FreeHugeMovies

Everytime I reboot my home page is reset to...

http://www.searchv.com/w/

I have ad-ware 6.0 and everytime I run it, it finds something and I delete it. How do I get ride of this fucking thing?

HS-Trixxxia

Before running Adaware - update it
Here's a link with more info if you want to get technical
http://www.computing.net/security/ww...orum/6732.html

pantymaniac

did you update it ??

download the latest ref file

__________________
This place is for RENT

nige

I switched from ad-aware to Spy Ware awhile ago..

FreeHugeMovies

Yep, just got it and ran it, rebooted and still fuxored.

SpaceAce

Open a command prompt and type 'regedit'.

Look under HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run and delete anything you don't recognize or list things here and people can tell you what's what. Do the same for HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run

SpaceAce

Cash

Download Spyware remover , maybe it will help. Did you also do a virus check on your PC? Maybe it's a new worm or something ...

__________________
$9.95/month for 15000 GB bandwidth monthly, unlimited (sub)domains and MySQL5, PHP4/5, 500 GB disk storage! ; use any of these invitation codes: 216263692101; 408636009193; 846090586647; my ICQ 30160426!

Yanks_Todd

I have to use a combination of adware 6.0 and spy-bot search and destroy to handle that pesky stealthware. But even that doesn't work with some of the "great new stuff" they are coming out with.

Them

__________________
Todd Spaits - Co-founder -YanksCash
Premium ad-packages available - Skype for details - tmspaits

kmanrox

spybot is what i use, its free and has gotten rave reviews...

__________________
Crypto HODLr
Crypto mining
Angel investor

FreeHugeMovies

I just installed spybot and rebooted. Still got the damn thing. Time to take space dogs advice.

Abyss_Vee

time to format

SpaceAce

<I>Ace</I>, Space<I>Ace</I>. The first thing I heard when I started posting here was "Oh, SpaceDog is back." I am not he.

SpaceAce

FreeHugeMovies

Sorry SpaceAce. Can you msg me on ICQ so I don't delete anything I need in the registry?

PersianKitty

Take a peek at the page I put online to help visitors at http://www.pk.com/spyware.html

Specifically it might be helpful for you to download HijackThis and run it.

__________________

FreeHugeMovies

Thanks PK I'll try and keep you posted.

grumpy

check you autoexec.bat , might be something in there.

__________________
Don't let greediness blur your vision | You gotta let some shit slide
icq - 441-456-888

KMR Stitch

There is a new virus/spywear program out...

Its just like the mime exploit with active-x

It will make you download a .hta file when you restart it will make your cpu its bitch..

Aim profile = owned
homepage = owned
Fav's = owned

Source: C:\Documents and Settings\KMR\Local Settings\Temporary Internet Files\Content.IE5\418XEJ05\detour[1].hta
Click for more information about this virus : Trojan.Sinkin

You can thank Gabe for that virus he got it on acciden't and I clicked on his aim profile.

Gabe got owned by that virus! He was pissed lol

Ic3m4nZ

Get Ad Aware 6 it will do the job.

IntenseCash

be careful there! might delete some important things and really screw up window!

__________________
IntenseCash.com
~ Chuck | ICQ: 444887112
Top converting sites:
BrokeStraightBoys.com, CollegeDudes.com & CollegeBoyPhysicals.com

RawAlex

Gee, for a bunch of people who depend on search engines for traffic, none of you seem to be able to find shit...

http://www.computing.net/security/ww...orum/6873.html

There, thats how you get rid of it.

Oh yeah, run windows update and install EVERYTHING. Do that every week.

Alex

FreeHugeMovies

I ran cwshredder and it found some shit but I still have an this virus.

I then ran HijackThis and here is my log

Logfile of HijackThis v1.97.3
Scan saved at 2:38:30 AM, on 10/20/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ICQ\ICQ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Michael\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/www.searchv.com/w/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/w/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/w/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/w/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/w/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Michael\Application Data\winshow\winshow.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.reg
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MSupdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...B?37897.581875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Nima

yep cwshredder will fix the problem!