Yes I have the blasted Surferbar thing. It changed the IE homepage, hides the address bar & adds it's own and of course pops up ads. Any one know how to fix it? I see it adds a cookie and creates a file win32.dll and winsrv32.exe what would happen if I delete these files ? [want me to post the affected files ?] Antg
Re:New Hijacker/Trojan Hi antg, Welcome at Wilders. Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log as a .txt file, and copy and paste its contents into your next post. Most of what it lists will be harmless, so do not fix anything yet. Regards, Pieter
Hi Pieter, You are a gem ! [you should have your blood bottled !] Here is the text file you requested. Also FYI Surferbar seemed to add the following files to the start up menu [ Adult Entertainment (folder), Adult Search (html), Casino's & Gambling(folder), Erotic Search(html), Find a date(folder), Venusseek(folder) and web seach(html) ] I hate these Bas@$!*'s At least their site seems to be shut down now! I can if you wish add the two files I found in /program files called win32.dll and winsrv32.exe if you wish - there was also a cookie. Antg
Hi antg, If you would be kind enough to send the win32.dll and winsrv32.exe to the addy in my profile, that would be appreciated. (I will put you on the waiting list if they ever find a way to bottle it without alcohol ) Please do so before the fixing, because HijackThis will probably obliterate the .dll Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surferbar.com/ O3 - Toolbar: SurferBar - {FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} - c:\PROGRA~1\win32.dll O4 - HKCU\..\RunOnce: [win32] c:\program files\winsrv32.exe O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} - http://econnect.libereco.net/econnect.cab O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab Reboot after doing so and delete: c:\program files\winsrv32.exe The last two (O16) are not related, but installers for eConnect dialer and Gator spyware. Regards, Pieter
Pieter the files are too large to attach. Can you give me your e-mail address and I'll forward them on. Do you also want copies of the files in the start up I refered to? antg
Hi antg, Send them to pieter @ wilders.org (without the spaces) Everything that is related to surferbar is welcome. I'll make sure that any anti-spyware-developer in need of it gets a copy. Regards, Pieter
On the way.... Thanks After I send I'll run fix on Hijackthis and should I then delete the files I forwarded to you, or will they then be restored ? Antg
Hi antg, You can trash the files now and then Fix the entries with HijackThis afterwards, the following order doesn't matter. If you try to delete them, before fixing and rebooting, you may get an error that they are in use however. Thanks for the files, Pieter
Pieter all looks better but I cannot still change the home page from surferbar I change it and it changes back antg
Pieter I also have a similar problem at home having my homepage hijacked {not Surferbar} is there something like I read you suggested like CWshredder that may fix both suferbar and other homepage hijackers ?
CWShredder only works for all the CoolWebSearch hijacks, but feel free to post a HijackThis log for that computer as well. Please start a new thread for that, so we don't get them mixed up. Regards, Pieter
Hi antg, Have HijackThis Fix these two again, make sure all windows except HijackThis are closed. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surferbar.com/ O4 - HKCU\..\RunOnce: [win32] c:\program files\winsrv32.exe Then immediately call up Taskmanager and kill the winsrv32.exe process, then reboot into safe mode and delete: c:\program files\winsrv32.exe Keep me posted, Pieter
That seems to have fixed it !!! You are now at LEGEND status ! I am off home to try to fix that one also... Shall I do something with the win32.dll file also I only deleted the winsvr32.exe file ? Yours [ very thankfully ] antg
Hi antg, You can check if it's still around, but with any luck HijackThis removed it. Don't forget to dump the e-mail that infected you. Regards, Pieter
pity 'bout hotbar as I like the snow scene I had up top ... Oh well. Thanks again...I better go home 10.10pm [ more later]