Home Search Assistant and hsremoval tool

Unknown

I refer to the detailed posting about the removal of the Home Search Assistant malware (a thread now closed):

http://www.short-media.com/forum/showthread.php?p=172774&highlight=hsremove#post172774

Mention was made of the hsremoval tool (www.hsremove.com). I suspected that I had this pest and downloaded the tool. It was a disaster. Trouble came when the program was performing its operations in the memory. Multiple files (50-100?) in the OS (Windows XP) were corrupted as detected by Scandisk (chkdsk). The computer was running at about one tenth of its usual speed and all the system tools had disappeared from the start program tree, fatally system restore. I managed to locate its .exe file but all I got on clicking it was a blank window and a fatal exception. Running chkdsk/f in command prompt several times has restored most, but not all, of the corrupt files but system restore (and disk cleanup etc) have disappeared without trace. Otherwise my machine is running reasonably well, though I thought I was going to have to reinstall windows.

The download is clearly marked at being at your own risk but I thought it important to post this as a warning to others that they might regret using this tool - a lot. Avoid like the plague!

Any ideas about restoring system restore without doing a clean reinstall would be greatly welcomed.

Buckeye_Sam

I've never heard of the kind of problems you described just from running that tool. I suspect that you have more malware on your computer that may have contributed to those issues. I'd recommend posting a hijackthis log so someone can look it over for you.


For system restore, this info was found at Kelly's Korner.
http://www.kellys-korner-xp.com/xp_restore.htm


To troubleshoot System Restore issues, try one or more of the following steps:

- If you receive an error message that is related to System Restore, always make sure that you first record the error message
and follow the instructions that the error message contains to try to resolve the issue. Most System Restore issues generate
an error message that contains a description of the issue and suggestions for how to resolve the issue.
- Make sure that you have enough disk space on all of the drives on which System Restore is enabled.
- Make sure that the System Restore service is running by using one of the following methods:

- Check in Control Panel:

1. Click Start, click Control Panel, and then click "Performance and Maintenance".
2. Click Administrative Tools, click Computer Management, and then click Services and Applications.
3. Click Services, and then click System Restore Services.

- Open a command prompt window:

1. Click Start, click Run, and then type "CMD" (without the quotation marks).
2. Press the ENTER key, and then type "Net Start" (without the quotation marks) at the command prompt to make sure that
the System Restore service is up and running.

- Make sure that System Restore is enabled on the drives that you want System Restore enabled on.
- Try to run System Restore in Safe mode.
- If you suspect that you do not have as many restore points as you should have, make sure that the data store is the size that
you want the data store to be.

- Check the event logs to investigate System Restore service errors:

1. Click Start, click Control Panel, and then click "Performance and Maintenance".
2. Click Administrative Tools, click Computer Management, double-click Event Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or "srservice." Double-click each of these services, and then
evaluate the event description for any indication of the cause of the problem.

edrub43

Thank you, Buckeye_Sam, for taking the trouble to reply. I do not think I have significant spyware on my machine as I have taken some interest in this subject and scan daily with Spy Sweeper, Microsoft's scanner and Aluria's scanner. I also use Spy-Bot and Pest Patrol at regular intervals as well as Hijack This. However, it is some time since I have looked at this one and will repeat it. Virus scans are clear, again done daily.
I suspected that I might have Home Search Assistant because Pest Patrol found Bonzibuddy. It is prone to find false positives and I could not find any of the files, running processes, dll's etc associated with this pest. However, a registry search showed that

HKEY_CURRENT_USER/Software/Microsoft/Search Assistant/ACMru/5604

had data entries corresponding to spyware (bonzi, Webhancer, alexa, coolwebsearch etc). I have had another look an other data entries include "tippett symphony" which suggests that Search Assistant is something different from Home Search Assistant.

My machine is running normally now and I managed to run System Restore (by finding the correct .exe file) but the restores failed. As the restore was installed at boot up, the progress bar shot to 100 per cent in a second or two, suggesting there was virtually no data to restore.
I will look at your other suggestions - thanks.

Some time later:
I have done the trouble shooting on the System Restore and it successfully took me back to earlier today (I switched it off temporarily to get rid of the obviously corrupt previous check points). So I am back to normal except for having my 'system tools' on my start programs tree. My real saviour was the scandisk which restored all those corrupt files. An underrated tool, perhaps.
A Hijack This analysis did not reveal any nasties.

A point that has occured to me is that people who put programs of their own invention out for general use should at least monitor results ("at your own risk" not withstanding) and provide the means to feed information back to the programmer.
Thanks again for your help.

Buckeye_Sam

Glad to hear you got it sorted out.