need help

Sweney

NRU Member
Joined
15 Mar 2012
Messages
845
Points
28
Location
Maine
hi guys can any of you help me. a m8 of mine is clueless when it comes to laptops and always gives it to me to clean it up this time it has browser hijacker named proxy.allsearch.com i can figure out how the hell to remove it
 

samoz83

NRU Heed
Joined
15 Mar 2012
Messages
2,329
Points
138
Surprised if http://www.malwarebytes.org/ wouldn't find it (Does he have any anti-virus/malware?)

To remove manually you have to first open Task Manager and close any processes called

Code:
browserseek.exe
browserseek170.exe
browserseek.dll
allsearch.exe
allsearch.dll
Then open start and type regedit and press enter and then find and remove these registry values:
Code:
HKEY_LOCAL_MACHINESOFTWARE\ClassesBrowserSeekIEHelper.DNSGuardCLSID
HKEY_LOCAL_MACHINESOFTWARE\MicrosoftInternet ExplorerToolbar “BrowserSeek Toolbar”
HKEY_LOCAL_MACHINESOFTWARE\ClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} “BrowserSeek Toolbar”
HKEY_LOCAL_MACHINESOFTWARE\ClassesBrowserSeekIEHelper.DNSGuardCurVer
HKEY_LOCAL_MACHINESOFTWARE\ClassesBrowserSeekIEHelper.DNSGuard.1
HKEY_LOCAL_MACHINESOFTWARE\ClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 “C:PROGRA~1WINDOW~4ToolBarBrowserSeekdtx.dll”
HKEY_LOCAL_MACHINESOFTWARE\ClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID “BrowserSeekIEHelper.UrlHelper.1″
HKEY_LOCAL_MACHINESOFTWARE\ClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} “UrlHelper Class”
HKEY_LOCAL_MACHINESOFTWARE\ClassesBrowserSeekIEHelper.DNSGuard
HKEY_LOCAL_MACHINESOFTWARE\MicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7}”BrowserSeek BrowserSeek Toolbar”
HKEY_LOCAL_MACHINESOFTWARE\ClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID “BrowserSeekIEHelper.UrlHelper”
And last of all find all of these files in Windows Explorer and delete them
Code:
%AppData%BrowserSeektoolbardtx.ini%AppData%BrowserSeektoolbarguid.dat
%AppData%BrowserSeektoolbaruninstallIE.dat
%AppData%BrowserSeektoolbaruninstallStatIE.dat
%AppData%BrowserSeektoolbarcouponsmerchants2.xml
%AppData%BrowserSeektoolbarcouponsmerchants.xml
%AppData%BrowserSeektoolbarstats.dat
%AppData%BrowserSeektoolbarstat.log
%Temp%BrowserSeektoolbar-manifest.xml
%AppData%BrowserSeektoolbarcouponscategories.xml
%AppData%BrowserSeektoolbarlog.txt
%AppData%BrowserSeektoolbarpreferences.dat
%AppData%BrowserSeektoolbarversion.xml
 

Sweney

NRU Member
Joined
15 Mar 2012
Messages
845
Points
28
Location
Maine
shit its called proxt.allsearchapp.com/app/start/

i couldnt find any of those registry entries in the reg edit
 

Psycho_Moerchen

NRU Member
Joined
15 Mar 2012
Messages
622
Points
18
Location
Bad Rappenau
AW: need help

hmm he should buy or use the trial from Norton 360 and norton eraser wanna help maybe. But sam knows more and its better u follow his instructions he is smart computerfreak :D
 

samoz83

NRU Heed
Joined
15 Mar 2012
Messages
2,329
Points
138
Sorry it seems the code tags stripped out some of the formatting for the reg entries, and after looking into it it seems they can be a hell of a lot of different names for this thing so it might be easier to find using these as a guide:

HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCurVer
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCLSID
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
HKCU\Software\Search Settings
HKLM\Software\Application Updater
HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
HKLM\SOFTWARE\Classes\Toolbar.CT2269050
HKLM\SOFTWARE\Classes\Toolbar.CT3072253
HKLM\Software\DVDVideoSoftTB
HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04617B4A-75B9-4A14-8354-40C81153F7B8}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C90718A-33E9-41DF-A614-4CEB407E902D}
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard.1
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerToolbar “[trojan name]”

Did Malwarebytes not work?

Were there any processes with those names in task manager?
 

Sweney

NRU Member
Joined
15 Mar 2012
Messages
845
Points
28
Location
Maine
im not positive but i think its masking itself as AVG toolbar search
 

Loeft1

NRU Member
Joined
15 Mar 2012
Messages
826
Points
18
Location
The Hague, The Netherlands
Had this once where it Hyjacked the computer the moment Explorer.exe was running adn then opening multiple full screen pages that couldn't be removed making it basically useless to try anything.

What I found was that safe mode with command prompt worked to keep some control and I used another computer to download a few "scanners" like malwarebytes that have programs that can run from USB. This way you can scan the computer while using an unaffected source. It did the trick for me but I would search the exact hyjack and see if they have a fix somewhere.
 

samoz83

NRU Heed
Joined
15 Mar 2012
Messages
2,329
Points
138
Ah yes spybot is good, you can also immunise the system using that too which would be good for the future
 

genozide

New Member
Joined
15 Mar 2012
Messages
492
Points
0
isn't hijackthis more of a scan, log and report tool to define the system bugs? does it actually do something about the problems too nowadays?

i recall they used it a lot to get more info from customers to be able to pinpoint the issue of a system.
 

sordids

NRU Member
Joined
15 Mar 2012
Messages
740
Points
18
Location
locked up in lakaelo shed
isn't hijackthis more of a scan, log and report tool to define the system bugs? does it actually do something about the problems too nowadays?

i recall they used it a lot to get more info from customers to be able to pinpoint the issue of a system.
Using HijackThis you can selectively remove unwanted settings and files from your computer.
 

genozide

New Member
Joined
15 Mar 2012
Messages
492
Points
0
I'm sure it find them. Was just trying to ask if hijackthis prog itself is nowadays capable of actually removing the crap?
Just that detail.