Thread: How can I get rid of Search2web(RESOLVED)
View Single Post
  #5 (permalink)  
Old 21-03-2006, 10:44 PM
Neal's Avatar
Neal Neal is offline
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: How can I get rid of Search2web
If the other computer is infected with something, start a new thread for that one please.
Are the two computers connected to each other?


Download the Intermute stand-alone version of CWShredder from here: cwshredder.net/bin/CWShredder.exe
Install it and check for updates then exit, we will use it later.


Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5


Download Clean.bat to your desktop(Save page as or Save as): for later use to clean out your TEMPORARY and PREFETCH files.
http://www.thatcomputerguy.us/downloads/clean.bat


If you have wildtangent installed I suggest you remove it via add/remove program

Reboot if removed


Run hijackthis and click on scan button and put checks next to these items:


O4 - HKLM\..\Run: [Update] C:\WINDOWS\csrss.exe /i lsass
O4 - HKCU\..\Run: [Phone idol] C:\DOCUME~1\elliot\APPLIC~1\CORNBO~1\balm iso.exe

O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/...uncherSetup.cab

O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - C:\WINDOWS\chp.dll


Make sure nothing is open and click "fix checked"


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Now run CWShredder and click on fix


Hunt for and delete if present:

C:\DOCUME~1\elliot\APPLIC~1\CORNBO~1 < folder---starts with CORNBO
C:\WINDOWS\chp.dll < file
C:\WINDOWS\csrss.exe < file---make sure you delete this from the Windows folder only




Now run that clean batch file you created earlier, type in 'Y' a couple of times and press enter each time you type in "Y" until black box disappears.

Then:


Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files
Click OK or Enter

Reboot

Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal Start


Post a new HJT log for further review
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Last edited by Neal; 22-03-2006 at 01:17 AM.
Reply With Quote