Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

Surch.com appearing everytime a website load fails

I am baffled by this one and I hope someone out there can help me.  I used to get the regular old microsoft or msn page when a website load failed or didn't exits.  Recently I started getting strange behavior.  First it sends me to a http://plugin.secureservicepack.com:7777/..... and the redirects me to a www.surch.com page.  I have tried everything imaginable to get rid of this.  I have tried AdAware, Spybot, Norton Antivirus, Awido, amongst others but nothing works to rid this.  I don't see it listed as a plugin nor in my programs listing.  When i do a google search, I get nothing of consequence.  Does anyone know what this is and how I get rid of it.  The surch.com always pops up advertising and that makes me very nervous that it is a trojan, adware or virus and I want to get rid of it.  Thanks
0
drewman75
Asked:
drewman75
1 Solution
 
rpggamergirlCommented:
Can we look at your hijackthis log please?

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.


OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
DaMaestroCommented:
If possible slave the HDD into a USB enclosure or on the IDE connection of another pc.

Run your various anti-virus and anti-spyware tools from the clean system to ensure the best possible cleanup.

Do a loadhive in the regsitry for windows\system32\config\software and Documents and Settings\Default User\NTUSER.DAT  on the slaved drive. You can elect to perform a search of the hives or go directly to Software\Microsoft\Internet Explorer and Software\Microsoft\Windows\CurrentVersion\Internet Settings to cleanup the search and homepage urls.

Last, but not least, you might want to check the Plugins folder in Program Files\Internet Explorer\PLUGINS
0
 
drewman75Author Commented:
Thanks for the suggestions.  A mixture of Computer Associates eTrust Security Suite (the freeware) and Ewido Anti-Spyware was finally able to detect the spyware.  It was a plugin that had discreetly (and unauthorized of course) installed itself into Internet Explorer.
0
 
DarthModCommented:
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now