Solved

Surch.com appearing everytime a website load fails

Posted on 2006-07-12
5
292 Views
Last Modified: 2013-12-04
I am baffled by this one and I hope someone out there can help me.  I used to get the regular old microsoft or msn page when a website load failed or didn't exits.  Recently I started getting strange behavior.  First it sends me to a http://plugin.secureservicepack.com:7777/..... and the redirects me to a www.surch.com page.  I have tried everything imaginable to get rid of this.  I have tried AdAware, Spybot, Norton Antivirus, Awido, amongst others but nothing works to rid this.  I don't see it listed as a plugin nor in my programs listing.  When i do a google search, I get nothing of consequence.  Does anyone know what this is and how I get rid of it.  The surch.com always pops up advertising and that makes me very nervous that it is a trojan, adware or virus and I want to get rid of it.  Thanks
0
Comment
Question by:drewman75
5 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17090119
Can we look at your hijackthis log please?

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.


OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 17094915
If possible slave the HDD into a USB enclosure or on the IDE connection of another pc.

Run your various anti-virus and anti-spyware tools from the clean system to ensure the best possible cleanup.

Do a loadhive in the regsitry for windows\system32\config\software and Documents and Settings\Default User\NTUSER.DAT  on the slaved drive. You can elect to perform a search of the hives or go directly to Software\Microsoft\Internet Explorer and Software\Microsoft\Windows\CurrentVersion\Internet Settings to cleanup the search and homepage urls.

Last, but not least, you might want to check the Plugins folder in Program Files\Internet Explorer\PLUGINS
0
 

Author Comment

by:drewman75
ID: 17282501
Thanks for the suggestions.  A mixture of Computer Associates eTrust Security Suite (the freeware) and Ewido Anti-Spyware was finally able to detect the spyware.  It was a plugin that had discreetly (and unauthorized of course) installed itself into Internet Explorer.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17470317
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now