Solved

Surch.com appearing everytime a website load fails

Posted on 2006-07-12
5
295 Views
Last Modified: 2013-12-04
I am baffled by this one and I hope someone out there can help me.  I used to get the regular old microsoft or msn page when a website load failed or didn't exits.  Recently I started getting strange behavior.  First it sends me to a http://plugin.secureservicepack.com:7777/..... and the redirects me to a www.surch.com page.  I have tried everything imaginable to get rid of this.  I have tried AdAware, Spybot, Norton Antivirus, Awido, amongst others but nothing works to rid this.  I don't see it listed as a plugin nor in my programs listing.  When i do a google search, I get nothing of consequence.  Does anyone know what this is and how I get rid of it.  The surch.com always pops up advertising and that makes me very nervous that it is a trojan, adware or virus and I want to get rid of it.  Thanks
0
Comment
Question by:drewman75
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17090119
Can we look at your hijackthis log please?

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.


OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 17094915
If possible slave the HDD into a USB enclosure or on the IDE connection of another pc.

Run your various anti-virus and anti-spyware tools from the clean system to ensure the best possible cleanup.

Do a loadhive in the regsitry for windows\system32\config\software and Documents and Settings\Default User\NTUSER.DAT  on the slaved drive. You can elect to perform a search of the hives or go directly to Software\Microsoft\Internet Explorer and Software\Microsoft\Windows\CurrentVersion\Internet Settings to cleanup the search and homepage urls.

Last, but not least, you might want to check the Plugins folder in Program Files\Internet Explorer\PLUGINS
0
 

Author Comment

by:drewman75
ID: 17282501
Thanks for the suggestions.  A mixture of Computer Associates eTrust Security Suite (the freeware) and Ewido Anti-Spyware was finally able to detect the spyware.  It was a plugin that had discreetly (and unauthorized of course) installed itself into Internet Explorer.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17470317
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question