1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[SOLVED] searchv removal

Discussion in 'Virus & Other Malware Removal' started by jsim467, Oct 18, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. jsim467

    jsim467 Thread Starter

    Joined:
    Oct 18, 2003
    Messages:
    12
    Here is my logfile, I dont know which items to delete.

    Logfile of HijackThis v1.97.3
    Scan saved at 3:08:40 PM, on 10/18/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Logitech\iTouch\kbdtray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\SYSTEM32\msrexe.exe
    C:\WINDOWS\System32\lexpps.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Documents and Settings\John Simons\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchv.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
    O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://lms.crystaldecisions.com/docent/cds/ePortfolio/ActiveX Control/awswaxf.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,71/mcinsctl.cab
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,187
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchv.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
    O1 - Hosts: 209.66.114.130 sitefinder.verisign.com


    then because searchV always has a installer and I can't see it in your log

    do this:
    Go to Start > Run > type regedit then press OK
    Navigate to :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Right click on that key and select export.(that makes a copy of the key) Save it somewhere you will find it, open that file in notepad and copy & paste the results here.
     
  3. jsim467

    jsim467 Thread Starter

    Joined:
    Oct 18, 2003
    Messages:
    12
    OK here its.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"="BCMSMMSG.exe"
    "zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
    "EM_EXEC"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
    "diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
    "DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
    "MoneyStartUp10.0"="\"C:\\Program Files\\Microsoft Money\\System\\Activation.exe\""
    "MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
    "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
    "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
    "VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
    "DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
    "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
    "Dell AIO Printer A940"="\"C:\\Program Files\\Dell AIO Printer A940\\dlbabmgr.exe\""
    "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
    "sr1exe"="\"C:\\Documents and Settings\\All Users\\Application Data\\Dell\\Alert\\252\\updtSup3.exe\" "
    "System Service"="C:\\WINDOWS\\SYSTEM32\\msrexe.exe"
    "sys"="regedit /s C:\\WINDOWS\\sys.reg"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,187
    First Name:
    Derek
    Go to Start > Run > type regedit then press OK
    Navigate to :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    click on that key and select the sys.reg entry in the right hand pane, click on it and delete it

    also click on the System Service"="C:\\WINDOWS\\SYSTEM32\\msrexe.exe" key and delete that one it's a virus

    then reboot & using windows explorer

    navigate to & delete
    C:\WINDOWS\SYSTEM32\msrexe.exe
    C:\WINDOWS\sys.reg

    the sys.reg key is reinstalling searchV and the msrexe is a nasty virus so also

    Run an online antivirus check from at least one of the following sites
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    post a new log afterwards
     
  5. jsim467

    jsim467 Thread Starter

    Joined:
    Oct 18, 2003
    Messages:
    12
    Derek,

    That seems to have resolved my searchv problem,
    Thank you very much!

    John
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/172904

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice