a disk if anyone is interested in attempting analysis.
    As to someones reference to the other half of the Hijack log, there is none, that is all there is.
    Attached is the final log.
    I tried several times to attach a file ,but screen says attachment inprogress and nothing happens.I also found it impossible to paste to your system as sticky had suggested to someone else.I had no problem earlier with this so I am not sure where the problem lies.
     
    Last edited: Jun 3, 2004
Thread Status:
Not open for further replies.