One of my client users has received the (apparently) very popular and useful Home Search Assistent and it's friends. Per suggestions in previous threads, I have tried both the HSRemove (2x reboot, 2x reboot) and the about: Buster (2x reboot, 2x reboot). Microsoft Beta1 catches what it puts on, but not what the program itself. I have downloaded and run hijackthis 1.99. Here is the log, any help would be greatly appreciated.
Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:28:04 AM, on 5/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:
1. Select all available drives.
2. Check(tick) "Auto Clean".
3. Click "Scan".
When it completes, post back the full filename of any files that cannot be cleaned or deleted.
===============
Download CWShredder 2.14 from here. Run it and press the *fix,* not scan and allow it to clean the infection. Close all browser and explorer windows before hitting the fix button.
===============
Download, unzip to your desktop About:Buster and run it, then:
1. Click "Update".
2. Click "Check For Update"
(If no new version is available, skip to step #4.)
3. Click "Download Update", and wait for it to be installed.
4. Click "Start".
(Wait for the initial ADS scan to complete.)
5. Click "Yes", to shutdown any IE session currently open.
(Wait for the about:blank scan to complete.)
6. Click "Ok", to scan once more.
7. Click "Yes", to shutdown any IE sessions currently open.
8. Click "Yes", to begin the second pass.
9. Click "Save log", and post this log back along with your new log.
10. Click "Exit".
11. Click "Exit".
12. "Reboot"..
===============
Run HiJackThis then:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
C:\WINDOWS\sysjr.exe C:\WINDOWS\system32\iero.exe
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.
===============
Run HiJackThis and click "Scan", then check(tick) the following, if present:
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
===============
After rebooting your PC, rescan with hijackthis and post a new log.
Let me know how things are now.
Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.
This thread is more than three months old
No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Marked Solved 
.
Offline 
