Hi Again
These can be a pain to remove,I mentioned CWShredder as a
starting point but its useless really unless you have a
old infection.Now its owned by Intermute it doesnt seem
to be getting any updates at all.Thats just my opinion
though
There's a few other removers that can be used to kill
alot of the new variants but Hijack This is always good
to show how bad things really are.
A good start when you save the Hijack This logfile(This
will open the scan results in notepad)
Copy all the logfile then take it to either of these
site's :
http://www.hijackthis.de/en
http://www.help2go.com/modules.php?name=HJTDetective
Then paste the log onto the site and press Submit for
Help2go or Analyse for Hijack.de,It will give some
details on each of the entries and let you know what
needs fixing.Dont really remove things unless they
confirm they are nasty if they say its unknown then best
leaving them for now as they may be genuine. If you need
any advise post the log or email it
With isearch you could also check for that in hijack
this,it would show as :
R3 - URLSearchHook: iSearch Toolbar - {1C78AB3F-A857-482e-
80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll
O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-
3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll
O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-
3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll
O8 - Extra context menu item: &iSearch The Web -
res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565}
(iSearch Toolbar) - ms-its:mhtml:file://C:\ss.MHT!
http://toolbar.isearch.com/install/00002/chm.chm::/files/i
nitial.cab
Also check Hijack This for any host hijacks
(they're the entries listed in the format O1 - Hosts:
127.0.0.........)
example :
O1 - Hosts: 127.0.0.9
www.symantec.com
Let me know if i can help though
Regards Andy