Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

[Solved] 180 Search Assistant

4K views 26 replies 5 participants last post by  Flrman1 
#1 ·
I am running Windows ME and have the above virus. I have downloaded both Spybot S&D and Noadware. I have had Norton with live updates for the whole time I have had this machine.
I have read some of the suggestions on this website and wonder if I need a new virus fighting download to get rid of the 180 search assistant. I also downloaded Hijack this but it doesn't work with ME, I guess.
I visited a website called "Non-Toxic-Internet.com" and after reading that decided to delete msbb.exe.temp and 180 solutions and msbb. It didn't help at all. I have never clicked on the message that the virus sends except to close it with the x in the right top corner. Can someone help me get rid of this annoying virus? Thank you.
 
#2 ·
Hi carolavis

Welcome to TSG! :)

Please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download and save the file to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the program.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

The log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.
 
#3 ·
Hi and Welcome to TSG Forums,

180 search assistant is a search engine tool similiar to Google, but likes to prodcue a lot of spy-ware to. Try going to your "Add or Remove Programs" in your "Control Panel". Try deleting it from there, and if you can't delete it from there go to safe mode and delete it from there. This a link onhow to get too Safe mode:

http://dotcomsecurity.org/forums/index.php?showtopic=55

Try downloading Ad-Aware SE too, it is similiar to Spybot Search & Destroy. This program can delete a lot of nasties off your computer too. You can find Ad-Aware SE here. Then, check out this tutorial after you have downloded the program to get the most out of your Ad-Aware SE.

Raistlin
 
#4 ·
if there is a 180 search assistant thing in your start menu, you can click 'uninstall' empty your interent temp files.

if that dosnt work check here :http://forum.japantoday.com/180_search_assistant_Alert/m_146034/tm.htm

or

1. First, the "automated" uninstall, via "Add or Remove Programs", which did not work for me, and
2. Second, the manual, more complicated, uninstall, which did work for me.

I suggest trying the "automated" uninstall first, and then, if it fails, try the manual uninstall which should never fail. I appreciate any feedback on success and/or failures with removing this spyware.

"Automated" Uninstall 180 Search Assistant

* These (automated) uninstall instructions are from http://www.180searchassistant.com/uninstall.html, in case they ever change and become different from shown here. Manual uninstall instructions are after these automated uninstall instructions, in the probable case that the automated uninstall does not work.
* "Start"
* "Settings"
* "Control Panel"
* "Add or Remove Programs"
* Make sure you are connected to the Internet. (This is truly disgusting software.)
* Click "Uninstall 180search Assistant" (Yes, it does show up in "Add or Remove Programs", it is called "Uninstall 180search Assistant", not "180 Search Assistant" or "180search Assistant". By the way, always check "Add or Remove Programs" to remove annoying spyware, such as this, before using Ad-Aware or similar anti-spyware software to clean your system, as it will do a better and more thorough job.)
* A web page pops up and reads,

"We are sorry that you are thinking about uninstalling 180search Assistant. In case you did not realize it, 180search Assistant is permission-based search assistant application that sponsors free software and content sites. If you have 180search Assistant installed, then you have either downloaded free software we sponsored or visited a website sponsored by 180search Assistant. Removing 180search Assistant might remove or disable software applications you like and use everyday."

* Do not pay attention to any of that ridiculous nonsense. What 180search Assistant does, is not assist you in any way what-so-ever. Instead, it pops up very annoying ads. Popup blockers like Google's toolbar, will not block these popups as they are spawned from a program on your computer, not from a webpage you are visiting. The program is so secretive, that many people who have it installed do not realize it and think the popups are coming from the websites they are visiting! Imagine if this were your website and your business. Good riddance!
* Click "CONTINUE UNINSTALL"
* The web page now reads,

"180search Assistant does NOT show pop-up ads - it only shows you websites we match up to targeted keywords that you type into shopping sites or search engines. Uninstalling 180search Assistant will NOT prevent you from getting pop-up ads. Uninstalling 180search Assistant will prevent you from seeing products and offers that you might miss out on the next time you are searching or shopping online."

* More non-sense and outright lies. The reality is, 180search Assistant DOES show very annoying pop-up ads. In fact, it is so geared to show popup ads, its uninstall feature is a popup ad itself. The uninstall feature itself is annoying. Can this software get any more annoying to the user it is supposedly helping? Unfortunately, yes...
* Click "CONTINUE UNINSTALL" for the second time.
* The web page now reads,

"You have requested to uninstall 180search Assistant. Sorry you did not find 180search Assistant worth your while. Note: You must select 'yes' at the prompt to complete the uninstall."

* Click "CONTINUE UNINSTALL" for the third time.
* The web page now reads,

"You have successfully uninstalled 180search Assistant. Sorry you did not find it worth your while. Please come again."

* Done? Perhaps, but probably not. As far as I know, this uninstall does not work.
* "Add or Remove Programs" will probably freeze up. (If it didn't, then great! Maybe you are done! But, continue reading just in case you have to perform the much more complicated manual uninstall below.) The freezing is because msbb.exe, the 180 Search Assistant spyware program itself, is frozen, not Microsoft's Add or Remove Programs program. (How quickly we blame Microsoft for everything.) msbb.exe is the spyware and the uninstall program, all in one.
* Close down the msbb.exe program, if it is or is not frozen, just to be sure it is shut off. I do not believe the uninstall closes the program down either way, but closing it down makes certain it is gone:
* "CTRL-ALT-DEL"
* "Processes" tab
* Click "msbb.exe"
* Click "End Process"
* Check "Add or Remove Programs" to make sure the program is actually uninstalled. (For me, it is still there.)
* Check "Windows Task Manager" to make sure msbb.exe is no longer running. (It will be there again, if you invoke it again, such as running the uninstall under "Add or Remove Programs". If it is still there, close it down as previously explained.)
* Done? You are done if the process is gone and the listing under "Add or Remove Programs" is gone. If not, continue on...

