Re: Excessive Internet Traffic for IE6 search

From: Jim Byrd (jrbyrd_at_spamlessadelphia.net)
Date: 02/28/05 

Date: Sun, 27 Feb 2005 21:33:39 -0800

Hi rbsques - Start here. Please post back with your results or if you need
additional assistance.

Courtesy of Ron Kinner MVP:

"There is a German program called Spoonweg.exe which might
help.

 http://lunatic-skydance.de/mr/soft/SpoonWeg.exe

It will start to download. Save it somewhere you can find
it again then Open it and say YES then Click on Trojaner-
Suchen. If it finds the version of about:blank that it is
meant to kill it will go and do it then reboot the PC.
Otherwise it will say Trojaner Spooner wird nicht gefunden.

Another German program is SpHjFix.exe.

http://www.trojaner-info.de/cgi-bin/download.cgi?
file=sphjfix

This one speaks English so just Press on Start Disinfection
If it doesn't find its target it will say Not Infected
across the top of the little window. Otherwise follow the
instructions.

Both of these probably run better in Safe Mode (F8 -
without Networking)

Finally if both of the above fail then try one of the
methods in:

http://www.pchell.com/support/aboutblank.shtml "

I can also recommend the procedures at www.pchell.com .

In addition, for your specific Home Search Assistant parasite, try the
following (extracted from one of my "standard" posts about this family of
parasites):

"If your hijacker is Home Search Assistant or one of these:

- Only The Best
- Home Search Extender
- Shopping Wizard
- res://****.dll/index.html#***** (or simply res .dll)

first see here:
http://www.short-media.com/forum/showthread.php?p=172774#post172774, and
here: http://www.pchell.com/support/onlythebest.shtml. Then you can try AT
YOUR OWN RISK, HSRemove, free, here: http://www.hsremove.com/. "A few
days ago I got hijacked - Nothing new in that, except this time it was a
real [censored] to get rid of. - There were simply no tools available to
remove this "Home Search" thing. Finally I ended up creating my own tool for
it. USE IT AT YOUR OWN RISK. And if you find it helpful, then please do not
hesitate to make a contribution."

Or, you can try AboutBuster, here, which is also designed to remove Home
Search Assistant: http://www.malwarebytes.biz/" 

-- 
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In news:75B81213-AC33-4389-B040-F3E6AB799E4B@microsoft.com,
rbsques <rbsques@discussions.microsoft.com> typed:
> Hi Ken -
>
> This modification had no effect, in fact there are now 11 messages
> that are sent...
>
> I deleted your suggested mod and it is still sending 11 messages.  I
> run both Ad Aware and Spybot at regular intervals to clean out the
> junk!  I did notice that all of this "extra" picked up after I
> installed MS Security Update KB887742.  A short time after that, the
> Search Companion went south for the better part of 2 days while MS
> was screwing with something - probably their new search engine.
> Anyway I think it's all tied together and it may be time to clean out
> all of the IE affilited files, links, etc. to see if that helps.  In
> the meantime I'll run both Spybot and Ad Aware first.  any other
> suggestions are welcome!  Thank you!
>
>
>
> "ken" wrote:
>
>> switch.atdmt.com
>> seems to be a 1 by 1 gif. maybe a tracker.
>>
>> Unwanted Windows XP connections to sa.windows.com
>>
>> This is probably an old piece of information, but it was
>> fairly new to me. I've found that my computer was
>> periodically connecting to (and attempting to connect to) a
>> site called sa.windows.com. After many Google Groups
>> searches it appears that the Windows "Search Assistant" is
>> constantly updating itself through a web service located at
>> that machine. Thankfully it's easy to turn off. Go to the
>> registry key
>>
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Cabine
t
>> State" and add a String key named "Use Search Asst" with
>> the value "no". Do it for all the users on your system that
>> login.
>>
>> This is one of the things that piss me off about web
>> services - they're a total bitch to block with a firewall
>> since they all use port 80 and most of them use the system
>> URL fetching utilities.
>>
>> and scan for bugs too.  spybot safer-networking.org
>> ad-aware se 1.05  lavasoft.de  both free.
>>
>>> -----Original Message-----
>>> Does anyone know why 9 separate internet messages are
>> generated when the
>>> Search is utilized in IE6?  I have noticed through Sygate
>> Pro that when a
>>> search is done, 7 messages are sent to sa.windows.com
>> (207.46.248.249)
>>> through ports 1260-1265, 1270, and 1271.  And two other
>> messages are sent to
>>> search.msn.com (65.161.97.166) and
>> switch.atdmt.com(207.46.248.249).  Prior
>>> to the IE6 Search Companion problems the other day, I only
>> saw one message
>>> being sent to sa.windows.com.  What's with all the extra
>> traffic?  Isn't the
>>> internet already overloaded without Microsoft cramming
>> extra traffic over the
>>> internet for one search?
>>> .

Relevant Pages