If geeks love it, we’re on it

Remove Home Search Assistant

Remove Home Search Assistant

Why you should consider it: Home Search takes over your browser. It’s annoying. It’s hard to remove. It’s frustrating. Not anymore. Learn how to get it gone and keep it gone.


Editors foreword: There are the talents of many of our staff that have spent countless hours getting this guide and Short-Media’s other guides and tools prepared to help you defeat spyware. They have put their own PC’s in peril to put spyware and browser hijackers back in their place…out of your PC.

If your PC is going places you don’t want it to then here’s your guide to remove Home Page Assistant hijacks with Short-Media’s Home Page Assistant Removal Guide!


Home Search Assistant. Only The Best. Shopping Wizard.

Those are some of the names it goes by but people
whose computers have been hijacked by this home page can think of a lot of other
names they would like to call it!

Does this home page look familiar?

cu_homesearch_webpage

If it does, you, like many thousands of internet surfers,
have been hijacked by the Home Page Assistant (HSA) hijack. This hijack is
widely believed to be a new version of the infamous CoolWebSearch (CWS) hijack,
one of the most wide spread and well known hijacks to date. CWS had its’
nemesis though: the highly popular CWShredder program, which was updated
regularly to fight new variations of the infection. However, CWS is being
replaced by HSA at an amazingly rapid rate, and the maker of CWShredder has said
he has no plans to try and create a removal tool for HSA at this time.
There are a couple of programs on the web that claim to remove HSA, but they do
not work in every case, as this hijack has a few nasty tricks that make
automated removal harder to accomplish.

The Home Search Assistant (HSA) browser hijack is a very
persistent hijack. It is characterized by multiple redundant dll and exe
infection files, all with random names. These are reinforced with a
bogus background service that makes sure the infection stays alive. Users
who thought they were pretty good at using the Hijack This program to remove
malware got a sudden surprise. They would delete some randomly named
entries and the associated files, and assume they were all cleaned up. But
when they next opened their browser window, there it was again! Another
check of the Hijack This log showed similar entries…with completely new random
names! It was like swatting at mosquitoes…while you are busy smacking
one on your arm, another one is landing on your leg.

“Bogus services? Redundant dll’s?
Random names? I’ll never get this thing off my computer! Time to
re-install Windows…right?”

Wrong!

The Home Search Assistant file names follow some
recognizable patterns, so with some patience and determination, it is easy to
figure out what they are. The key is to identify the hidden service running on
your computer, and disable it, so that new files are not spawned every time you
delete the current one. “How do I do that?” you may wonder. Easy:
malware fighting websites have quickly identified the phony names the services
currently hides as, and are eagerly on the watch for new variations.

“What do I do to get rid of this thing?”

Read the free, easy to follow step-by-step

Home Search Assistant Removal Guide
by Short-Media.com!

Since being published in mid-August, our removal guide has
been viewed by tens of thousands of computer users, and leads numerous search
engine hits for this problem. Of those thousands of viewers, only a very
small fraction have needed to register for

Short-Media.com’s Support Forums
for additional help. What does that
tell us? That it works!

“But I am not very good with computers, I
don’t know if I can do this!”

Don’t worry, it’s easier than you think! And if you
do have trouble working through the guide on your own, help is only a click
away! Register for our forums and post your Hijack This log in our
Security –
Spyware / Virus / Trojan forum.
One of our experienced users will
point you in the right direction to solve the problem.

Home Search Assistant Removal Guide

The Home Search Assistant (HSA) browser hijack is a very persistent hijack. It is characterized by multiple redundant Hijack This entries and re-infection files, all with random names. However, the names follow some recognizable patterns, so they can be determined by checking using Hijack This.exe (HJT) with some patience and determination.

This hijack is also known as:

  • Only The Best
  • Home Search Extender
  • Shopping Wizard
    – res://****.dll/index.html#***** (or simply res .dll)

For purposes of this Guide, I will refer to it as Home Search Assistant (HSA.)

This hijack is widely believed to be a new version of the infamous CoolWebSearch (CWS) hijack, but cannot be repaired using the popular CWShredder program.

The biggest obstacle to solving this hijack is that the file names and HJT entries rename themselves when the computer is rebooted. We believe there are 2 different ways the files/entries rename themselves: either when you shut down the computer, thus ending the active processes; or, when the computer is booted up and the processes first launch. We have had reports from users that this can happen even at startup in Safe Mode.

A good first step to try to remove this is to download and run a program called HSRemove.exe:

This program is reported to work in several instances. However, there are also many reports of it not working. If HSRemove does not work for you, then you will have to manually remove the files and entries from your system. At the present time, we are using a fix that involves breaking the renaming cycle by hard-booting the computer. A hard reboot is shutting down the computer and restarting it by killing the power to the system. In other words, DO NOT REBOOT THE COMPUTER USING THE START MENU BUTTONS FOR LOG OFF OR REBOOT. Manually shut the computer down, by either:

  • yanking the power plug out of the back of the computer or out of the wall outlet, waiting a few seconds, then plugging it back in;
  • shutting it off with the power switch on the back of your computer case, waiting a few seconds, then switching it back on;
  • pressing the power reset button on the front of your case.

Any of those methods will work fine. (Note that on some retail systems like Dell or Compaq, the front power button will do a soft reboot, which is not what we want here. In that case, use the rear power switch or just yank the plug.)

*** Before removing HSA, download and run Ad Aware and Spybot Search and Destroy.***

These programs will not remove HSA, but they will clean up many other known types adware / spyware entries in your system, which will make your HJT log file easier to read. Instructions and links to download these programs are at:

http://www.short-media.com/forum/sh…151&postcount=1

***Also, we recommend first running a full virus scan with your anti-virus software, to remove any known viruses from your system.***

Again, the anti-virus program will likely not fix your HSA problem, but can help remove other entries from your HJT log and make it easier to deal with. If you do not have an anti-virus program…you should not be on the internet. Seriously, I’m not kidding. If you really do not have an anti-virus program, you can check out our user’s recommendations for what program to buy, including some free alternatives, at:

http://www.short-media.com/forum/showthread.php?t=12261

That thread includes links to the most recommended applications.

Finally, after doing all that, you can proceed to remove Home Search Assistant. I will use some example HJT log entries for this explanation. YOUR HJT ENTIRES AND FILENAMES WILL PROBABLY BE DIFFERENT THAN THESE! Use the explanations I will provide shortly to determine your problem entries / files.

Removal Guide: (PRINT THESE INSTRUCTIONS OUT FOR YOUR REFERENCE)

homesearch_webpage

Step 1 – Download and install the program Hijack This.exe. Instructions and download link:

http://www.short-media.com/forum/sh…584&postcount=2

Also, download the program about_:Buster and unzip it’s contents to the same folder you put Hijack this into.

About:Buster

Please test about_:buster right away. You don’t need to let it scan all the way, just see if it works or not. If you get an error message about a file: “MSCOMCTL.OCX” you need to download the following fix:

http://www.javacoolsoftware.net/dow…ngfilesetup.exe

Run that fix, re-run about_:buster to see if it works. If it still does not, do not worry, you can proceed with the guide without this program.

When you have these programs installed properly in their own directory, run Hijack This and perform a scan as per the instructions. Press the Save Log button. Save the log, but also PRINT IT OUT. You will use that print out to determine the problem entries, and you will be comparing this against a second scan in Safe Mode, so you will need this printed out. Once that is done, exit HJT.

What you are looking for are the following:

  • multiple R0 and R1 entries with the same dll name in them, followed by /sp.html#xxxxx where x is a random number
  • R3 entry – Default URLSearchHook is missing
  • an 02 BHO entry with a random seeming dll name, usually 5 characters followed by a 32
  • an 04 HKLM run entry with a random seeming exe name of either 4 or 5 chars, often with 32 in the name.
  • multiple 04 RunOnce entries with random seeming exe name of either 4 or 5 chars, often with 32 in the name.

An example taken from our forum:

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =

res://C:WINNTzxzgr.dll/sp.html#12802

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =

res://C:WINNTzxzgr.dll/sp.html#12802

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = res://zxzgr.dll/index.html#12802

R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =

res://zxzgr.dll/index.html#12802

R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =

res://C:WINNTzxzgr.dll/sp.html#12802

R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar =

res://C:WINNTzxzgr.dll/sp.html#12802

R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =

res://C:WINNTzxzgr.dll/sp.html#12802

R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = res://zxzgr.dll/index.html#12802

R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

res://C:WINNTzxzgr.dll/sp.html#12802

R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

res://C:WINNTzxzgr.dll/sp.html#12802

R3 – Default URLSearchHook is missing

O2 – BHO: (no name) – {5EA09FEA-707B-FB28-AF23-9B7F1EA97C20} – C:WINNTmfcwz32.dll

O4 – HKLM..Run: [sdkql.exe] C:WINNTsdkql.exe

In that case, the files that are causing the problem are:

C:WINNTSDKQL.EXE

C:WINNTzxzgr.dll

C:WINNTmfcwz32.dll

Here is an example of the 04 Runonce entries:

O4 – HKLM..RunOnce: [apisn.exe] C:WINDOWSapisn.exe

O4 – HKLM..RunOnce: [sysdl.exe] C:WINDOWSsystem32sysdl.exe

O4 – HKLM..RunOnce: [iehe.exe] C:WINDOWSsystem32iehe.exe

O4 – HKLM..RunOnce: [javaiz32.exe] C:WINDOWSjavaiz32.exe

O4 – HKLM..RunOnce: [winqe.exe] C:WINDOWSwinqe.exe

O4 – HKLM..RunOnce: [appxv32.exe] C:WINDOWSappxv32.exe

O4 – HKLM..RunOnce: [addji32.exe] C:WINDOWSaddji32.exe

O4 – HKLM..RunOnce: [iefj32.exe] C:WINDOWSiefj32.exe

O4 – HKLM..RunOnce: [ieif.exe] C:WINDOWSieif.exe

O4 – HKLM..RunOnce: [mswl.exe] C:WINDOWSsystem32mswl.exe

O4 – HKLM..RunOnce: [apioi32.exe] C:WINDOWSsystem32apioi32.exe

O4 – HKLM..RunOnce: [netgi.exe] C:WINDOWSsystem32netgi.exe

O4 – HKLM..RunOnce: [apiey32.exe] C:WINDOWSapiey32.exe

O4 – HKLM..RunOnce: [appxa.exe] C:WINDOWSappxa.exe

O4 – HKLM..RunOnce: [winvr.exe] C:WINDOWSsystem32winvr.exe

O4 – HKLM..RunOnce: [mfcib32.exe] C:WINDOWSmfcib32.exe

O4 – HKLM..RunOnce: [atlvf.exe] C:WINDOWSatlvf.exe

O4 – HKLM..RunOnce: [winhj.exe] C:WINDOWSsystem32winhj.exe

One giveaway of the 04 Run and RunOnce entries is that the process name and filename will be identical, for example:

O4 – HKLM..RunOnce: [winhj.exe] C:WINDOWSsystem32 winhj.exe

This gives you some idea of what to look for in your log.

Step 2 – Set your computer to show all hidden files and folders. Instructions:

Step 3 – If you are running Windows XP or ME, disable System Restore. Instructions:

Step 4 – Click Start, and then Run. Type “Services.msc” in the run box and hit enter. Look for any of the following services:

  • Network Security Service

  • Workstation NetLogon Service

  • Remote Procedure Call (RPC) Helper

If any of those are there, right-click on it and STOP the service, then right-click again, go into properties, and set the service to “disabled.” Exit the services control panel.

( Note 1 – if you do not see any of the services listed here, then click here. Do not “guess” and disable a service with a name that looks close to one of these. If it does not match one of those listed items exactly, leave it alone, or you could disable a legitimate service needed by Windows.)

Step 5 - Hard Reboot your computer via one of the methods above.

Step 6 – When the computer starts to come to life, start tapping the F8 key on your keyboard. Eventually this will bring you to the Advanced Boot Options screen. Use the arrow up/down keys on your keyboard to select the option which says SAFE MODE (make sure it says only that, not any other options like with networking or with command prompt.) This screen will vary somewhat with different OS versions. Press Enter, and stand-by for the computer to boot in Safe Mode. Depending on the speed of your computer, this may take up to several minutes.

***Note – on some computers, tapping the F8 key will first bring up a mother-board based boot device selection menu. It will have options for what device to boot from, such as Floppy Drive, IDE Hard Drive, ATAPI CD-ROM, Removable Device, etc. Choose IDE HARD Drive. Then, once that menu disappears, begin tapping the F8 key again to get the Advanced Boot Options screen outlined above. ***

Step 7 – Once the computer is booted up in Safe Mode, locate and run HJT again. Scan and save a log. Compare this log against the one you printed earlier. If the files have renamed themselves, compare your current log with the one you printed out earlier, to see which R0, R1, 02 and 04 entries appear in the log now that are not on the printed log. If the file names are named the same as in the normal mode scan, then follow the explanations above to determine which files fit the pattern and are likely the cause of your problem. The R0 and R1 entries will be pretty obvious (and if you are not sure, you can fix all R0 and R1 entries, as you can easily reset these in your browser later.) The 03 and 04 entries will have to be selected using the naming criteria above. You may use a search engine like Google.com to search for the file name to see if it is a valid file. There are also many good resources for determining if HJT entries and file names are legitimate files or not. Short-Media has a listing of some of the best of these resources here.

If you absolutely cannot figure it out, join our forum membership, post your HJT log, and one of our members will help you determine which entries are your problem.

Fix the offending R1, R2, 02 BHO entries, and any 04 Run / RunOnce entries. Put a checkmark beside them in HJT, and press FIX.

Then, exit HJT, but stay in Safe Mode.

Step 8 – Locate and run about_:Buster. Make sure to check for and download the latest update to the program. Then scan your computer by pressing the Start button in about_:Buster, and clicking OK. It will attempt to identify and fix the R0 and R1 entries above, plus any other versions of this or certain other infection files that it finds on your computer.

Step 9 – After running about_:Buster, you need to confirm that the files in your HJT log have been removed. Stay in Safe Mode, open My Computer, and then open your “C” hard drive. Right-click in there and create New Folder. Name this folder Quarantine. From the HJT entries above, determine the file names and directory paths of the infection files.

For instance:

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =

res:// C:WINNTzxzgr.dll /sp.html#12802

O2 – BHO: (no name) – {5EA09FEA-707B-FB28-AF23-9B7F1EA97C20} – C:WINNTmfcwz32.dll

O4 – HKLM..Run: [sdkql.exe] C:WINNTsdkql.exe

O4 – HKLM..RunOnce: [addji32.exe] C:WINDOWSaddji32.exe

Locate those files by navigating to their locations. If any of them still exist on your computer, proceed to Step 10. Otherwise, skip to Step 11.

Step 10 - Move these files to the Quarantine folder on your C drive. Rename all of the .dll extensions to .ddd, and all of the .exe’s to .xxx. That way, if you accidentally quarantined a legitimate file, you can always replace it by renaming it and moving it back to where it came from (consult your printed HJT log to determine the correct folder it came from, or save the text file of your HJT log with the date on it for reference.)

Step 11 – (Warning – this step uses the Regedit tool. Be very cautious, making a mistake here can seriously foul up your computer!) Still in Safe Mode, click on Start-> Run. Type REGEDIT and press Enter .

Click the + signs next to the folders to navigate the registry folder:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices

Highlight Services on the left hand side of the window. In the right hand side pane, look for any entries named:

– Network Security Service

– Workstation NetLogon Service

– Remote Procedure Call (RPC) Helper

-__NS_Service

-__NS_Service_2

-__NS_Service_3

Obviously, you would expect to see the one that matches the service you identified in Step 4, but check for them all to be safe. If you see any of them, right click on them, and delete them.

Next, navigate to:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRoot and highlight Root on the left side. Look on the right side for any of these:

– LEGACY Network Security Service

– LEGACY Workstation NetLogon Service

– LEGACY Remote Procedure Call (RPC) Helper

– LEGACY___NS_Service

– LEGACY___NS_Service_2

– LEGACY___NS_Service_3

Again, you would expect to see the one that matches the service you identified in Step 4, but check for them all to be safe. If you see any of them, right click on them, and delete them.

If you cannot remove these entries, right click on it and choose Permissions. Check the Full Control box and click OK. Then try to delete it again. If you are using Windows 2000, close Regedit. Click on Start-> Run, and type in REGEDT32. Locate the same folder, and highlight it. Click on the Security menu at the top of the Regedt32 program, select permissions and change the permissions to Full Control. Then try to delete the key. Once the keys are deleted, close the Registry Editor.

(Note – you may not have these entries in your Registry. This list is being updated as new entries are located on various sources on the Internet. New registry variants may appear at any time. If you do not find one of the ones listed, do not worry, just proceed to Step 12. So long as you have stopped the service and quarantined the files, the stray registry entries will not cause the hijack to return. Your registry is likely full of stray entries like this from various software that has been installed and removed from your system. Of you are concerned about this, install a registry cleaning program to identify and clean stray entries. I recommend Easy Cleaner.

Step 12 – Clean out temporary and temporary Internet files. There are a couple of ways to do this:

a – Open My Computer, right click on your C drive, select Properties, and click Disk Cleanup.

b – Go to “Start” => “Run” and type in the box: “cleanmgr”.

c – Use a cleaning program like Easy Cleaner to clean out temporary files.

Either way, let the disk cleanup manager scan your system for files to remove. Set it to clean Temporary Files, Temporary Internet Files, and Recycle Bin. Click OK to begin.

Step 13 – Hard boot the computer again. Manually shut the computer down, by either yanking the plug out of it, or shutting it off with the rear power switch. Then, plug it back in or turn it back on. Let it boot up normally.

Step 14 – Launch Internet Explorer, and see if the problem is gone. You may need to reset your home page settings by clicking the Tools menu -> Internet Options -> Programs -> Reset Web Settings. Then click the General Tab in that same window, and manually set whatever home page you want. Surf a few websites to make sure the hijack is gone.

Step 15 – Exit Internet Explorer and run HJT again. Scan again and search once more for any entries that match the HSA criteria. If any are there, repeat the process. If none are there, Exit HJT and celebrate…you have slain the monster!

If you still have the problem, register for Short-Media’s forums and post a HJT log in the Spyware/Virus/Trojan Discussion forum:

Let us know if you followed this guide, as well as whether or not you ran Ad Aware / Spybot SD. If your problem is not fixed, do not complete steps 13 or 14 yet.

Step 16 – Reset the “Hide Protected Operating System Files option that was changed in Step 2. Keep the “Show Hidden” turned on, and the “Hide Extensions” turned off. This gives you better control of seeing what is on your computer.

Step 17 – On XP and ME, re-enable System Restore as per the instructions here.

If you have removed this hijack successfully, you may notice that it left some entries in your Add/Remove Programs control panel, that cannot be removed from it. The program Easy Cleaner, linked above, will also take care of that problem, and many others. It is a very useful application.

Now that you have rid yourself of this pest, take some time to learn more about preventing adware / spyware problems on your computer. Read:

Spyware General Information

Defeating Spyware

And finally, if this helped you, and you found this guide useful, please bookmark our website, tell others about us, and leave us some positive feeback on our feedback forum (registration required).

Still not sure?

Take a look at what some very happy users have
already said about Short-Media’s

HSA Removal Guide:

“A big, heartfelt thank you! to the people
involved in the “Home Search Assistant Removal Guide”. I have just used it
successfully to remove any and all trace of this deeply annoying adware, having
previously tried a number of combinations of anti-virus and adware removal
tools, with no success whatsoever.”

“A pleasure to follow such a coherent guide.
Thanks again!”

“After trying for the last week to get rid of
Home Search Assistant, I ran across your guide today. I tried several other
forum
suggestions, and yours is the only one that worked. Thanks!”

“I just had to say a big THANKS! Got the HSA
hijack last week and had no idea what to do. So I googled on it and came across
your HSA removal guide. It was straightforward and easy to follow, and I kicked
the little scumbag off my machine. I’m FREE!!!!!!

THANK YOU – THANK YOU – THANK YOU – THANK YOU”

“I wanted to let you know that I had the Home
search assistant, search extender, shopping wizard problem. I searched the web
for hours and I finally tried your step by step removal. The process was very
easy to follow and it worked perfectly. I just want to say thank you so much for
your detailed steps, You Guys are Great!!

Thanks Much!”

“Many many many thanks it solved my problems!!!!!!!!!!!!!!!!!!

Had difficulty with Home Search for abut a week, tired the removal guide,
and hey PRESTO ALL GONE! MAGIC! Will let others know about an
excellent site.”

“You guys are terrific. Thanks again for all
your help!”

Short-Media.com’s Security “SWAT Team” is constantly
updating the
HSA Removal Guide
with the latest information, as well as adding
information based on the questions and new problems users have encountered along
the way. When new variations of this hijack surface, we’ll be ready to add
them to the guide. Plus, our guide contains links to other Short-Media.com
articles and useful programs to help you gain the knowledge and the tools to
help prevent these type of problems from happening on your computer again.

Comments

  1. Unregistered
    Unregistered Why not just load BPS with System Hijack Scanner, highlight IE icon, click scan, tick the box for the offending web page/s, then click on the fix button (it looks like a exploding bomb). Problem solved, BPS (Bullet Proof Spyware) wins the day and the system hijackers are toast again. I love spanking them for fun Yeeeeeeeeehaaaaaaaa!!!!
  2. Unregistered
    Unregistered removed/edited by MM.
  3. Dexter
    Dexter
    Why not just load BPS with System Hijack Scanner, highlight IE icon, click scan, tick the box for the offending web page/s, then click on the fix button (it looks like a exploding bomb). Problem solved, BPS (Bullet Proof Spyware) wins the day and the system hijackers are toast again. I love spanking them for fun Yeeeeeeeeehaaaaaaaa!!!!



    Because that software is shareware and costs $29.00 to register. Our removal guide is free. :)

    Dexter...
  4. Unregistered
    Unregistered hi i do try all this procedure and hsa still active
    i have my networksecutity bogus service run under desktop.ini:pbqck /s and that react with the desktop at reboot even hard reboot
    and when im in safe mode and do a hijk scan or hsrem my norton antivirus find new bogus *.exe file or *.dll create on the same moment the scan run
    im at the point to reformat the disk well,its not my pc but its a customer pc so i guest they will learn a lesson not to go to a bogus site and clik ok on anything proposed
  5. Dexter
    Dexter As per the instructions in the guide, please feel free to register for our forums, and post your logs for added assistance. Disable your Norton scanning while working on this to prevent the warnings.

    Dexter...
  6. Unregistered
    Unregistered Hi,

    Just to let you know that previously to reading your removal guide I had tried everything to remove HSA. I had dowloaded all the software that you mention in the quide and Uninstaller Pro however they never completely removed it and every time I started my computer it would re-appear. I had also followed many other guides/recommendations with no success. So I couldn't believe how easy it was to delete it by following your instructions after having it on my computer for months. I think I was nearly 70% of the way their however I was just about to give up. I am so glad I found your guide as it gave me the confidence to delete the final programmes/files that were left in my computer. Thank you very much! Just to point out that after I had sorted my home page problem and cleared out the unwanted file using the download recommended I still had HSA in my add/removes files. I had to use Uninstaller Pro which finally deleted them without them re-appearing. I would recommend that everyone use this guide.
  7. MediaMan
    MediaMan
    I would recommend that everyone use this guide.

    Words we love to hear. We are glad that we could help. :)
  8. Unregistered
    Unregistered Hi Have finally removed home search assistant very quickly and very easily using ad-aware, it's freeware and available from http://www.lavasoftusa.com/
    also found that ad-aware finds alot more malicious files, registry entries etc than other scanners. It also deletes the files, Nortons seems to find some then error deleting them, even in safe mode.


  9. primesuspect
    primesuspect Thanks for the info, unregistered. We are very familiar with AdAware, and have been advocating its use for a long time. It can be found on our security downloads page.

    As far as I know, AdAware 1.05 with the most current definitions, does NOT remove the HSA yet. Hopefully, it will soon, because it is very labor intensive to remove manually.
  10. Trogan
    Trogan
    Thanks for the info, unregistered. We are very familiar with AdAware, and have been advocating its use for a long time. It can be found on our security downloads page.

    Right on Prime! But to be honest, i've only known about Ad-Aware and SpyBot since the end of july. So, I guess people are finding it :)
  11. Linc
    Linc
    As far as I know, AdAware 1.05 with the most current definitions, does NOT remove the HSA yet. Hopefully, it will soon, because it is very labor intensive to remove manually.
    It cripples it pretty well (including killing the service in my roommate's instance), but doesn't totally destroy it yet.
  12. Unregistered
    Unregistered Thank you very much for the concise and helpful guide for removing Home Search Assistant. No other software, including AdAware and Spybot, were successful with it
  13. gsmith00
    gsmith00 I have been trying to remove "search extender" and "home shopping" with "spybot 1.3", "hijackthis", "aboutbuster", "adaware", "winpatrol" and anything else I could find while beating the crap out of my register and wishing I could find the SOB that created this thing. Finally, used "hsremove" and the damned thing is gone. I would like to thank whoever put this tool together, it is great.
  14. gsmith00
    gsmith00 I have been trying to remove "search extender" and "home shopping search assistent" with "spybot 1.3", "hijackthis", "aboutbuster", "adaware", "winpatrol" and anything else I could find while beating the crap out of my register and wishing I could find the SOB that created this thing. Finally, used "hsremove" and the damned thing is gone. I would like to thank whoever put this tool together, it is great.
  15. Unregistered
    Unregistered i own
    u all suck
    believe
    im making a new one
    :D
    grtz tha M
  16. primesuspect
    primesuspect Can't wait to see it "tha M" :rolleyes:

    From your writing style, I can tell that it will be an excellent addition to the anti-spyware community. ;D
  17. Unregistered
    Unregistered Hallo thank's for this guide
    it was very useful to cancel my problem
    thanks thanks thanks
    L.C
    Italy
  18. Unregistered
    Unregistered Hi,
    Giant AntiSpyware boasts that their software will remove Home Search Assistent, Search Extender, and Shopping Wizard. Has anybody had success with this software.
  19. Dexter
    Dexter I checked out their webpage on this at:

    http://www.giantcompany.com/antispyware/research/spyware/spyware-Home-Search-Assistant.aspx

    That info was last updated a month ago.

    They list a lot of file names they have as signatures. They also list the "MD5" hash signatures, and registry entries for BHO's. I don't see any mention of the Services registry entries.

    If they only remove this based on known file names, it is not going to work, because the file names are randomly generated using variable name lengths (4 or 5 chars usually) and sometimes have a "32" attached to those names making them 6 or 7 chars long. So checking against a database of known files is not going to work. If they are checking file name patterns to get a suspected match, then it could work.

    It would be interesting to try to get someone who is infected to try their software out. I'll try and get someone form our forums to test this out. I think if it really worked that effectively, we would have heard about it before, but it is worth testing.

    Dexter...
  20. Unregistered
    Unregistered Hey your guide is really good i had my doubts to weather it would work but it got rid of all of HSA and people should make sure they follow the guide completly before sating it dosent work because it does work. Cheers :-)
  21. Unregistered
    Unregistered Hello, I followed your guide for home search assistant removal. Although I did it 3-4 times I could not get the virus off. I then noticed that a file kept running a suspicous script. the file name was system[1].exe I deleted it and it kept coming back. After this I decided to search the registry and I came across it in the registry too. So I deleted it there as well. I would suggest that adding something into your instructions just incase this happens to someone else. I also noticed that I was getting Bargain Buddy and sites showing up in my trusted zones. This also kept infecting me. I would suggest that people search their registry and for any of these files. I also found that I had iefeats.dll in my registry. I'm not sure how all of these files were connected. But they seem to be. 1 other file that was running on my sytem is Isexeng it had an executable file in my windows file called angelex.exe I had to stop the service and disable it then delete the angelex.exe file in my registry as well as do a complete search of the registry for those files. I am glad to say that after a little hard work I defeated the viruses on my computer. You do have clean out all of your temporary files even though the aboutbuster program says it cleans it out, Make sure you check the registry for any files you find that are viruses. They come back because there is more than one entry in the registry. I also found out when using the registry tool you need to be at the top of list when starting a new search. This caused me to miss a few files the first couple of times.
  22. Unregistered
    Unregistered I have removed lots of spyware but this was the most difficult to remove... I just installed xp on this computer for my mother and i thought i was already going to have to reformat and install again.
  23. Unregistered
    Unregistered I'm sorry, and I know this is gonna sound really pathetic, but how do I get this stuff on my computer to get rid of "HSA" or "Home Search Assisten"???
  24. Unregistered
    Unregistered Got it sorted...don't worry
  25. Anti-Spy
    Anti-Spy hi all...its been 5days combating this SOB cws-ns3/cws/hsa/search extender/shopping wizard spywares...its seems near impossible to do it...but after goin tru each registry file...i manage to kill 90% of their work...now still counting...these adware mutates around our hardisk...juz b xtra careful...
  26. Unregistered
    Unregistered Hi - THANK YOU! I followed the instructions to the letter - it took 3 times - but it worked!! the only additional thing I did was to stop a service that's name was all funny characters and quarantine the source file as the instructions said to do with the others... don't know if that was the trick, but just glad to be rid of it!!! thanks again! ~Michael
  27. Unregistered
    Unregistered I'd just like to declare my undying love for the 'Dexter'. Thank you so very much for providing a product that got rid of HSA and programs of that ilk. I've been trying for months to get rid of them and was nearing the point of violence. And if you could possibly help me with a program called TSA, it would be very appreciated. Thanks.
    Klink1327
  28. primesuspect
    primesuspect Klink1327, we can help you get rid of all your spyware and malware.

