NETSTER ATTACK !!

I am having problems with NETSTER. I don't know where I got intected from since I am pretty safe in that regard and use Ad-Aware and Spybot regularly. I find that whenever I hit somesites like www.erecruting.com etc. NETSTER gets activated and takes me to http://search.netster.com/Index.asp?Site=ZXJlY3J1dGluZy5jb20%3D 

I want to get rid of it but none of the spyware tools are able to it. Only a netster cookie gets detected. Also I tried in vain to find netster.dll/ netseter.dll.

Is there any one who can help me in this regard ?

thanks much
anantha
anant_27Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
DarthModConnect With a Mentor Commented:
PAQed with points (500) refunded

DarthMod
Community Support Moderator
0
 
jvuzCommented:
Run Hijackthis and post the log here:

You can find the software here:

http://www.majorgeeks.com/download3155.html
0
 
Tim HolmanCommented:
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
anant_27Author Commented:
I ran HIJACKTHIS and I am posting the log of the same. I have tried in vain the steps mentioned in the pest patrol site and unfortunately there appear to be no traces of the Netster.dll file or any of the registry keys mentioned there.

I  hope there is some way to get it out of my system, because its a scary thing to have such a stealthy piece of spyware/adware.

thanx.

============================================
Logfile of HijackThis v1.97.7
Scan saved at 10:05:18 AM, on 9/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
E:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
E:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\WebDrive\wdservice.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Stardock\ObjectDock\ObjectDock.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
C:\program files\Yahoo!\Messenger\YPager.exe
E:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
E:\my downloads\Spyware Removal\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [EasyMessage] E:\Program Files\Easy Message\em2.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Stardock ObjectDock.lnk = E:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://E:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://E:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://E:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\Program Files\AutoCAD 2002\AcPreview.ocx
0
 
SheharyaarSaahilCommented:
anant_27, its looking like u are using the old version of hijackthis.exe, i.e. 1.97.7 and that's why its not catching which it shud :)
the new version is v1.98.2, so Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then u will have two options.....

1. Post here that LOG file, and we will tell u that what is BAD in it and how to remove them :)

2. Post it at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, if u can trust it, go on and delete everything which it asks u to delete :)

!! Good Luck !!
0
 
anant_27Author Commented:
This is the latest log file, and apparently again no signs of NETSTER.

thanks
=============================================
Logfile of HijackThis v1.98.2
Scan saved at 1:53:54 PM, on 9/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
E:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
E:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\WebDrive\wdservice.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Stardock\ObjectDock\ObjectDock.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
C:\program files\Yahoo!\Messenger\ymsgr_tray.exe
E:\program files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\Anantha Narayan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [EasyMessage] E:\Program Files\Easy Message\em2.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Stardock ObjectDock.lnk = E:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://E:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://E:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://E:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\Program Files\AutoCAD 2002\AcPreview.ocx
0
 
net_sec_guruCommented:
manual removal is quick & simple for this spyware with is a BHO (Browser Help Object):

Remove these files:
netseter.dll
profilepath+\netster.dll
systemroot+\system\_netster.dll
systemroot+\system\netster.dll
systemroot+\system32\_netster.dll
systemroot+\system32\netster.dll

Remove these registry items:
HKEY_CLASSES_ROOT\clsid\{359f7e49-1ea0-4671-92e9-61e32fe25c5e}
HKEY_CLASSES_ROOT\clsid\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_CLASSES_ROOT\clsid\{acc63168-5876-439b-95bc-3bae59ca860c}
HKEY_CLASSES_ROOT\clsid\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_CLASSES_ROOT\interface\{aa644580-8f8a-4f8b-9263-42e14c7c2fcb}
HKEY_CLASSES_ROOT\interface\{b4fadc3f-7c5f-4fc8-a050-dbeb2c119dd5}
HKEY_CLASSES_ROOT\interface\{eed9bcbf-d40e-408f-8080-e4afc9fddb36}
HKEY_CLASSES_ROOT\interface\{f5619700-a76a-462b-abdd-6372ff10eab7}
HKEY_CLASSES_ROOT\netster.bho
HKEY_CLASSES_ROOT\netster.bho.1
HKEY_CLASSES_ROOT\netster.initscript
HKEY_CLASSES_ROOT\netster.initscript.1
HKEY_CLASSES_ROOT\netster.netsterband
HKEY_CLASSES_ROOT\netster.netsterband.1
HKEY_CLASSES_ROOT\netster.netsterph
HKEY_CLASSES_ROOT\netster.netsterph.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_CLASSES_ROOT\typelib\{e1c643a6-8b7b-4f28-b652-f712fe4f7402}
HKEY_LOCAL_MACHINE\clsid\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_LOCAL_MACHINE\clsid\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_LOCAL_MACHINE\software\classes\clsid\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_LOCAL_MACHINE\software\netster

Unlink these dll's (usually use regsvr32)
HKEY_CLASSES_ROOT\clsid\{359f7e49-1ea0-4671-92e9-61e32fe25c5e}
HKEY_CLASSES_ROOT\clsid\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_CLASSES_ROOT\clsid\{acc63168-5876-439b-95bc-3bae59ca860c}
HKEY_CLASSES_ROOT\clsid\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_CLASSES_ROOT\interface\{aa644580-8f8a-4f8b-9263-42e14c7c2fcb}
HKEY_CLASSES_ROOT\interface\{b4fadc3f-7c5f-4fc8-a050-dbeb2c119dd5}
HKEY_CLASSES_ROOT\interface\{eed9bcbf-d40e-408f-8080-e4afc9fddb36}
HKEY_CLASSES_ROOT\interface\{f5619700-a76a-462b-abdd-6372ff10eab7}
HKEY_CLASSES_ROOT\netster.bho
HKEY_CLASSES_ROOT\netster.bho.1
HKEY_CLASSES_ROOT\netster.initscript
HKEY_CLASSES_ROOT\netster.initscript.1
HKEY_CLASSES_ROOT\netster.netsterband
HKEY_CLASSES_ROOT\netster.netsterband.1
HKEY_CLASSES_ROOT\netster.netsterph
HKEY_CLASSES_ROOT\netster.netsterph.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_CLASSES_ROOT\typelib\{e1c643a6-8b7b-4f28-b652-f712fe4f7402}
HKEY_LOCAL_MACHINE\clsid\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_LOCAL_MACHINE\clsid\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_LOCAL_MACHINE\software\classes\clsid\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_LOCAL_MACHINE\software\netster

Reboot and try again!
0
 
anant_27Author Commented:
Thank you for your response, I did find this help in the pest patrol website and tried to do what is suggested there.

There is no trace of netster/ netseter , but if i type in some (not all ) wrong URL's , then it takes me to the netster page.

Also I noticed one another strange thing. My yahoo messenger would not connect to the internet sometimes, and after connection it would not let me add any new friends and no let me enter chat rooms. I dont know if the netster thing is related to my yahoo messenger or vice versa

thanks
anantha
0
 
SheharyaarSaahilCommented:
anant.... tell me are u using Yahoo as ur stat(home) page and search assistant ??
coz look at these entries,,,, it shows that ur search assistant and start page is handled by yahoo !!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com


so if u have set them urself, they can be OK, other check them and click on Fix Checked !!
reboot and now check if any progress ??
0
 
anant_27Author Commented:
hello all:

thanks for the support you are providing me. Yes, I did remove the instances of Yahoo being my search engine. YM ! had installed it by default.

Anyways, here is something that I want you to try for me.

can you please try to go to www.erecruting.com ( Yes ! erecruting and not erecruiting ) ? I have tried this on a couple of my room mates PC's and they take me to a netster page !! I dont know why this happens to only a few specific wrong URL's and not others. I have tried typing junk on my Address bar ( both IE and Mozilla ) but they dont take me to netster. But typing www.erecruting.com always takes me to netster. Do you agree with me on this ? can you try it ?

thanks much
Anantha
0
 
SheharyaarSaahilCommented:
lol.... u are right... when i click on the above link ( www.erecruting.com )
it does take me to the Netster search page :)

i guess that site is down and that's why Netster is temporary sitting at its place... or may be some hacking shacking problem u know ;-D
0
 
anant_27Author Commented:
lol..........so do i get to keep my 500 points ??

It was indeed an interesting problem since there was no trace of netster on my system but it did take me to netster page, and apparently netster has this quote

"PLEASE NOTE: You may have arrived at this site because you mistyped your desired Internet address or domain name, or the web site you are seeking may not be operational. Please make sure you typed the address or domain name correctly. You may use the "Back" button on your browser to return to your previous page, or you may use our search engine to find your intended destination."

Anyways, I guess this problem exists in all systems including yours truly's !!! So i am safe for the moment from the netster attack.

thank you all anyways
Anantha
0
 
SheharyaarSaahilCommented:
lolz yeah indeed it baffled me too much :-S
:D

>> so do i get to keep my 500 points ??
never mind go and get a refind, atleast i have no objection as i was not able to solve ur problem, it still goes to NETSTER.... right ;-D

Happy Computing ^_^
0
All Courses

From novice to tech pro — start learning today.