Adware/Malware - Spybot S& D + Adaware won't fix!!
#1
![Unhappy](https://www.scoobynet.com/images/icons/icon9.gif)
I've got a system at work that's been infected somehow with some adware/malware, hijacking the homepage to "homesearch", give "get rid of pop ups" pops ups. And everytime a serach engine is used (such as google) another popup appears withanother search engine searching for the same item.
Adaware and Spybot, lastest versions, fully updated can't find anything![Frown](https://www.scoobynet.com/images/smilies/frown.gif)
Looks like I'll have to resort to sifting through the registry to find the culprits.
But to save me some time, does anyone have an idea of what particular infection is called and how to get rid of it?
Or anyone know of any good websites that can give me help to track down the malware installed and how to clean everything up?
Adaware and Spybot, lastest versions, fully updated can't find anything
![Frown](https://www.scoobynet.com/images/smilies/frown.gif)
Looks like I'll have to resort to sifting through the registry to find the culprits.
But to save me some time, does anyone have an idea of what particular infection is called and how to get rid of it?
Or anyone know of any good websites that can give me help to track down the malware installed and how to clean everything up?
#4
Scooby Regular
Join Date: Sep 2003
Location: Isle of Wight
Posts: 2,720
Likes: 0
Received 0 Likes
on
0 Posts
![Talking](https://www.scoobynet.com/images/icons/icon10.gif)
Ali, I've been having almost the same problems, but a different search engine I think. And neither SpyBot nor AdAware gathering them up ![Frown](https://www.scoobynet.com/images/smilies/frown.gif)
The really annoying thing is, I've found apps running in the process list (burnsignpeak seems to be one I remember) and when you hack their settings out of the registry the w@nking pile of ******* ****e puts it back again, so it needs to be 'End tasked' first.
I'm sure you're aware of where to look, but just in case, good places to look are;
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Search
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKLM\Software\Microsoft\Internet Explorer\Extensions
I am VERY seriously considering writing a script or an applet that constantly spams their pile of sh1te search engines with the phrase "If we wanted our computers infected with your ******* **** we would buy a cd with it on, now go, **** off and die", then putting a link to said script/applet on many BBS and get as many people as I can to click on it and leave it running. I don't know how long you'd have to cripple their search engines to put them out of business, but it's gotta be worth a go
![Frown](https://www.scoobynet.com/images/smilies/frown.gif)
The really annoying thing is, I've found apps running in the process list (burnsignpeak seems to be one I remember) and when you hack their settings out of the registry the w@nking pile of ******* ****e puts it back again, so it needs to be 'End tasked' first.
I'm sure you're aware of where to look, but just in case, good places to look are;
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Search
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKLM\Software\Microsoft\Internet Explorer\Extensions
I am VERY seriously considering writing a script or an applet that constantly spams their pile of sh1te search engines with the phrase "If we wanted our computers infected with your ******* **** we would buy a cd with it on, now go, **** off and die", then putting a link to said script/applet on many BBS and get as many people as I can to click on it and leave it running. I don't know how long you'd have to cripple their search engines to put them out of business, but it's gotta be worth a go
![Big Grin](https://www.scoobynet.com/images/smilies/biggrin.gif)
Trending Topics
#9
Scooby Regular
Join Date: Apr 2002
Location: The poliotical wing of Chip Sengravy.
Posts: 6,129
Likes: 0
Received 0 Likes
on
0 Posts
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
try:
http://www.webroot.com/wb/products/spysweeper/index.php
this picked stuff on mine that Adaware and S&D missed.
http://www.webroot.com/wb/products/spysweeper/index.php
this picked stuff on mine that Adaware and S&D missed.
#11
Scooby Regular
iTrader: (15)
Join Date: Jul 2001
Location: Portsmouth
Posts: 8,606
Likes: 0
Received 0 Likes
on
0 Posts
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
try a search on hijackthis
its freeware and then you can post a copy of your log onto:
www.wilderssecurity.com
go to the spyware forum and then the hijackthis log posting section.
be prepared for a days wait as the spyware gang are in usa (time zone differences).
Andy
its freeware and then you can post a copy of your log onto:
www.wilderssecurity.com
go to the spyware forum and then the hijackthis log posting section.
be prepared for a days wait as the spyware gang are in usa (time zone differences).
Andy
#14
![Default](https://www.scoobynet.com/images/icons/icon1.gif)
yeah wasted hours yesterday. Didnt get anywhere. I deleted the buggers went thru the reg, found the bastid website it came from & uninstalled the popups. go back into ie & theyre back. All settings are on high fvck-off bastid level... everything works ok i think it must have deleted something
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM
shorty87
Wheels And Tyres For Sale
0
29 September 2015 02:18 PM