AllCyberSearch and associated parasites

  sue1201 15:05 18 Feb 05
Locked

Symptoms: pop-up ads for Spyware removal progs, and offers to scan computer for Spyware.
Also, hijacks Home Page, replacing it with about:blank which redirects to a Search Page with links unsuitable for children (this is a school computer)

AdAware does not see it
Spybot sees it but does not remove it. I am also unable to update Spybot, for whatever reason
CWShredder appeared to remove something, but I still have the symptoms.

Have tried fixes found at click here, and at click here

Anybody got any further suggestions? Apart from fdisk etc!

TIA
Sue

  VoG II 15:11 18 Feb 05

Can you post a HijackThis log please.

Latest version click here

Guidance click here

You will probably need to post your log in more than one section because of the 800 word limit here. Also, please double space it by adding a blank line every other line before clicking the Post response button.

Do not try to "fix" anything until advised by an expert. A lot of what is listed is essential to the running of your PC.

  sue1201 21:04 18 Feb 05

Thanks for your reply. I won't be in school again till next THursday probably, but will try this out then. I have the download on my pen drive!

Before I left today I seemed to have conquered the Hijacker (I had the correct Home Page in IE) but the popups were still appearing. I just "know" that if someone clicks on one the whole problem will start again.

Out of interest I ran HijackTHis on my computer at home. I found myself wondering about the following:

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\atievxx.exe

everything else looks pretty familiar.

Depressing though it is, I am the "expert" at school, so I have to do the best I can - with a little help from my friends!

Will get back to you.

  VoG II 21:09 18 Feb 05

I am going to tell my (expert) friend about you too, sue.

  Nellie2 10:22 19 Feb 05

atievxx.exe is something to do with ATI display drivers

lsass.exe is a legitimate windows file... click here but there is something with a very similar name that isn't. If you only have one in the system32 folder then there is nothing to worry about.

  sue1201 18:26 28 Feb 05

as I had wasted so much time on this one machine, I decided to reformat it and start afresh. I hate to give up like that, but the school needed to use the computer. Thanks for your help anyway.

This thread is now locked and can not be replied to.

Best phone camera 2016/2017: Galaxy S7 vs iPhone 7 vs Google Pixel vs HTC 10 Evo vs OnePlus 3T vs…

1995-2015: How technology has changed the world in 20 years

These are the Best Christmas Ads and Studio Projects of 2016

Super Mario Run preview | Hands-on first impressions of Super Mario Run: Mario's iPhone & iPad…