Manually uninstall 180 Search Assistant

* Be sure to try the normal uninstall method (above) before doing this.
* Find 180 Search Assistant using Windows' Search:
* "Start"
* "Search"
* "For Files or Folders..."
* "All files and folders"
* Enter "msbb" in "All or part of the file name:"
* Click "Search"
* Wait for full results.
* You will see the install files in "C:\Program Files\180Solutions" and prefetch files in "C:\WINDOWS\Prefetch". Delete them all. You may delete them directly out of the "Search Results" window you are looking at.
* Visit "C:\Program Files" on your computer
* Delete "180Solutions"
* Visit "C:\Windows\System32"
* Check out all the "mdbb..." files. If you have more than the few that are mentioned here below, and they all have the same date/time stamp, then please contact me and let me know of the newer files... then delete them too!
* Delete "msbb.log" (or you may view it in NotePad to view what they are logging from you)
* Delete "msbb_kyf.dat"
* Delete "msbbau.dat"
* Now to delete it out of your (hidden) startup menu (not your un-hidden startup menu):
* "Start"
* "Run..."
* Type "msconfig" and press Enter (This brings up the "System Configuration Utility" which shows all the startup programs. For your information, "Start", "Programs", "Startup" does not show a full list.)
* "Startup" tab
* See "msbb" in the startup? Ok, this was just to show you that it does exist there. This is not how you delete it. You can disable it from here, but let's just delete it completely instead. Close down "System Configuration Utility", here's how to remove it:
* "Start"
* "Run..."
* Type "regedit" and press Enter
* Go to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
* Delete "msbb" entry (This removes 180 Search Assistant from the "System Configuration Utility" startup menu. Go see that it is gone.)
* Go to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
* Delete "msbb" directory (This removes the annoying and false "Uninstall 180search Assistant" entry in "Add or Remove Programs" now that we have already manually deleted the program's files and directories. Go see that it is gone.)
* Go to "HKEY_CURRENT_USER\Software"
* Delete "180solutions" directory
* Delete "msbb" directory
* Go to "HKEY_LOCAL_MACHINE\SOFTWARE"
* Delete "180solutions" directory
* Delete "msbb" directory
* Please, if anyone knows of any other registry entries or anything else this annoying spyware program leaves on your sytesm, do not hesitate to contact me and let me know so that I can append this information to this uninstall tutorial.
* Check out http://www.pestpatrol.com/pestinfo/n/ncase.asp for additional uninstall instructions that list even more processes, registry entries, directories and files to delete. There are so many different configurations of 180 Search Assistant that it is very hard to list them all. My uninstall instructions worked for my particular configuration, but yours may be different. So please check out that link. Whenever I get the time, I will append the knowledge from that article into this one.
* Done! At last!

An optional last step would be to search your registry for additional entries that are not listed here. Before you do this, please read the section of this article that explains certain registry entries that I have discovered that seem to be, but are not, related to 180 Search Assistant.

You may go ahead and search and delete, at your own risk, any more registry entries you find. What text should you search? Try some of the name variations of the program listed near the top of this article. Please contact me if you find additional entries.

but still post your HJT log in case
 
#6 ·
Sorry, I didn't mean to sound rude, but I want to see the Hijack This log before you run Adaware or Spybot.

If you do have 180 Search Assistant try uninstalling it first, restart your computer and then post the Hijack This log. After we see the Hijack This log we can decide what else needs to be done.
 
#7 ·
Hehehe.... I know where you are getting at flrman1. :) I just try to avoid HiJack this, since I can't read them yet. :( Though, I know i probably should say put your HiJack this log up first. I have waited a week and a half or so over at SWI Boot Camp and they have yet to answer my practice log there. I want to cry. ;)
Raistlin
 
#11 ·
Someone will reply back to you shortly about your HiJack this log, and we will get this nasty bug out of your computer.

Here is the HiJack this log, for it can be easily seen. :)

Logfile of HijackThis v1.98.2
Scan saved at 3:17:14 PM, on 9/5/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.jeffnet.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = JEFFNET
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [lid] C:\WINDOWS\lid.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.jeffnet.org
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/lsblvr4.cab

Raistlin
 
#18 ·
For one thing you need to get rid of NoAdware, It is a ogus anti-spyware program.

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [lid] C:\WINDOWS\lid.exe

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.ne...cab/lsblvr4.cab


Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Apply then OK. Click Yes to confirm.

Now find and delete the C:\WINDOWS\lid.exe file.

Empty the Recycle Bin.

Go here and do an online virus scan.

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.
 
#22 ·
When I clicked on "here" in your message it went to a window where I clicked on "free scan" and then it asked where I was (U.S.) and I clicked on auto clean but then the download message came on. It wouldn't work when I clicked on 'Scan". Anyway, I downloaded it and ran it but they didn't find anything. I guess I have a free trial. Thanks for the help. Carolavis
 
#26 ·
Booted up the computer and found that I had new hardware! An Intel Ultra ATA Storage Controller. How did this happen? Also, since following all of your excellent advice on getting rid of 180 Search Assistant I have been getting many ads in my email. Is this a coincidence or did I change the way email works? I haven't seen the Search Assistant since I followed your advice though. Thank you.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top