    First, Register on the forums, then go to the Spyware, Virus, and Trojan discussion forum. Read the steps to take before posting, and it will show you how to post a HijackThis log for an expert to look at and tell you what to fix.

    Welcome to short-media :)
  29. Dexter
    Dexter
    Hi - THANK YOU! I followed the instructions to the letter - it took 3 times - but it worked!! the only additional thing I did was to stop a service that's name was all funny characters and quarantine the source file as the instructions said to do with the others... don't know if that was the trick, but just glad to be rid of it!!! thanks again! ~Michael


    We have had a couple of users mention a randomly named service. We We will look into it and see if we can add some info on that to our guides. Thanks for the feedback. If you read this, I would appreciate if you could email me some more info about your entry.

    Dexter...
  30. Unregistered
    Unregistered Hi all... how do I remove this awful thing??? I have windows 98 and am NOT computer-literate. I found the instructions very difficult and finally gave up. Isn't there a simpler way? I even purchased software called Zerospyware and it couldn't remove it. Of course, Adaware and Spybot are useless. If someone has an update on software that removes it, I'd sure appreciate hearing about it...
  31. Dexter
    Dexter
    Hi all... how do I remove this awful thing??? I have windows 98 and am NOT computer-literate. I found the instructions very difficult and finally gave up. Isn't there a simpler way? I even purchased software called Zerospyware and it couldn't remove it. Of course, Adaware and Spybot are useless. If someone has an update on software that removes it, I'd sure appreciate hearing about it...


    The Removal Guide does not work for Win 95 or 98. This is because the nature of the infection is different. Please join our forum (it is free) and post an HJT log in the SVT forum so we can help you remove it manually.

    There is no simple software solution to this problem, this infection was designed to be difficult to remove, so that the scum who are behind this can keep you infected and keep making money from your page hits. But we can and will help you.

    When you join our forum, send me a private message so I can make sure you get helped for the Win 98 version of this problem.

    Dexter...
  32. Unregistered
    Unregistered Hello,

    I just wanted to say, I found your article via a google search, and I read your article on removing the Shitty Ass Search Assistant.. and it's ALL GONE! Thank you so much. Thank you!! Thank you!! Thank you!! If it wasn't for the article, I think I would have tracked down the makers of the bullshit and killed them physically... I hate them all! Those people need to die! Anyways...thanks again.

    Twisted -Owner Of:
    www.vindictivebastard.com
  33. Dexter
    Dexter
    Hello,

    I just wanted to say, I found your article via a google search, and I read your article on removing the ****ty Ass Search Assistant.. and it's ALL GONE! Thank you so much. Thank you!! Thank you!! Thank you!! If it wasn't for the article, I think I would have tracked down the makers of the bull**** and killed them physically... I hate them all! Those people need to die! Anyways...thanks again.

    Twisted -Owner Of:
    www.vindictivebastard.com

    Take a deep breath...exhale....deep breath...exhale....OK, feel better now...? :D

    Glad we could help you Guest. Trust me, many, many people feel the exact same way you do. If you ever need help again, you now know where to find it.

    And if you want to feel really good, do something good for mankind with your computer...click the link in my signature to find out about the Folding For A Cure project. :)

    Dexter...
  34. Unregistered
    Unregistered Just a short note of THANKS!
    Ran HJT, hit clean, hard boot, safe mode, deleted files, presto chango - all is okay. Just a short note that there were numerous dll files to purge (all of them 55k in size in both winnt and system32 directories) and two dll's mfcpg32.dll and ntzq32.dll both in system32 (29k I believe). Great stuff.
    Really appreciate it!
  35. Unregistered
    Unregistered I am trying to download the fix for the Backdoor-BDD virus and I am unable to download the about_:Buster program. It keeps saying the website is unavailable.

    How can I get this program another way?

  36. BlackHawk
  37. Unregistered
    Unregistered Hai,

    I was suffering from the Home search assistant for about 2 months. I just searched with the Google and hoked into your website. Without a confidence I went through your document and followed all the steps you have provided in removing the home search assistent. And after finishing all the steps I restarted the System and opened the Internet Explorer. To my surprise the HOME SEARCH DAMN was "VANISHED" Thanks a lot for providing a superb tutorial on removing the Home Search Assistant. I wil recoment your reference for all those who have got this Problem.
    All the best for you and provide contineus help like this...
  38. Unregistered
    Unregistered First wanted to thanks for putting this information on the website. I was able to remove the pest by disabling the "Workstation Netlogon Service", removing the entries from System Registry, running Hijack This and About Buster. Found few more characteristic that I would like to mention. My OS was Windows XP SP1 Home Edition.
    -- Files created by the malware are not just "exe"s or "dll"s but also "".log", ".dat", ".sys" etc. Files can be hidden. Additionally, one can locate these files by running MSDOS "find" command with the search string "onemoresearch"
    -- The malware can attach itself to a bogus service (as Workstation NetLogon) or can include itself in the profile startup as a LocalServer. You can check this using the msconfig.exe utility and clicking the "startup" tab. You have to be an administrator to do this.
    -- Combination of Adaware and HijackThis can identify most registry entries and files but not all.
    -- You can download and run "regmon.exe" to identify program/process that changes the registry entry.
    -- In Windows XP SP1, create another account for yourself with limited privileges (not an administrator provilege), so that any rogue program will not be able to modify the registry.
    Good luck!!!
  39. Unregistered
    Unregistered I am not able to get into the Services.msc screen. I receive a windows popup that sayd I need Internet Explorer 5.5 or greater. I have WinXP SP2 with IE 6.whatever. Any ideas as to what I can do becuase I can't do anything if I can't get into that screen
  40. Dexter
    Dexter
    I am not able to get into the Services.msc screen. I receive a windows popup that sayd I need Internet Explorer 5.5 or greater. I have WinXP SP2 with IE 6.whatever. Any ideas as to what I can do becuase I can't do anything if I can't get into that screen


    Guest,

    You are going to have to register as a user here (it's free) and post a Hijack This log in our SVT forum. Make sure to use HJT v1.99 as it will show the services in the scan.

    Send me a private message whem you post your log so I can review it.

