Solved

Surch.com appearing everytime a website load fails

Posted on 2006-07-12
5
291 Views
Last Modified: 2013-12-04
I am baffled by this one and I hope someone out there can help me.  I used to get the regular old microsoft or msn page when a website load failed or didn't exits.  Recently I started getting strange behavior.  First it sends me to a http://plugin.secureservicepack.com:7777/..... and the redirects me to a www.surch.com page.  I have tried everything imaginable to get rid of this.  I have tried AdAware, Spybot, Norton Antivirus, Awido, amongst others but nothing works to rid this.  I don't see it listed as a plugin nor in my programs listing.  When i do a google search, I get nothing of consequence.  Does anyone know what this is and how I get rid of it.  The surch.com always pops up advertising and that makes me very nervous that it is a trojan, adware or virus and I want to get rid of it.  Thanks
0
Comment
Question by:drewman75
5 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
Can we look at your hijackthis log please?

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.


OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 6

Expert Comment

by:DaMaestro
Comment Utility
If possible slave the HDD into a USB enclosure or on the IDE connection of another pc.

Run your various anti-virus and anti-spyware tools from the clean system to ensure the best possible cleanup.

Do a loadhive in the regsitry for windows\system32\config\software and Documents and Settings\Default User\NTUSER.DAT  on the slaved drive. You can elect to perform a search of the hives or go directly to Software\Microsoft\Internet Explorer and Software\Microsoft\Windows\CurrentVersion\Internet Settings to cleanup the search and homepage urls.

Last, but not least, you might want to check the Plugins folder in Program Files\Internet Explorer\PLUGINS
0
 

Author Comment

by:drewman75
Comment Utility
Thanks for the suggestions.  A mixture of Computer Associates eTrust Security Suite (the freeware) and Ewido Anti-Spyware was finally able to detect the spyware.  It was a plugin that had discreetly (and unauthorized of course) installed itself into Internet Explorer.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
Comment Utility
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now