searchxl

  • Thread starter Thread starter takiana
  • Start date Start date
T

takiana

Anyone know how to get search pages to stop coming up when
I open IE6.0? I've searched all settings, installed
spybot. Still have something called searchxl opening when
I try to get to IE6.

Thank you.
 
Download Ad-aware http://lavasoft.element5.com/choose_language/ *
Download CWShredder http://www.merijn.org/files/cwshredder.zip *

Protect your pc with
SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html *
SpywareGuard http://www.wilderssecurity.net/spywareguard.html

* = Update the definition files within the program as the first step.


----- takiana wrote: -----

Anyone know how to get search pages to stop coming up when
I open IE6.0? I've searched all settings, installed
spybot. Still have something called searchxl opening when
I try to get to IE6.

Thank you.
 
But do you know if it works? NB: the scumware is
affecting the Registry upon booting the OS, and even
though it is deleted the behavior persists. Furthermore,
upon booting again one finds the same dozen offending
searchxl entries in the registry...
No suspicious Active Tasks, and no suspicious Startups.
So where is it hiding?

Kind rgds
P
-----Original Message-----
Download Ad-aware
Click to expand...
http://lavasoft.element5.com/choose_language/ *
Download CWShredder
Click to expand...
http://www.merijn.org/files/cwshredder.zip *
Protect your pc with
SpywareBlaster
Click to expand...
http://www.javacoolsoftware.com/spywareblaster.html *
 
So far the only thing that stops it:
-- delete IE in TaskManager (it won't reappear until next
system boot)
-- No matter what you have to do a registry cleanup -- do
a search on searchxl and you will find about 10 entries.
However, when you reboot they will reappear.

I am also looking for a solution to this nasty disease.
Kind rgds
Paulo
 
Paulo said:
But do you know if it works? NB: the scumware is
affecting the Registry upon booting the OS, and even
though it is deleted the behavior persists. Furthermore,
upon booting again one finds the same dozen offending
searchxl entries in the registry...
No suspicious Active Tasks, and no suspicious Startups.
So where is it hiding?

Kind rgds
P
Click to expand...

Did you run cwshredder?

--
Frank Saunders, MS-MVP IE/OE
http://www.fjsmjs.com
Reply to Newsgroup. I won't answer email
Protect Your PC
http://www.microsoft.com/security/protect/
 
Hi Frank;
I did a Grep on my system, and found an offending file on
my computer C:/system.reg

System.reg contains the following:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer]
"SearchURL"="http://www.searchxl.com/ie/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main]
"Use Search Asst"="no"
"Use Custom Search URL"=dword:00000001
"Default_Search_URL"="http://www.searchxl.com/ie/"
"Search Page"="http://www.searchxl.com/ie/"
"Search Bar"="http://www.searchxl.com/ie/"
"SearchURL"="http://www.searchxl.com/ie/"

[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Search]
"SearchAssistant"="http://www.searchxl.com/ie/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Search]
"SearchAssistant"="http://www.searchxl.com/ie/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main]
"Search Page"="http://www.searchxl.com/ie/"
"Default_Search_URL"="http://www.searchxl.com/ie/"

[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser]
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,30,00
,00,00,1b,00,00,00,\

64,00,00,00,01,00,00,00,a0,06,00,00,e9,02,00,00,05,00,00,00
,62,04,00,00,26,\

00,00,00,02,00,00,00,a1,06,00,00,f7,02,00,00,04,00,00,00,a1
,00,00,00,11,03,\

00,00,03,00,00,00,a9,02,00,00,0b,03,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,01,24,d0,30,81,6a,d0,11
,82,74,00,c0,4f,\
d5,ae,38,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\Run]
"SystemSearch"="REGEDIT.EXE -S c:\\system.reg"


I deleted this plus all the offending registry entries. i
suspect that this will kill this parasite, but...

Kind rgds
Paulo
 
It came from this nasty parasite.

CoolWebSearch - CWS http://www.spywareinfo.com/articles/cws/
More: Complete list by variant with up-to-date information.
http://www.merijn.org/cwschronicles.html
More: Removal tool: http://www.merijn.org/files/cwshredder.zip
More: Removal tool:
http://www.symantec.com/avcenter/venc/data/vbs.bootconf.html
More: http://www.spywareguide.com/product_show.php?id=640
--

Check for others.
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm


Henri Leboeuf
Web page: http://www.generation.net/~hleboeuf/index.htm


Paulo said:
Hi Frank;
I did a Grep on my system, and found an offending file on
my computer C:/system.reg

System.reg contains the following:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer]
"SearchURL"="http://www.searchxl.com/ie/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main]
"Use Search Asst"="no"
"Use Custom Search URL"=dword:00000001
"Default_Search_URL"="http://www.searchxl.com/ie/"
"Search Page"="http://www.searchxl.com/ie/"
"Search Bar"="http://www.searchxl.com/ie/"
"SearchURL"="http://www.searchxl.com/ie/"

[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Search]
"SearchAssistant"="http://www.searchxl.com/ie/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Search]
"SearchAssistant"="http://www.searchxl.com/ie/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main]
"Search Page"="http://www.searchxl.com/ie/"
"Default_Search_URL"="http://www.searchxl.com/ie/"

[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser]
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,30,00
,00,00,1b,00,00,00,\

64,00,00,00,01,00,00,00,a0,06,00,00,e9,02,00,00,05,00,00,00
,62,04,00,00,26,\

00,00,00,02,00,00,00,a1,06,00,00,f7,02,00,00,04,00,00,00,a1
,00,00,00,11,03,\

00,00,03,00,00,00,a9,02,00,00,0b,03,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,01,24,d0,30,81,6a,d0,11
,82,74,00,c0,4f,\
d5,ae,38,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\Run]
"SystemSearch"="REGEDIT.EXE -S c:\\system.reg"


I deleted this plus all the offending registry entries. i
suspect that this will kill this parasite, but...

Kind rgds
Paulo

-----Original Message-----


Did you run cwshredder?

--
Frank Saunders, MS-MVP IE/OE
http://www.fjsmjs.com
Reply to Newsgroup. I won't answer email
Protect Your PC
http://www.microsoft.com/security/protect/
the first step.
.
Click to expand...
Click to expand...
 
Back
Top