1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I'm new here and have a tip removing Searchv.com

Discussion in 'Tech Tips and Reviews' started by charmeyn, Oct 9, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. charmeyn

    charmeyn Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    0
    Hi,

    I am new to this forum and have found it quite helpful.
    I was getting this stupid Searchv.com start page in my IE browser, and for the life of me I couldn't get rid of it last night.
    I had this stupid thing on my Browser before and got rid of it with no problem with Hijackthis but last night HJ kept finding it.
    Everytime I would use HJ to get rid of Searchv and I would re-start my system and open up my IE browser that darn Searchv page would show up again.
    I also use Ad-Aware, Spywareblaster, AVG antivirus, CWShredder,Xcleaner.
    What was wierd was that everytime I used HJ I would check my registry and it seemed fine, in other words the Searchv.com was not showing as my default start page, yet HJ kept finding it and my browser page kept opening up with it after every re-start of my system.
    But there was one entry in the HJ log file that I wasn't to sure about because it looked important and that was this:

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "sys"="regedit /s sys. reg

    So I did a search on Google for sys.reg and this is what I found:

    http://www.itsecurity.com/asktecs/aug3903.htm

    Quote from page if the link doesn't work:

    " SYS.REG is an exported registry file. *.REG is normally associated with REGEDIT, and so double clicking on one will cause REGEDIT to import the settings therein into your registry.
    SYS.REG is not a normal file, but something on your machine, or some site you've visited has dropped it on your machine, together with something that references it (perhaps a shortcut in the 'Startup' group) that forces it to be reloaded every time you boot Windows. If you can find that, then you can remove it (and the SYS.REG file if you wish).
    The sys.reg is not needed by ME; this is from a spyware software. Click on Start-->run and type msconfig and press enter. Go to startup tab and look for an entry relating to sys.reg and uncheck the box.
    First you must delete this line in the registry:
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "sys"="regedit /s sys.reg"

    Then you can definitely delete the file sys.reg.

    In this way windows will not search sys. reg file anymore and all will work well. "

    I followed the above instructions and vwallah, no more Searchv.com taking over my browser :)
    So if anyone has the same problem I had and see this sys.reg entry in your HIjackthis log file, it's safe to remove.
    I hope this little tip helps :)

    Charmeyn
     
  2. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    charmeyn
    Thanks for the tip!
    Just a note here...... Before removing the reg file from your registry and deleting it you can open it in Notepad by right click "open With" and see what the file is actually adding, modifying or deleting in the registry. This will give you some indication of source and symptom.

    Caution: If you double left click the reg file it will intiate and want to merge, (Make its changes) to your registry.

    Dave
     
  3. charmeyn

    charmeyn Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    0
    cool thanx for your tip too
     
  4. tomtu

    tomtu

    Joined:
    Oct 12, 2003
    Messages:
    0
    Hey charmeyn, this worked great. I was just about to reformat my HD to get rid of this pesky pest! You saved me allot of time,

    Many Thanks.
     
  5. charmeyn

    charmeyn Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    0
    I probably would have done the same thing, in fact I did once when my Outlook express kept freezing everytime I opened it, and Re-installing Windows didn't even fix it. I was using Win 98 at the time, I use Win XP now.
    But if it wasn't for this forum and some of the stuff I learned here just by reading some of the posts, I probably would have resorted to Re-formatting too.
    But I use Hijackthis a lot, as I do a lot of email because I get paid to read it and I never seen that reg.sys in the HJ logs before but I was hesitant about getting rid of it until I did a search on Google to find out just what it was and if it was or wasn't a Windows system file and I found that site I posted saying that it was not and was safe to remove it.
    However, I can't take sole credit for bringing this topic up regarding the reg.sys file because after I posted my post I found other posts here regarding that same file, but I thank you for your compliment and I am glad that I coul help as sometime topics get burried on message boads and you have to hunt them down

    Take Care
     
  6. sfsniners

    sfsniners

    Joined:
    Dec 15, 2003
    Messages:
    0
    Thanks a million for the tip; I also was about ready to reformat!
     
  7. magtec

    magtec

    Joined:
    Dec 18, 2003
    Messages:
    0
    for those experiencing problems removing sys.reg from startup: i have run into a variant of this annoyware that is tricky to remove. in my case, sys.reg was modifying ie's home page and search pages to t.rack.cc each time the computer was restarted. a browser helper object (BHO) by the name of msghlb.dll (name may be different on your system) was creating sys.reg and adding it to startup each time internet explorer was run. thus, removing sys.reg from startup and deleting it would not fix the problem as it was just recreated next time internet explorer was run. the BHO must be removed first, which can be done with a utility such as hijackthis (http://www.spywareinfo.com/~merijn/ or http://www.merijn.org/). i believe it also created and enabled a style sheet for internet explorer, so you'll also want to check the accessibility portion of internet options (under the general tab) and disable, then delete any style sheets.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/170668

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice