Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- David H. Lipman
March 13, 2005, 8:58 pm
rate this thread
| Hi All
| My friend's WinXP SP1 machine has Microsoft Anti-Spyware Beta (latest
| updates), AVG 7.0 free (latest updates) and the built-in firewall on, but
| has been infested with some kind of virus/trojan that does the following:
| 1) Always tries to bounce their browser to www.absoearch.com
| 2) Shows bogus pages in their browser asking them to send login details such
| as Tiscali, etc
| 3) Fills their hosts file with hundreds of crap web sites
| I've MS Anti-Spywared it, AdAware-d it, SpyBot-ed it, AVG 7-d it,
| CoolWebShredded it, looked in the Add/Remove Progs and the MSConfig startup
| list, but I can't get rid of the above problem.
| When I did a HijackThis it found and deleted the offending abosearch
| entries, but then when you restart back they come.
| If possible, could you please let me know of a solution.
| Many thanks.
| Regards Mac
Please consider Cross-Posting ( as I have done in this reply ) instead of
pertinent News Groups. It also helps to then set a follow-up to one of those
News Groups as
I have set the followup-to; alt.privacy.spyware ,
This way all replies go to one News Group most apropos to the problem and you
answers to the one problem in all different places.
You did not mention the version of Ad-aware and SpyBot. If you have Ad-aware SE
SpyBot S&D v1.3 already, ignore the parts about downloading them, just apply the
way of executing them.
Please read the following Microsft URL on "How to perform a clean boot in
Dump the contents of the IE Temporary Internet Folder cache (TIF)
start --> settings --> control panel --> internet options --> delete files
BHODemon -- http://www.definitivesolutions.com/bhodemon.htm
1) Download the following three items...
Trend Sysclean Package
Latest Trend signature files.
Ad-aware SE (free personal version v1.05)
SpyBot Search and Destroy (v1.3)
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt488.zip
Extract the contents of the ZIP file and place the contents in the same
2) Update Ad-aware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
4) Reboot your PC into Safe Mode and shutdown as many applications as
5) Using SpyBot S&D, Trend Sysclean and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Execute BHODemon and see if there are any malware Browser Helper Objeccts.
9) If you are using WinME or WinXP, create a new Restore point
* * Please report back your results * *