Options

Search Engines Hacked....help?!?!

Unknown
edited April 2007 in Spyware & Virus Removal
Hello, I'm new here. I read another thread that was closed on this same exact topic. I have a problem when I visit YouTube, Google, eBay, and some other sites. They redirect me to ads like "SpySheriff" and "redir.ws/5com". This is really annoying and I would like to get rid of it. Please guide me through this, I've been to www3.ca or whatever for the free virus scan and it deleted some things under Win32 but it hasn't fixed it.

Comments

  • peku006
    edited April 2007
    Hi Accio_Naveed I'm checking, so please be patient
  • peku006
    edited April 2007
    :) Hi Accio_Naveed

    Click here to download HJTsetup.exe and save it to your Desktop.
    * Double click on the HJTsetup.exe icon on your desktop.
    * By default it will install to C:\Program Files\Hijack This.
    * Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
    * Put a check by Create a desktop icon then click Next again.
    * Continue to follow the rest of the prompts from there.
    * At the final dialogue box click Finish and it will launch Hijack This.
    * Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    * Name the log "HJTLog" (or something similar:) ) and save it to your desktop.
    DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.;)
  • Accio_Naveed
    edited April 2007
    Now what?
  • peku006
    edited April 2007
    :)Hi Accio_Naveed



    Please read here

    http://www.short-media.com/forum/showthread.php?t=43902


    How to use HijackThis
  • Accio_Naveed
    edited April 2007
    Ok it took awhile but I did all of those steps. Here's my HJT report....[attached].
  • peku006
    edited April 2007
    :)Hi Accio_Naveed

    Open HijackThis
    - Click the Do a system scan only button
    - Check the following entries (below)

    O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\avifil32v.dll (file missing)
    O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll (file missing)
    O2 - BHO: ContextualAds Class - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - C:\Program Files\TrustIn Contextual\trustincontext.dll (file missing)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab

    Close ALL open windows
    Click Fix Checked
    Close HiajckThis

    Please delete these files using WindowsExplorer(ifpresent):
    C:\WINDOWS\system32\avifil32v.dll
    C:\WINDOWS\system32\mscoriezb.dll
    C:\WINDOWS\system32\trustincontext.dll

    Download smitRem.exe and save the file to your desktop.
    Double click on the file to extract it to it's own folder on the desktop.
    Now, please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list.
    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.
    The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.

    Post smitfiles.txt and fresh hjt-log to your next reply;)
Sign In or Register to comment.