searchv.com has taken over my browser

  • Thread starter Thread starter K.A.
  • Start date Start date
K

K.A.

I've tried to get help trying to remove a malicious script
that has changed the windows registry and put their info in
place of some default settings. Basically, my browser's
homepage, startup page, and search functionalities have
been hijacked by a website, www.searchv.com (if you don't
know about this place DO NOT VISIT THIS SITE out of
curiousity. again, DO NOT GO TO THAT SITE OR A HIDDEN
SCRIPT WILL RUN AND YOUR BROWSER WILL BE TAKEN OVER BY
THEM. and it's impossible (so far anyway) to get rid of
this thing.)

I can't get rid of it by going to Tools/Internet Options/
and resetting to default startup page. I've even tried to
edit the registry and overwrite their stuff and tried
anti-spyware removal scripts that make claims to handle
this...none of these things have worked! Everytime I
restart my computer the browser has been set back to
www.searchv.com. It's incredibly annoying. Apparently,
Norton AntiVirus finally recognized it as a virus but it
says that it can't fix it. They say to do search for the
file and delete. I found it at c:\Documents and
Settings\All Users\Start Menu\Programs\Start\MSupdater.exe .

Anybody have any ideas as to how to fix this? Thanks

K.A.
 
K.A. said:
I've tried to get help trying to remove a malicious script
that has changed the windows registry and put their info in
place of some default settings. Basically, my browser's
homepage, startup page, and search functionalities have
been hijacked by a website, www.searchv.com (if you don't
know about this place DO NOT VISIT THIS SITE out of
curiousity. again, DO NOT GO TO THAT SITE OR A HIDDEN
SCRIPT WILL RUN AND YOUR BROWSER WILL BE TAKEN OVER BY
THEM. and it's impossible (so far anyway) to get rid of
this thing.)

I can't get rid of it by going to Tools/Internet Options/
and resetting to default startup page. I've even tried to
edit the registry and overwrite their stuff and tried
anti-spyware removal scripts that make claims to handle
this...none of these things have worked! Everytime I
restart my computer the browser has been set back to
www.searchv.com. It's incredibly annoying. Apparently,
Norton AntiVirus finally recognized it as a virus but it
says that it can't fix it. They say to do search for the
file and delete. I found it at c:\Documents and
Settings\All Users\Start Menu\Programs\Start\MSupdater.exe .

Anybody have any ideas as to how to fix this? Thanks

K.A.
Click to expand...

Spyware Alert!

[ "searcv" ] Spyware parasite!

Run "Hijack This", follow the instructions carefully at this link:
http://mvps.org/winhelp2002/unwanted.htm

HTH
--

siljaline MS MVP IE/OE

(Please reply to group, as reply address is invalid, so that we can all benefit)


"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_
 
K.A. said:
I've tried to get help trying to remove a malicious script
that has changed the windows registry and put their info in
place of some default settings. Basically, my browser's
homepage, startup page, and search functionalities have
been hijacked by a website, www.searchv.com (if you don't
know about this place DO NOT VISIT THIS SITE out of
curiousity. again, DO NOT GO TO THAT SITE OR A HIDDEN
SCRIPT WILL RUN AND YOUR BROWSER WILL BE TAKEN OVER BY
THEM. and it's impossible (so far anyway) to get rid of
this thing.)

I can't get rid of it by going to Tools/Internet Options/
and resetting to default startup page. I've even tried to
edit the registry and overwrite their stuff and tried
anti-spyware removal scripts that make claims to handle
this...none of these things have worked! Everytime I
restart my computer the browser has been set back to
www.searchv.com. It's incredibly annoying. Apparently,
Norton AntiVirus finally recognized it as a virus but it
says that it can't fix it. They say to do search for the
file and delete. I found it at c:\Documents and
Settings\All Users\Start Menu\Programs\Start\MSupdater.exe .

Anybody have any ideas as to how to fix this? Thanks
Click to expand...

Yes!

This is a perfect time to learn how to use the Search function as this
question has been asked and answered many many times.

But to answer your question.
CWShredder might get rid of it so see:
http://www.spywareinfo.com/~merijn/cwschronicles.html

Get HijackThis:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Unzip and double-click "HijackThis.exe" and Press "Scan"
and follow this advice:
http://forums.spywareinfo.com/index.php?showtopic=13977
 
I have tried to get hijacked by that site with no success, although it looks
like your typical spam haven.
Have you tried Ad-aware to remove your problem? I know MSupdater.exe is in
the target list, and you never specified what other "scripts" you were
using.
Download from http://lavasoft.element5.com/support/download/ and use the
"Check for updates now" before doing a scan.
 
