?
Solved

Surch.com appearing everytime a website load fails

Posted on 2006-07-12
5
Medium Priority
?
297 Views
Last Modified: 2013-12-04
I am baffled by this one and I hope someone out there can help me.  I used to get the regular old microsoft or msn page when a website load failed or didn't exits.  Recently I started getting strange behavior.  First it sends me to a http://plugin.secureservicepack.com:7777/..... and the redirects me to a www.surch.com page.  I have tried everything imaginable to get rid of this.  I have tried AdAware, Spybot, Norton Antivirus, Awido, amongst others but nothing works to rid this.  I don't see it listed as a plugin nor in my programs listing.  When i do a google search, I get nothing of consequence.  Does anyone know what this is and how I get rid of it.  The surch.com always pops up advertising and that makes me very nervous that it is a trojan, adware or virus and I want to get rid of it.  Thanks
0
Comment
Question by:drewman75
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17090119
Can we look at your hijackthis log please?

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.


OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 17094915
If possible slave the HDD into a USB enclosure or on the IDE connection of another pc.

Run your various anti-virus and anti-spyware tools from the clean system to ensure the best possible cleanup.

Do a loadhive in the regsitry for windows\system32\config\software and Documents and Settings\Default User\NTUSER.DAT  on the slaved drive. You can elect to perform a search of the hives or go directly to Software\Microsoft\Internet Explorer and Software\Microsoft\Windows\CurrentVersion\Internet Settings to cleanup the search and homepage urls.

Last, but not least, you might want to check the Plugins folder in Program Files\Internet Explorer\PLUGINS
0
 

Author Comment

by:drewman75
ID: 17282501
Thanks for the suggestions.  A mixture of Computer Associates eTrust Security Suite (the freeware) and Ewido Anti-Spyware was finally able to detect the spyware.  It was a plugin that had discreetly (and unauthorized of course) installed itself into Internet Explorer.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17470317
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month11 days, 15 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question