    Dexter...
  41. Unregistered
    Unregistered [Post Edited by Leonardo]

    Mr. Unregistered,

    Your posts are deleted in this thread. We'd like to help you, but let's do things properly. Don't Place HJT logs here. Please register at Short-Media, here, become a full member (no charge, no spam, no hassle); then post your problem and HJT log here
  42. Unregistered
    Unregistered
    Actually, Guest, if you read our removal guide, you will see that HSRemove is discussed in the guide, complete with a download link, no Googling necessary.

    Post edited by moderator.
  43. Unregistered
    Unregistered //Edited by Leonardo// Please see my post about registering.
  44. Dexter
    Dexter
    type in hsremove in google then download and then run the dam installer and its ****ing gone!!!

    Actually, Guest, if you read our removal guide, you will see that HSRemove is discussed in the guide, complete with a download link, no Googling necessary.

    You would also find that HSRemove is not 100% effective on it's own every time. It is a good first step, but is not always the last step, and we have dozens upon dozens of forum posts here which back that statement up.

    Dexter...
  45. Unregistered
    Unregistered Hi guys.
    My problem is that i have search assistant installed on my computer and damn, ait can't be removed. My homepage always returns to 'about:blank'everytime i try to change it. Seems to me that the site is oz.msie.tv. Please help !

    Thanks,
    aryo
  46. Dexter
    Dexter
    Hi guys.
    My problem is that i have search assistant installed on my computer and damn, ait can't be removed. My homepage always returns to 'about:blank'everytime i try to change it. Seems to me that the site is oz.msie.tv. Please help !

    Thanks,
    aryo


    Guest,

    Please see the comments above about getting help. The only way we can help you is if you register as a member here, then post an HJT log in our Security SVT forum. Otherwise we cannot help you.

    Dexter...
  47. Unregistered
    Unregistered yet I did not remove home search from add/remove program. help me how to remove it. I used all spywares
  48. Unregistered
    Unregistered Strange. I can't seem to comment when logged in.

    Anyway, I have a question in regards to your guide, which seems excellent for the most part. I'm just unlcear on what exactly I use the printed copy of the first HJT log for. Am I supposed to clear out anything that appeared on the second HJT log and not the first? or compare it in some way?

    If I could get that one point cleared up, I think I could get this bastard fixed. Let me know, thanks
    DarkTlaloc
  49. kORy
    kORy ur removal guide isnt working. HSA must have created a new and improved version so we cannot delete everything. i hav tried next to everything. spybot, ad-aware se personal, hsremoval, even your own guide to remove the damn thing. but nothing is working on my computer. would service pack 2 have any to do with it "not" working? please reply to help me get rid of HSA once and for all!!!
  50. Unregistered
    Unregistered I go about half way through this tedious process and said screw it I refomatted and reinstalled. Damn that was easy compared to this. Good luck if you are going to try.
  51. Unregistered
    Unregistered One more thing if I would have followed it and not got it right it would be like a double wammy.
  52. Unregistered
    Unregistered where is the guide i can't see it where cab i downdload it?
  53. profdlp
    profdlp
    where is the guide i can't see it where cab i downdload it?
    Click on the word "here" in the very first post on page one of this thread. :)
  54. rbich
    rbich I'm trying to remove HSA but the link http://www.atribune.org/downloads/AboutBuster.zip gives an error page I've gone to the site but I can't find it there their. Could you please tell me where I can download this file.
  55. profdlp
    profdlp
    rbich wrote:
    ...Could you please tell me where I can download this file.
    Try this link. :)
  56. Kwitko
    Kwitko A reminder, DO NOT POST LOGS IN HERE!! They go in the SVT forum. Thanks.
  57. Unregistered
    Unregistered Happened to one of my computers, and it stole all internet functionality from that computer. Not even windows update could function. I followed the step by step instructions and now am adware/spyware free. Great work and a heartfelt thank you for making this free and available to everyone. Anyone that has been hijacked, remember to unplug the computer for a hard shutdown. I forgot that step the first time and it came back.
  58. Unregistered
    Unregistered IM going to kill the son of a bitch fucker who created home shopping assistent,search extender, and shopping wizard!!!
  59. Unregistered
    Unregistered This guide did the trick! It was the most comprehensive one I could find! Thanks!!!
  60. Unregistered
    Unregistered I have the same problem described with the home search assistant and not being able to get rid of it. I think it might be linked to a problem i have recently gotten with my AIM crashing as soon as i send/recieve an instant message. it works fine untill this happens. the AIM website said the two things might be linked. how do i get rid of home search assitant? i have run the newest versions of adaware, spybot, and norton to no avail.
  61. Dexter
    Dexter
    I have the same problem described with the home search assistant and not being able to get rid of it. I think it might be linked to a problem i have recently gotten with my AIM crashing as soon as i send/recieve an instant message. it works fine untill this happens. the AIM website said the two things might be linked. how do i get rid of home search assitant? i have run the newest versions of adaware, spybot, and norton to no avail.


    Page 1 of the Guide Article says....

    And if you do have trouble working through the guide on your own, help is only a click away! Register for our forums and post your Hijack This log in our Security - Spyware / Virus / Trojan forum. One of our experienced users will point you in the right direction to solve the problem.

    So click that link. At the top of every page you will see a link that says REGISTER. Register as a user, post a Hijack This log, then wait patiently. Someone will help you as soon as we are able.

    Dexter...
  62. Motobergie
    Motobergie "I got you, you #*&@%!" That's exactly what I said when I ran 'HiJackThis' for the last time, and it came up clean !!! The Removal Guide is invaluable. Just a couple items to note. Update 'AboutBuster' in step one because it can't be done in Safe mode. Also, the Network Security Service entry in the registry was not obvious. It was the first entry in HKLM\SYSTEM\CurrentControlSet\Services , but the key name was just a bunch of odd characters, so look carefully.

    Anyway, thanks millions for the Guide !!!
  63. Unregistered
    Unregistered it helped me a lot to kill that dirty hijack virus.. thanks very much..
  64. Unregistered
    Unregistered Hey! Thanks for the great post, I fallowed the directions to the "T" and it seems to have worked. I did, while in safe mode, before the final boot, run system mechanics register cleaner, pet patrol, and ad aware. The pest patrol showed one of the files that HJT had listed, so I used regedit to delete it from its location in the registry. Strangely the folder in the registry had a title with a bunch of nonsencical characters, I just deleted the whole folder (probably risky). Anyway, thanks again, you guys rock!
  65. profdlp
    profdlp
    ...Strangely the folder in the registry had a title with a bunch of nonsencical characters, I just deleted the whole folder (probably risky). Anyway, thanks again, you guys rock!
    That is probably so a registry search for keywords will come up dry. Looks like your instincts were quite correct.

    I'm glad your problem was solved - cheers to the Short-Media SVT Team! :cheers:
  66. Unregistered
    Unregistered Hey, this is a nice thread however people seems to leave out the original reason to it. Are there any successful ways to remove this thing that any of you can fill us in on. I know I had it once before, and one sure way is to format, but thats something nobody wants to do, or should have to.
  67. Unregistered
    Unregistered sorry try to register but can't I am have problems getting rid of this hsa spyware, can anyone help. i was readind many of the post what is this guide
  68. Dexter
    Dexter
    Hey, this is a nice thread however people seems to leave out the original reason to it. Are there any successful ways to remove this thing that any of you can fill us in on. I know I had it once before, and one sure way is to format, but thats something nobody wants to do, or should have to.


    Umm, yeah you could read the guide, and follow it, since it has helped thousands of people with their HSA problem successfully. If you end up formatting, you did not follow the guide correctly, or just have trouble identifying the bad files, in which case you can register here at Short-Media and post your Hijack This Log for assistance.

    Dexter...
  69. Dexter
    Dexter
    sorry try to register but can't I am have problems getting rid of this hsa spyware, can anyone help. i was readind many of the post what is this guide

    To read the Home Search Assistant Removal Guide, click HERE.

    If you need help, you have to regsiter, and post a Hijack This log. You can register by clicking HERE.

    Post your HJT log for help in our Spyware / Virus / Trojan forum HERE.

    Dexter...
  70. Unregistered
    Unregistered Tried your procedure and three others. After all seems well I reboot PC and everything is back again. Even Norton didn't have any answers for me.
  71. Dexter
    Dexter
    Tried your procedure and three others. After all seems well I reboot PC and everything is back again. Even Norton didn't have any answers for me.


    Please follow the instructions in this thread, join the forum, and post an HJT log for help.

    Dexter...
  72. Unregistered
    Unregistered Hi All,

    Do not follow the instructions of Dexter. I followed all the steps of the removal guide and this is the result... HSA is still their, all my printerdrivers are deleted, ad - Remove programs is missing in control panel, Word, excel, outlook do not work anymore... Dexter instead of helping, your advice is more corrupt than the spyware.... If you don't know about this, give no more advice, if you knew about the damage that your removal guide would involve, i wish you all bad luck in the world asshole
  73. Kwitko
    Kwitko First off, Dexter didn't write the removal guide. Second, yours is 1 of hundreds of removals that didn't go right. I think the problem lies with you and not with the removal guide.
  74. Unregistered
    Unregistered
    ps: Dexter, you talk about "thousands" of people who were helped by your removal guide... I found 3 people on this site, 2 of those are unregistred.....
  75. Geeky1
    Geeky1 Nah, this is just a case of a dumbass user (you) that is not only so stupid that they managed to get HSA in the first place (and believe me, that requires you to be a computer illiterate idiot. I'm sorry to all of you that got it and managed to remove it, but it's the truth. Nobody that knows how to use a computer should get it in the first place) but you manged to **** up following the instructions to uninstall it. Congratulations to the latest "unregistered" user. You're the front runner in my "idiot of the year" competition for 2005. :thumbsup:

    Oh, and yes, I'm aware that I'm an arrogant ass. When you're as good as I am (and most of the other regulars here are) you have a right to be arrogant every once in a while. :p
  76. profdlp
    profdlp Unregistered: If you aren't still busy screwing up your computer, why not take a look through the Spyware/Virus/Trojan Forums and check out the scores (if not hundreds) of people who Dexter has helped to successfully remove their spyware problems.

    He has spent countless hours helping people use the guide to fix their problems and deserves a lot of credit for it.

    So lay off. :cool:
  77. madmat
    madmat I just was looking through there and since that forum was started a little over a year ago there's been 146 PAGES of issues that I'm sure Dex has had a hand in helping a goodly percentage of.

    Dex and I might not always see eye to eye on stuff but I will say this, he's a hell of a guy for taking the time to help everyone he has and if you'd registered and actually posted in the forum instead of sniping from the sidelines I'm certain he'd have helped you fix the issues you had.

    You need to remember every single one of the people helping the poor fools that get inflicted with spyware are doing so out of the kindness of their hearts, they're not making a red cent offa helping anyone but they are making the 'net safer for you, me and everyone else.

    I personally don't suffer fools well so I don't help but I have major admiration for the guys that do help, my hat's off to all of 'em.
  78. primesuspect
    primesuspect Yeah, the stats say otherwise, mr afraid-to-register..... this guide has over 13,000 views alone. You'd think that if he was giving out bad information, a few more people than ONE (you, in case you missed it), would complain..

    It's called peer review.. Google it.
  79. primesuspect
    primesuspect Oh, and Dexter did indeed write the removal guide. mediaman edited and posted it.

    Dexter did a damned fine job at it too. Bottom line: it works.
  80. Unregistered
    Unregistered wayyyyy too much for my head @ 3 am.....maybe things will look better after some sleep....i am freaking out about this damn home search thing....i have enuff trouble with keeping my 16 yr old happy ;) one q....would this have come through aol aim? is what it has seemed to target with me....every time i uninstall and reinstall the aol aim, it keeps crashing when u go to send the im.....my daughter is very unhappy...was wondering if this had anything to do with the "new" aol 5.9 ???? had not noticed the home search/assistant etc b4 downloading the new aol.aim.....i am now back @ running the 4.8 version for her....which is very dark ages compared to the 5.9 but am not getting the illegal opts on it when sending an im like i was with the new version.......some1 pleaseeee helpppppppp meeeeeeee !!!!!!!!
  81. Unregistered
    Unregistered btw....Happy Valentine's Day to all !!
  82. Unregistered
    Unregistered Man.... whoever programmed this damned POS Home Search Assistant should be put in a Tiajuana, Mexico jail for life. I have two clients who i do computer tech work for and each office has about two infected computers EACH... :(


    I wish there was a great removal tool that i can just click and let it clean this evil software out of the systems!

    Thanks for the guide though, i'll be using it tomorrow on those hijacked systems.
  83. Dexter
    Dexter
    Hi All,

    Do not follow the instructions of Dexter. I followed all the steps of the removal guide and this is the result... HSA is still their, all my printerdrivers are deleted, ad - Remove programs is missing in control panel, Word, excel, outlook do not work anymore... Dexter instead of helping, your advice is more corrupt than the spyware.... If you don't know about this, give no more advice, if you knew about the damage that your removal guide would involve, i wish you all bad luck in the world *******

    ps: Dexter, you talk about "thousands" of people who were helped by your removal guide... I found 3 people on this site, 2 of those are unregistred.....


    Wow, I only just saw this post today, I missed it when it was first posted.

    Well Guest, I think you have seen the comments of my colleagues. This removal guide was written after hours and hours of hard work, testing and research by several members of the Short-Media staff. We tested fixes with users here, we combed the net for other information, and then I took all that information we collected and wrote the first step-by-step guide for removing the Home Search / CWS problem from people's computers. We did this on our own time, for absolutely free, to help out those who are not as computer knowledgeable as we are. We did not write this because we had problems ourselves: people like us do not usually get spyware problems...and if we do, we can remove them pretty easily. No, we do this for people like you. People who do not know how, or just don't bother to to protect themselves. We feel sorry for people who do not know how. We don't feel sorry for people who just don't bother. We help them nonetheless, but it's hard to feel sorry for people who know that bad things can happen to your computer if you surf the net stupidly, and don't take suitable measures to protect themselves.

    I'm guessing you fall into that second category. Why? Because the guide pretty clearly states that if you do not feel comfortable doing the removal yourself, or wanT any assistance, or have any problems, that you can register here at Short-Media (for free!) and get help from one of our volunteer staff (again, for free!) I'll be blunt: buddy, if you botched up the removal, I don't feel sorry for you. You could have asked for help, choose not too, made mistakes, and buggered up your system.

    So, you got yourself infected, you could not follow a simple guide that has helped thousands of others, you were too stubborn/foolish to ask for help, and you buggered up your computer. How is that my fault?? ;D

    As to your comment about how many people this guide has helped....as Primesuspect said, the guide as posted on the front page in article form has had over 13,000 views. The guide in it's forum post version (http://www.short-media.com/forum/showthread.php?t=14915) has had almost 117,000 page views. From that, we have only had 500 posts asking for assistance (and alot of those just found us by search engines straight to the forum, and so never even read the guide before posting). That means that of the nearly 120,000 views of the guide, 99.6 percent of those views did not result in someone needing further assistance. We have no way of knowing how many of those people actually had a problem themselves or were helping someone else, but the numbers are pretty impressive. We do not have 120,000 posts telling us our guide doesn't work.

    But seeing as how you said you could not find any other people we have helped, you have demonstrated again just how inept you are at doing things on the internet. Why don't you check our fourms, and do a search. Or just manually check the Feedback forum, where, gee, people leave feedback for us. Here are several people who were grateful for our removal guide, were able to follow it easily, and were able to solve the problem without any futher assistance , then took the time to post or e-mail us:

    http://www.short-media.com/forum/showthread.php?t=20665
    http://www.short-media.com/forum/showthread.php?t=28084
    http://www.short-media.com/forum/showthread.php?t=22870
    http://www.short-media.com/forum/showthread.php?t=20310
    http://www.short-media.com/forum/showthread.php?t=18653
    http://www.short-media.com/forum/showthread.php?t=18776
    http://www.short-media.com/forum/showthread.php?t=18869
    http://www.short-media.com/forum/showthread.php?t=18746
    http://www.short-media.com/forum/showthread.php?t=18697

    Do yourself some favours. Download and use Firefox. Use some anti-spyware protection, lots of free stuff available here:

    You can download those here - http://www.short-media.com/download.php?dc=69

    With some free explanations available here:

    http://www.short-media.com/forum/showthread.php?t=14915

    Learn some more about the threats out there, and how to fight them:

    http://www.short-media.com/review.php?r=132
    http://www.short-media.com/review.php?r=252&p=4
    http://www.short-media.com/forum/showthread.php?t=15488
    http://www.short-media.com/forum/showthread.php?t=12261
    http://www.short-media.com/forum/showthread.php?t=28346
    http://www.short-media.com/forum/showthread.php?t=19537
    http://www.short-media.com/forum/showthread.php?t=16748


    Now even though you were rude and left undeserved negative feedback, we will still help you. That's what we do here. If you need help, you have to regsiter, and post a Hijack This log. You can register by clicking HERE.

    Post your HJT log for help in our Spyware / Virus / Trojan forum HERE.

    Wait patiently for help...there are dozens of nice, polite people waiting in line ahead of you. :)

    Dexter...

    ///EDITED TO ADD: a couple more thoughts....

    - if you followed my instructions carefully, you can easily undo any problems you have caused. Hijack This creates backups of everything it removes, so as long as you installed it properly according to the instructions the guide, you can undo everything you did in HJT. And, if you followed my advice of quarantining suspect files instead of deleting them, then you can easily replace the files from the quarantine folder I advise users to make. So anything that has been done wrong can be undone easily...if you were smart enough to follow my instructions.

    - I have come to the assumption that you have to be a "troll." Any normal person with reasonable intelligence can follow the instructions in the guide, and will see that they could ask for help easily, and undo any mistakes made easily. So either you are really, really bad at following instructions, or you are a troll who posted those comments to try and piss us off. If that is indeed the case, I'm sorry I wasted any of my valuable time responding to you, but hopefully others may see my reply here and realize that if they do have problems, we are very willing to help, and that if they do make mistakes, if they have followed the guide properly, everything is correctable. :thumbsup:
  84. Unregistered
    Unregistered I have had that search assistant - my search on my system for many months and I can not get rid of it. Every time I click on to the internet the blue bar comes up in the bottom of the sreeen. I have tried to uninstall it through control panel but all I get is a blank screen that pops up. Please help me remove this ASAP, it's making my computer very slow.

    Thanks
  85. profdlp
    profdlp You need to register and post your log in a new thread in the Spyware/Virus/Trojan Discussion Forum. :)
  86. profdlp
    profdlp
    profdlp wrote:
    You need to register and post your log in a new thread in the Spyware/Virus/Trojan Discussion Forum. :)
    The Sequel. :rolleyes:
  87. Unregistered
    Unregistered I must be doing something wrong can you please explain how I register and post my log I thought I already did that above.

    thanks
  88. Kwitko
  89. Unregistered
    Unregistered This is the best, step-by-step guide, for removing all sorts of hijack crap. I look at several places, but most wanted you to buy their software. I have XOFTSpy and it could find the stuff, but could never remove it. Ad ware was the same. It's tough, and it took me about 2 hours to be thorough, but I am free!!! I used it to remove home search assisant, search extender, shopping wizard, 180 search assistant, cool web search and only the best. Man was I infected. I dealt with this stuff for about two weeks - what a pain. A big thanks to you all, and especially Dexter - whoever you are for this guide One extra thing, I saw alot of the web addresses in my "Trusted Zone" when I ran when I ran the Hijack this software. Since none of them look familiar I had Hijack this remove them. Thanks again

    Fred
  90. Unregistered
    Unregistered your advise has removed search assistant from my system iam on WIN98,
    THANKS from
    INDIA
  91. Unregistered
    Unregistered UM where do I find this removal guide?
  92. Kwitko
  93. hallie06
    hallie06 since this morning i realized that i've got home search assistant in my comp, along with shopping wizard and some other search program. i can't get rid of it. i have adaware v.6, and i dont know how old that version is. is there an effective way to get rid of this stupid hsa?

    thanks for your time :)
  94. profdlp
    profdlp Hi, hallie06, welcome to Short-Media. :)

    Follow the guide found here. You may also want to post a HijackThis log in a new thread in our Spyware/Virus/Trojan Discussion forum along with a description of your problem.

    Our crack SVT Team will be happy to help you out. :thumbsup:
  95. Unregistered
    Unregistered Applause! great work. "Normal" (hehehe) blue collar people like me need friends like you and well appreciate it. Thanks again.
  96. ronbo
    ronbo This is the first forum I've ever seen where an Unregistered Guest can post in the forum. Whats with that?? I thought that was the main reason to register in the first place.. :confused: :confused:
  97. profdlp
    profdlp Guests are permitted to comment on articles which appear on the S-M Front Page. :)

    Unregistered "blue collar" Guest: Glad you found the article helpful. :thumbsup:
  98. ronbo
    ronbo Thanks profdlp, for getting me straight on that. The article was very interesting reading for sure. That search assistant sounds like a nasty thing to have on ones computer.....
  99. Unregistered
    Unregistered Thank you ... thank you ... thank you ... and I hope that the bastard who wrote this nasty pernicious piece of evil burns (slowly and painfully and forever) in hell ... it took me three trys through the Guide, but I believe a wooden stake was finally driven into its vicious heart.

    Thank you.
  100. Unregistered
    Unregistered Hi, I successfully removed Home Search Assistant with this guide. Thanks

Howdy, Stranger!

You found the friendliest gaming & tech geeks around. Say hello!