[solved]google hijack

Discussion in 'adware, spyware & hijack cleaning' started by aburge, Jul 12, 2004.

Thread Status:
Not open for further replies.
  1. aburge

    aburge Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2
    I'm having trouble with the "2020 Search" adware hijacking Google searches. I have run Adaware 6.0 with most recent updates and it doesn't remove it.
     
    Last edited: Jul 12, 2004
  2. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Google hijack

    Hi aburge

    pls. save your HijackThis in its OWN folder - like C:\Hijackthis.



    Check the following items in HijackThis.
    Close all windows except HijackThis and click "Fix checked":

    O2 - BHO: (no name) - {69D51C2C-EF1B-8555-01A1-B72177C1A46F} - C:\WINDOWS\System32\skwxupuc.dll
    O2 - BHO: (no name) - {77A3E373-44BB-8BD9-5EC6-8D4B707E5D56} - C:\WINDOWS\System32\fkdgqcyw.dll

    O2 - BHO: (no name) - {E0C6851B-33B9-8472-341E-9CD4A73B9555} - C:\WINDOWS\System32\xbjvqiwy.dll

    O4 - HKLM\..\Run: [ilgogzgm] C:\WINDOWS\gqtjengc.exe

    O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1

    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
    O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\netda.exe

    NOTE....even in safe mode you may have to open taskmanager and end task on some of them before you can delete them.

    Make sure you can view hidden and system files: Instructions here

    Then Boot to safe mode: Instructions here

    Delete the following files\folders IF still present:

    C:\WINDOWS\gqtjengc.exe
    c:\program files\winfavorites <-----folder
    C:\WINDOWS\Belt.exe
    C:\Program Files\Viewpoint<-----folder
    C:\WINDOWS\System32\netda.exe

    Then reboot and use AdAware as described :
    HERE

    Go for free online Virus scans here:

    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www.pandasoftware.com/activescan/

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

    Empty your Temporary Internet Files and history in Internet Options. And clean out your
    %Userprofile%\Local Settings\Temp
    folder. It's a good idea to do that regularly.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Problems gone?
     
  3. aburge

    aburge Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2
    Re: Google hijack

    Problem appears to be fixed. Thanks.
     
  4. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Google hijack

    SUPER - Great job !

    Thanks for your feedback !

    Happy Safe computing !
     
Thread Status:
Not open for further replies.