1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

How to cure SearchV problems

Discussion in 'Virus & Other Malware Removal' started by dvk01, Oct 16, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. dvk01

    dvk01 Moderator Malware Specialist Thread Starter

    Joined:
    Dec 14, 2002
    Messages:
    56,163
    First Name:
    Derek
    Unfortunately CWshredder and other automated tools are not cleaning the latest versions of CWS at this time so they have to be removed manually

    go to http://www.spywareinfo.com/~merijn/files/hijackthis.zip , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    Tick any R1 or R0 entry that contains searchV, like these few examples,
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/w/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/w/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/w/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/

    then there will be at least 2 of these and probably all 3 of these entries
    O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents
    and Settings\***************\Application Data\winshow\winshow.dll
    O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.reg
    O4 - Global Startup: MSupdater.exe
    doublecheck to make sure you haven't missed any, close all browser windows & press fix checked
    then
    reboot & delete
    C:\Documents and Settings\*****************\Application Data\winshow folder
    C:\WINDOWS\sys.reg
    then do a search for & delete MSupdater.exe

    if you need further help please post a full hijackthis log so we can help you
     
  2. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Thanks Derek, this is helpful.

    (y)
     
  3. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    ****Merijn wrote:
    I've seen reports now that SVCservice is connected to CWS in some way. It
    appears together with SearchV and ApprovedLinks. I'm adding support for
    removing it into CWShredder.

    By the way, until it's done, beware that the svcservice.exe file is also ran
    from this entry, only visible in StartupList:

    Checking Windows NT UserInit:
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon]
    UserInit=C:\WINNT\System32\userinit.exe,C:\WINNT\System32\svcinit.exe****

    As you see, this is only seen if you ask for a "startuplist" in HJT.
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Thanx guys(y)
     
  5. dvk01

    dvk01 Moderator Malware Specialist Thread Starter

    Joined:
    Dec 14, 2002
    Messages:
    56,163
    First Name:
    Derek
    Another new CWS entry hits the charts
    C:\DOCUMENTS & sETTINGS \xxxxxxx\LOCAL SETTINGS\Temp\sqlogco.dll

    This one installs & reinstalls SearchV and cool-homepage.com

    I assume, that knowing CWS trickery it will be a different xxxxxx.dll every time, so we need to keep an eye out for the C:\DOCUMENTS & sETTINGS \xxxxxxx\LOCAL SETTINGS\Temp entries
     
  6. Mariposa79

    Mariposa79

    Joined:
    Oct 17, 2003
    Messages:
    2
    I followed your instructions and I think I solved the issue. Thank you!!!

    Can you tell me what I can do to avoid this from happening again?
     
  7. dvk01

    dvk01 Moderator Malware Specialist Thread Starter

    Joined:
    Dec 14, 2002
    Messages:
    56,163
    First Name:
    Derek
  8. dvk01

    dvk01 Moderator Malware Specialist Thread Starter

    Joined:
    Dec 14, 2002
    Messages:
    56,163
    First Name:
    Derek
  9. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    PLEASE DO NOT POST YOUR HIJACK THIS LOG TO THIS THREAD!

    START YOUR OWN THREAD PLEASE!
     
  10. dvk01

    dvk01 Moderator Malware Specialist Thread Starter

    Joined:
    Dec 14, 2002
    Messages:
    56,163
    First Name:
    Derek
  11. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    That would be a HUGE help!! Let's keep our fingers crossed.
    Thanks for the update Derek. (y)
     
  12. dvk01

    dvk01 Moderator Malware Specialist Thread Starter

    Joined:
    Dec 14, 2002
    Messages:
    56,163
    First Name:
    Derek
    CW shredder now cures all known forms of searchV CWS hijack
     
  13. Ryydeman

    Ryydeman

    Joined:
    Dec 8, 2003
    Messages:
    1
    Hello and greetings from Finland!

    Thanks VERY MUCH for your help. I had big problems with these search pages that made my net-connection also very slow.

    Within 5 minutes all problems were solved.

    Thanks and keep up good work!
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - cure SearchV problems
  1. kiwilion
    Replies:
    0
    Views:
    558
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/172387

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice