Excessive Internet Traffic for IE6 search

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Does anyone know why 9 separate internet messages are generated when the
Search is utilized in IE6? I have noticed through Sygate Pro that when a
search is done, 7 messages are sent to sa.windows.com (207.46.248.249)
through ports 1260-1265, 1270, and 1271. And two other messages are sent to
search.msn.com (65.161.97.166) and switch.atdmt.com(207.46.248.249). Prior
to the IE6 Search Companion problems the other day, I only saw one message
being sent to sa.windows.com. What's with all the extra traffic? Isn't the
internet already overloaded without Microsoft cramming extra traffic over the
internet for one search?
 
switch.atdmt.com
seems to be a 1 by 1 gif. maybe a tracker.

Unwanted Windows XP connections to sa.windows.com

This is probably an old piece of information, but it was
fairly new to me. I've found that my computer was
periodically connecting to (and attempting to connect to) a
site called sa.windows.com. After many Google Groups
searches it appears that the Windows "Search Assistant" is
constantly updating itself through a web service located at
that machine. Thankfully it's easy to turn off. Go to the
registry key
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Cabinet
State" and add a String key named "Use Search Asst" with
the value "no". Do it for all the users on your system that
login.

This is one of the things that piss me off about web
services - they're a total bitch to block with a firewall
since they all use port 80 and most of them use the system
URL fetching utilities.

and scan for bugs too. spybot safer-networking.org
ad-aware se 1.05 lavasoft.de both free.
-----Original Message-----
Does anyone know why 9 separate internet messages are generated when the
Search is utilized in IE6? I have noticed through Sygate Pro that when a
search is done, 7 messages are sent to sa.windows.com (207.46.248.249)
through ports 1260-1265, 1270, and 1271. And two other messages are sent to
search.msn.com (65.161.97.166) and
Click to expand...
switch.atdmt.com(207.46.248.249). Prior
 
Hi Ken -

This modification had no effect, in fact there are now 11 messages that are
sent...

I deleted your suggested mod and it is still sending 11 messages. I run
both Ad Aware and Spybot at regular intervals to clean out the junk! I did
notice that all of this "extra" picked up after I installed MS Security
Update KB887742. A short time after that, the Search Companion went south
for the better part of 2 days while MS was screwing with something - probably
their new search engine. Anyway I think it's all tied together and it may be
time to clean out all of the IE affilited files, links, etc. to see if that
helps. In the meantime I'll run both Spybot and Ad Aware first. any other
suggestions are welcome! Thank you!
 
Hi rbsques - Start here. Please post back with your results or if you need
additional assistance.

Courtesy of Ron Kinner MVP:


"There is a German program called Spoonweg.exe which might
help.

http://lunatic-skydance.de/mr/soft/SpoonWeg.exe

It will start to download. Save it somewhere you can find
it again then Open it and say YES then Click on Trojaner-
Suchen. If it finds the version of about:blank that it is
meant to kill it will go and do it then reboot the PC.
Otherwise it will say Trojaner Spooner wird nicht gefunden.

Another German program is SpHjFix.exe.

http://www.trojaner-info.de/cgi-bin/download.cgi?
file=sphjfix

This one speaks English so just Press on Start Disinfection
If it doesn't find its target it will say Not Infected
across the top of the little window. Otherwise follow the
instructions.

Both of these probably run better in Safe Mode (F8 -
without Networking)

Finally if both of the above fail then try one of the
methods in:

http://www.pchell.com/support/aboutblank.shtml "



I can also recommend the procedures at www.pchell.com .



In addition, for your specific Home Search Assistant parasite, try the
following (extracted from one of my "standard" posts about this family of
parasites):

"If your hijacker is Home Search Assistant or one of these:

- Only The Best
- Home Search Extender
- Shopping Wizard
- res://****.dll/index.html#***** (or simply res .dll)

first see here:
http://www.short-media.com/forum/showthread.php?p=172774#post172774, and
here: http://www.pchell.com/support/onlythebest.shtml. Then you can try AT
YOUR OWN RISK, HSRemove, free, here: http://www.hsremove.com/. "A few
days ago I got hijacked - Nothing new in that, except this time it was a
real [censored] to get rid of. - There were simply no tools available to
remove this "Home Search" thing. Finally I ended up creating my own tool for
it. USE IT AT YOUR OWN RISK. And if you find it helpful, then please do not
hesitate to make a contribution."

Or, you can try AboutBuster, here, which is also designed to remove Home
Search Assistant: http://www.malwarebytes.biz/"

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
 
Back
Top