Jump to content

MyWebSearch - Persitant, Help?

Corrosion.

By Corrosion.
in Questions

 Share

Recommended Posts

Corrosion. Newbie

Corrosion.

Posted
Posted

ok I've been searching all over the net.

I have that damned mywebsearch on my computer :/

Ive run hijackthis unlocker (to try and manually delete) I've manually edited registry I've run msconfig and I ran something I forget the name that scans my registry then I deleted the problem. Still coming back.

can this be fixed without wiping the machine?

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

I just recently started playing around with BartPE and now UBCD4win (http://www.ubcd4win.com/). Check it out if you ever have to remove something and want to be sure it's gone for good, Its a live Windows XP cd, so the HDD never gets a chance to launch the rouge files in question and you can safely delete them for good, unlike some other live cd's that are read only for NTFS systems. You can even mount a registry hive from the crippled pc and make changes to it before reboot.

Took me a while to configure it with the settings I wanted, but I have a VM to test it in before wasting any cd's. Lots of recovery tools and even the ability to read *nix file systems, not just fat and NTFS, so you can do quite a lot with it, like download the shadow password files or overwrite them with a known password hash. It also has the ability to dual boot windows XP and Knoppix(Or some other small linux variant of your choice) from the same disk, but if you want to just work from windows, it has some unix like tools to let you make changes directly from XP.

I was surfing the web with it earlier today on a pc with no OS, so you can take an old pc that is broken and still get some use out of it, if only for safe surfing since cds and dvd's are read only, you can't get infected while using it.

Link to comment
Share on other sites
l337virus Newbie

l337virus

Posted
Posted

well i recommend running autoruns but if you don't see anything that is unusual try going to the into IE and then go to tool > Manage Addons and then add and remove addons and the look for some crazy file names as the programs and just search for the dll. or the file names described an (crazy add like like "shdhre.dll or wsdjdf.exe) and then just deleted if it dose not delete just rename it by taking the .dll extention off of it and restart the computer then next just run a registry cleaner to clean all the missing or broken registry values.

Link to comment
Share on other sites
Corrosion. Newbie

Corrosion.

Posted
  • Author
Posted

Its back :/ Scanning again

EDIT

I'm going back to regedit....

EDIT

seems to be really gone this time :)

Uninstalled entry, removed all registry entries, booted into safemode and scanned.

Link to comment
Share on other sites
l337virus Newbie

l337virus

Posted
Posted
Its back :/ Scanning again

EDIT

I'm going back to regedit....

EDIT

seems to be really gone this time :)

Uninstalled entry, removed all registry entries, booted into safemode and scanned.

if that dosent work then try using spy sweeper 5.0 beta

since its on beta it will remove the stuff it finds

http://www.webroot.com/beta/beta_download.php

Link to comment
Share on other sites
Corrosion. Newbie

Corrosion.

Posted
  • Author
Posted
This only prooves the point: An infected system can bnever be trusted there after. Reinstall.

yeh I kno :/

Just kinda sucks lol

Thanks for all the help guys

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...