Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Smartersearch Side Search removed

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
rayb2001
Newbie


Joined: 22 Jan 2009
Last Visit: 21 Feb 2009
Posts: 3

PostPosted: Thu Jan 22, 2009 9:50 am    Post subject: Smartersearch Side Search removed Reply with quote

Not sure how I got it but whenever I would search using either Google or Yahoo from FF, a new set of "sponsored links" would show up on the left. Seems I got a plug-in that sends a request to SmarterSearch to put these up.

Using HijackThis, I was able to find a BHO but after removing it with HighackThis, it was still showing up.

After hours of looking through the registry and file system, I finally found that the file (which apparently gets named differently on every system) was hiding in the firefox directory: c:\Program Files\Mozilla Firefox\components

So, for those looking to remove this, the file name was the same as reported by HijackThis. But HijackThis showed the file as in c:\windows\system32. Maybe it was there also and it copied itself to the firefox directory, I can't tell.

Just deleting the file (ozwcpyqydyzmhiolq.dll) fixed the problem for me.

Hope this helps someone save some time!
Back to top
View user's profile Send private message
rahul_t
Newbie


Joined: 20 Feb 2009
Last Visit: 20 Feb 2009
Posts: 1

PostPosted: Fri Feb 20, 2009 10:14 am    Post subject: Reply with quote

Thanks for your valuable tips. Its really help me and others. I think nest time I don't have to reinstall windows when I attack by virus.
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 30 Oct 2014
Posts: 10332
Location: at the beach

PostPosted: Fri Feb 20, 2009 8:01 pm    Post subject: Reply with quote

rahul_t wrote:
Thanks for your valuable tips. Its really help me and others. I think nest time I don't have to reinstall windows when I attack by virus.


This would not require reinstalling Windows. It's an easy malware to remove.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
rayb2001
Newbie


Joined: 22 Jan 2009
Last Visit: 21 Feb 2009
Posts: 3

PostPosted: Sat Feb 21, 2009 11:12 am    Post subject: Also try gooredfix Reply with quote

After this, I found another problem and followed these instructions to fix:

Someone has already written an automated removal tool for this:
http://jpshortstuff.247fixes.com/GooredFix.exe

The use instructions for this tool are:
- Double-click GooredFix.exe on your Desktop (Note: If you are using Vista right-click GooredFix and select Run As Administrator...)
- Select Option#1 - Find Goored (no fix), by typing 1 and pressing Enter
- A logfile should popup shortly.

- Take a look at the section "Suspect Goored Entries". There should be an entry there with a random string of numbers and letters enclosed in {} (in this case {ABB56C42-1843-46EF-A93E-482DE0F5B5AA}), that shows a folder in C:\Documents and Settings\<your name>\Local Settings\Application Data\{the same random numbers and letters}.

- If this entry is present, and if there are no other entries in the "Suspect Goored Entries" section, then do the following:
- Close all Windows and Browsers, especially any Firefox Windows.
- Double-click GooredFix.exe on your Desktop (Note: If you are using Vista right-click GooredFix and select Run As Administrator...)
- Select Option#2 - Fix Goored by typing 2 and pressing Enter.
- At the prompt, type y and press Enter.
- GooredFix will now remove the infection, and a new log will popup. Please proceed to Step 2.

A ton of people are reporting success resolving this issue with this tool, so hopefully it works for you.
Back to top
View user's profile Send private message
rayb2001
Newbie


Joined: 22 Jan 2009
Last Visit: 21 Feb 2009
Posts: 3

PostPosted: Sat Feb 21, 2009 11:15 am    Post subject: Step 2 Reply with quote

Sorry, forgot to add step two which is to run HiJackThis and confirm that there are no other problems.
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 30 Oct 2014
Posts: 10332
Location: at the beach

PostPosted: Sat Feb 21, 2009 11:42 am    Post subject: Reply with quote

rayb2001, we appreciate you sharing, but we do not recommned folks to remove anything with HijackThis on their own without the advice of a trained helper. There is a significant risk of doing serious damage to the system when untrained people start deleting things with HijackThis. All helpers at this and other similar forums are required to go through extensive training at one of the malware removal schools, where they are supervised closely before they are allowed to assist with malware removal independently.

Maybe you would be interested in Malware Removal University.

http://www.malwareremoval.com/university.php

Most our helpers are graduates of that school.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group