I have the same problem. My browser has been taken over
by locators.com. Nothing that I have tried has helped.
-----Original Message-----
I've tried to get help trying to remove a malicious script
that has changed the windows registry and put their info in
place of some default settings. Basically, my browser's
homepage, startup page, and search functionalities have
been hijacked by a website, www.searchv.com (if you don't
know about this place DO NOT VISIT THIS SITE out of
curiousity. again, DO NOT GO TO THAT SITE OR A HIDDEN
SCRIPT WILL RUN AND YOUR BROWSER WILL BE TAKEN OVER BY
THEM. and it's impossible (so far anyway) to get rid of
this thing.)

I can't get rid of it by going to Tools/Internet Options/
and resetting to default startup page. I've even tried to
edit the registry and overwrite their stuff and tried
anti-spyware removal scripts that make claims to handle
this...none of these things have worked! Everytime I
restart my computer the browser has been set back to
www.searchv.com. It's incredibly annoying. Apparently,
Norton AntiVirus finally recognized it as a virus but it
says that it can't fix it. They say to do search for the
file and delete. I found it at c:\Documents and
Settings\All Users\Start
Click to expand...
Menu\Programs\Start\MSupdater.exe .
 
I don't know how to fix it - but I've been hijacked by
SEARCHALOT.COM. Maybe if someone tells you how to fix
yours - it'll help me to - ToTo
-----Original Message-----
I've tried to get help trying to remove a malicious script
that has changed the windows registry and put their info in
place of some default settings. Basically, my browser's
homepage, startup page, and search functionalities have
been hijacked by a website, www.searchv.com (if you don't
know about this place DO NOT VISIT THIS SITE out of
curiousity. again, DO NOT GO TO THAT SITE OR A HIDDEN
SCRIPT WILL RUN AND YOUR BROWSER WILL BE TAKEN OVER BY
THEM. and it's impossible (so far anyway) to get rid of
this thing.)

I can't get rid of it by going to Tools/Internet Options/
and resetting to default startup page. I've even tried to
edit the registry and overwrite their stuff and tried
anti-spyware removal scripts that make claims to handle
this...none of these things have worked! Everytime I
restart my computer the browser has been set back to
www.searchv.com. It's incredibly annoying. Apparently,
Norton AntiVirus finally recognized it as a virus but it
says that it can't fix it. They say to do search for the
file and delete. I found it at c:\Documents and
Settings\All Users\Start
Click to expand...
Menu\Programs\Start\MSupdater.exe .
 
mkennedy said:
I have the same problem. My browser has been taken over
by locators.com. Nothing that I have tried has helped.
Click to expand...

This is another "in-the-wild" Spyware hijacker which installs, or
attempts to install a malicious "toolbar" containing code that ostensibly
will place code on your machine to broadcast your Browsing habits
to third-party data mining servers.
These cause system instability and Browser crashes, errors <unknown>
etcetera.

Run "Hijack This" a spyware-detecting utility that scans for yet-confirmed
Spyware. Info and instructions, here:
http://mvps.org/winhelp2002/unwanted.htm

HTH

--

siljaline MS MVP IE/OE

(Please reply to group, as reply address is invalid,
so that we can all benefit)


"Arguing with anonymous strangers on the Internet is
a sucker's game because they almost always turn out
to be -- or to be indistinguishable from -- self-righteous
sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_
 
totowizard said:
I don't know how to fix it - but I've been hijacked by
SEARCHALOT.COM. Maybe if someone tells you how to fix
yours - it'll help me to - ToTo
Click to expand...

Spyware Alert!
"searchalot" can be removed with "Hijack This" a utility than scans
for all files, folders and Registry settings.
Info and download here: http://mvps.org/winhelp2002/unwanted.htm

HTH


--

siljaline MS MVP IE/OE

(Please reply to group, as reply address is invalid,
so that we can all benefit)


"Arguing with anonymous strangers on the Internet is
a sucker's game because they almost always turn out
to be -- or to be indistinguishable from -- self-righteous
sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_
 
Siljline
Please correct me if I am wrong but when I used to have Win98 I found a news
group post that described how to disable a DLL file that would then make it
impossible to hack into your registry and alter your browser settings. The
file is that allows this hijacking is REGWIZC.DLL. It is located in
C:Window\System. To disable it type the following into the run field
(Start>Run) regsvr32.exe -u c:\windows\system\regwizc.dll Click OK. A pop up
window should confirm successful disabling of the file.

You can also re-enable it by type the following into the run field.
regsvr32.exe -c c:\windows\system\regwizc.dll. Click OK. A pop up window
should confirm successful re-enabling of the file.

When I got a new computer which has WinME I also did the above. Just been to
searchv.com and my system has not been attacked.

