Re: system restore

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Yossarian (Yossarian_at_discussions.microsoft.com)
Date: 07/27/04 

Date: Tue, 27 Jul 2004 16:15:02 -0700

thanks for the help. CWshredder didn't find anything. I ran hijack and it found a long list, most of which said was normal/helpful but potentially harmful (ok?). But there were 2 kinds of entries which seemed to apply:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
Detailed information on item R0:
A Registry value that has been changed from the default, resulting in a changed IE Search Page, Start Page, Search Bar Page or Search Assistant.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
Detailed information on item R1:
A Registry value that has been created and is not present in a default Windows install nor needed, possibly resulting in a changed IE Search Page, Start Page, Search Bar Page or Search Assistant.

However, a few of these say something about google, and one simply seemed to establish my home page. Are these safe to "fix checked"?

"Malke" wrote:

> Yossarian wrote:
>
> > I have a problem with my google. When i enter a search, it redirects
> > me to a fake search list (" finding '....' is just a click away at
> > 2020search.com"). I can press refresh and it will come up with the
> > correct results, but it's really annoying. Spybot won't get rid of it,
> > either. Is it likely that system restore will? Also, i started
> > noticing this about 2 months ago, so is it safe to do system restore
> > from that point? Thanks
>
> You have been hijacked, probably by one of the many CoolWebSearch
> variants. Spybot S&D (version 1.3 is the latest) is not enough to get
> rid of it. Sometimes it takes a great deal of skill and persistence.
> Here are some generic instructions and links to help you:
>
> Remove spyware with Spybot Search & Destroy from
> www.safer-networking.org and Ad-aware from www.lavasoftusa.com. Be sure
> to update these programs before running them. These programs are free,
> so run them both since they complement each other. It is best to run
> antivirus and spyware removal tools in Safe Mode. You may also want to
> run CWShredder and HijackThis from http://aumha.org/freeware.htm.
> Although CWShredder is no longer being updated, it will still clean
> older variants of the CoolWebSearch malware. Please read the
> instructions carefully. Also, make sure you've visited Windows Update
> and applied all security patches. Do not install driver updates from
> Windows Update. Make sure you are running a firewall and have a current
> antivirus installed using updated definitions.
>
> http://forum.aumha.org/ - look under "Security" for various forums
> http://www.pchell.com/
> http://www.netrn.net/spywareblog/
> http://www.spywareguide.com/index.php
> http://www.mvps.org/winhelp2002/unwanted.htm
> http://scumware.com/
> http://www.aumha.org/a/parasite.htm The Parasite Fight
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
>

Quantcast