IE default search has been changed

GargGarg Purveyor of Lincoln Nightmares Icrontian
edited April 2004 in Spyware & Virus Removal
This has been driving me nuts. I made it to some misspelled webpage once that popped up a bagillion windows and ejected my cd-roms, and somehow reset the default search page (that one that comes up when you type in the wrong address, or sometimes the right one, just despite you) from the MSN default to a Lycos search.

The MSN search is already worthless, but the Lycos one is slow and comes up way more frequently, even when I'm typing addresses correctly. How can I change it back (or remove the feature entirely)? I've ran Ad-aware, so hopefully any lingering traces of that evil page have been removed.

No, I'm not changing to a different browser. The Ricki Lake of the browser world is fine with me.

Comments

  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited April 2004
    Run HijackThis! and post the log here.

    Read prime's Spyware article for info the The Cocktail. :beer:
  • miinkiemiinkie UK
    edited April 2004
    Gargoyle you obviously have cr@pware hijacking your browser. Check out prime's spyware thread here .

    It also would help if you posted the full hijack this log and someone here will be able to offer help.
  • GargGarg Purveyor of Lincoln Nightmares Icrontian
    edited April 2004
    Thanks guys!
    teh log:

    Logfile of HijackThis v1.97.7
    Scan saved at 6:32:17 AM, on 4/8/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\sstray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    C:\Program Files\Bluetooth Software\BTTray.exe
    C:\Program Files\CoolMon\CoolMon.exe
    C:\Folding\FAH4.00-Console-Pre1.exe
    C:\Hideit 2\HideIt.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
    C:\WINDOWS\System32\WISPTIS.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Folding\FahCore_78.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Gargoyle\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://short-media.com/forum/
    R3 - Default URLSearchHook is missing
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
    O4 - Startup: Shortcut to FAH4.00-Console-Pre1.lnk = C:\Folding\FAH4.00-Console-Pre1.exe
    O4 - Startup: Shortcut to HideIt.lnk = C:\Hideit 2\HideIt.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: @btrez.dll,-4015 (HKLM)
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38018.9313657407
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
  • mmonninmmonnin Centreville, VA
    edited April 2004
    Looks suspicious:
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab

    Dont know what these are:
    O4 - Global Startup: BTTray.lnk = ?
    O9 - Extra button: @btrez.dll,-4015 (HKLM)
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)


    Just get rid of this one too:
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited April 2004
    The btrez.dll isn't bad. It's related to BlueTooth, but I don't think it's vital.
    Remove CSIE.dll, it's from ClearSearch, known spyware.

    This one is a waste of resources:
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    Make sure to rerun the malware cocktail to make sure you caught everything.
  • CBCB Ƹ̵̡Ӝ̵̨̄Ʒ Der Millionendorf- Icrontian
    edited April 2004
    You can also turn off the 'automaticaly search from the address bar' option in internet options. I always do, I hate that feature.
This discussion has been closed.