I am not sure if the above has stopped this hijacking as I have Zone Alarm
and AVG 6.0 running as well a Proxomitron
If it does it could help a lot of people.

Regards
GrimReaper
 
GrimReaper said:
Siljaline
Please correct me if I am wrong but when I used to have Win98 I found a news
group post that described how to disable a DLL file that would then make it
impossible to hack into your registry and alter your browser settings. The
file is that allows this hijacking is REGWIZC.DLL. It is located in
C:Window\System. To disable it type the following into the run field
(Start>Run) regsvr32.exe -u c:\windows\system\regwizc.dll Click OK. A pop up
window should confirm successful disabling of the file.

You can also re-enable it by type the following into the run field.
regsvr32.exe -c c:\windows\system\regwizc.dll. Click OK. A pop up window
should confirm successful re-enabling of the file.

When I got a new computer which has WinME I also did the above. Just been to
searchv.com and my system has not been attacked.

I am not sure if the above has stopped this hijacking as I have Zone Alarm
and AVG 6.0 running as well a Proxomitron
If it does it could help a lot of people.

Regards
GrimReaper
Click to expand...

Hey fancy meeting you here!
I can't confirm if that DLL tweak would work, I think what you're suggestion is
changing the attribute of the file or files - that is a stop gap sort of
measure.
De-registering DLL files in pure DOS or at a DOS prompt "does away" with the
file or files but doesn't protect them.
You could read up on that at Andrew Clover's Parasite Pages.
http://www.doxdesk.com/parasite/ILookup.html
The de-registration of the "Spyware" delivered DLL's are an example in the above
URL.

The best defence if to run Ad-aware, SpyBot, Hijack This and CWShredder,
run a HOSTS file, the one I use http://mvps.org/winhelp2002/hosts.htm
Run your Browser (IE) on high settings across the board, install a good popup
stopper, the new Google Toolbar comes to mind, although it phones home.

HTH

--

siljaline MS MVP IE/OE

(Please reply to group, as reply address is invalid,
so that we can all benefit)


"Arguing with anonymous strangers on the Internet is
a sucker's game because they almost always turn out
to be -- or to be indistinguishable from -- self-righteous
sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_
 
Just wanted to say thanks to everyone for responding. I
have tried some suggestions and they haven't worked but
will continue to go through your suggestions. Some of the
things I had already tried before posting. This thing is
tenacious so anyone who comes up with a reliable fix for
this is a genius.

NOTE TO ANY HACKERS WHO READ THESE POSTS FOR LAUGHS OR TO
VERIFY YOUR STUFF WORKS (FRUSTRATES): You're going to ruin
the freedom of the internet as we know it because
eventually Microsoft, and others, will plead with the gov't
to commercialize everything "for the protection of the
users". You guys have got to tone down these annoying
hacks. It's getting out of hand. Every week it seems
there's some another annoying virus or script I have to fix
or avoid. People like us suffer and not the big companies
like Microsoft. you're not hurting the big guys like you
think you are...only positioning them to eventually become
the "police" of the internet.
 
Thanks Siljaline
I get around you know, more slowly than I once did ;-))
I do run Ad-aware and Spybot and have the latest Host file from the link you
posted. I am an old sod and find the internet very helpful in gathering
information and "meeting" people from around the world via e-mail etc which
I could never have done without it. It seems such a shame that some
companies and individuals spoil such a unbelievable piece of technology in
the pursuance of greed or what ever turns them on. I guess you can't have
something for nothing.


Take care my friend

Kind Regards
GrimReaper
 
GrimReaper said:
Thanks Siljaline
I get around you know, more slowly than I once did ;-))
I do run Ad-aware and Spybot and have the latest Host file from the link you
posted. I am an old sod and find the internet very helpful in gathering
information and "meeting" people from around the world via e-mail etc which
I could never have done without it. It seems such a shame that some
companies and individuals spoil such a unbelievable piece of technology in
the pursuance of greed or what ever turns them on. I guess you can't have
something for nothing.


Take care my friend

Kind Regards
GrimReaper
Click to expand...

G'day Grim,

Glad to help, are you are sorted then?
Have a look at "Hijack This" mate, add to your arsenal of protection.
Lots of great info, here http://mvps.org/winhelp2002/unwanted.htm
Try the HOSTS batch files, the lock HOSTS to read-only attribute
keeps HOSTS from being hijacked.

Regards to you too! Cheers from Canada.


--

siljaline MS MVP IE/OE

(Please reply to group, as reply address is invalid,
so that we can all benefit)


"Arguing with anonymous strangers on the Internet is
a sucker's game because they almost always turn out
to be -- or to be indistinguishable from -- self-righteous
sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_
 
Back
Top