need help

Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Sweney

Sweney

NRU Member
15 Mar 2012
845
6
28
Maine
hi guys can any of you help me. a m8 of mine is clueless when it comes to laptops and always gives it to me to clean it up this time it has browser hijacker named proxy.allsearch.com i can figure out how the hell to remove it
 
samoz83

samoz83

NRU Heed
15 Mar 2012
3,170
1,156
188
London, UK
Surprised if http://www.malwarebytes.org/ wouldn't find it (Does he have any anti-virus/malware?)

To remove manually you have to first open Task Manager and close any processes called

Code:
browserseek.exe
browserseek170.exe
browserseek.dll
allsearch.exe
allsearch.dll

Then open start and type regedit and press enter and then find and remove these registry values:
Code:
HKEY_LOCAL_MACHINESOFTWARE\ClassesBrowserSeekIEHelper.DNSGuardCLSID
HKEY_LOCAL_MACHINESOFTWARE\MicrosoftInternet ExplorerToolbar “BrowserSeek Toolbar”
HKEY_LOCAL_MACHINESOFTWARE\ClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} “BrowserSeek Toolbar”
HKEY_LOCAL_MACHINESOFTWARE\ClassesBrowserSeekIEHelper.DNSGuardCurVer
HKEY_LOCAL_MACHINESOFTWARE\ClassesBrowserSeekIEHelper.DNSGuard.1
HKEY_LOCAL_MACHINESOFTWARE\ClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 “C:PROGRA~1WINDOW~4ToolBarBrowserSeekdtx.dll”
HKEY_LOCAL_MACHINESOFTWARE\ClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID “BrowserSeekIEHelper.UrlHelper.1″
HKEY_LOCAL_MACHINESOFTWARE\ClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} “UrlHelper Class”
HKEY_LOCAL_MACHINESOFTWARE\ClassesBrowserSeekIEHelper.DNSGuard
HKEY_LOCAL_MACHINESOFTWARE\MicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7}”BrowserSeek BrowserSeek Toolbar”
HKEY_LOCAL_MACHINESOFTWARE\ClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID “BrowserSeekIEHelper.UrlHelper”

And last of all find all of these files in Windows Explorer and delete them
Code:
%AppData%BrowserSeektoolbardtx.ini%AppData%BrowserSeektoolbarguid.dat
%AppData%BrowserSeektoolbaruninstallIE.dat
%AppData%BrowserSeektoolbaruninstallStatIE.dat
%AppData%BrowserSeektoolbarcouponsmerchants2.xml
%AppData%BrowserSeektoolbarcouponsmerchants.xml
%AppData%BrowserSeektoolbarstats.dat
%AppData%BrowserSeektoolbarstat.log
%Temp%BrowserSeektoolbar-manifest.xml
%AppData%BrowserSeektoolbarcouponscategories.xml
%AppData%BrowserSeektoolbarlog.txt
%AppData%BrowserSeektoolbarpreferences.dat
%AppData%BrowserSeektoolbarversion.xml
 
Sweney

Sweney

NRU Member
15 Mar 2012
845
6
28
Maine
shit its called proxt.allsearchapp.com/app/start/

i couldnt find any of those registry entries in the reg edit
 
Psycho_Moerchen

Psycho_Moerchen

NRU Member
15 Mar 2012
664
83
28
Bad Rappenau
AW: need help

hmm he should buy or use the trial from Norton 360 and norton eraser wanna help maybe. But sam knows more and its better u follow his instructions he is smart computerfreak :D
 
samoz83

samoz83

NRU Heed
15 Mar 2012
3,170
1,156
188
London, UK
Sorry it seems the code tags stripped out some of the formatting for the reg entries, and after looking into it it seems they can be a hell of a lot of different names for this thing so it might be easier to find using these as a guide:

HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCurVer
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCLSID
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
HKCU\Software\Search Settings
HKLM\Software\Application Updater
HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
HKLM\SOFTWARE\Classes\Toolbar.CT2269050
HKLM\SOFTWARE\Classes\Toolbar.CT3072253
HKLM\Software\DVDVideoSoftTB
HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04617B4A-75B9-4A14-8354-40C81153F7B8}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C90718A-33E9-41DF-A614-4CEB407E902D}
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard.1
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerToolbar “[trojan name]”


Did Malwarebytes not work?

Were there any processes with those names in task manager?
 
Sweney

Sweney

NRU Member
15 Mar 2012
845
6
28
Maine
im not positive but i think its masking itself as AVG toolbar search
 
G

genozide

New Member
15 Mar 2012
492
0
0
Try www.trendmicro.com housecall

All trojans are a bit different so one needs to investigate the specific one to know more background details.
 
Loeft1

Loeft1

NRU Member
15 Mar 2012
825
10
18
41
The Hague, The Netherlands
Had this once where it Hyjacked the computer the moment Explorer.exe was running adn then opening multiple full screen pages that couldn't be removed making it basically useless to try anything.

What I found was that safe mode with command prompt worked to keep some control and I used another computer to download a few "scanners" like malwarebytes that have programs that can run from USB. This way you can scan the computer while using an unaffected source. It did the trick for me but I would search the exact hyjack and see if they have a fix somewhere.
 
samoz83

samoz83

NRU Heed
15 Mar 2012
3,170
1,156
188
London, UK
Ah yes spybot is good, you can also immunise the system using that too which would be good for the future
 
G

genozide

New Member
15 Mar 2012
492
0
0
isn't hijackthis more of a scan, log and report tool to define the system bugs? does it actually do something about the problems too nowadays?

i recall they used it a lot to get more info from customers to be able to pinpoint the issue of a system.
 
sordids

sordids

NRU Member
15 Mar 2012
740
1
18
locked up in lakaelo shed
isn't hijackthis more of a scan, log and report tool to define the system bugs? does it actually do something about the problems too nowadays?

i recall they used it a lot to get more info from customers to be able to pinpoint the issue of a system.

Using HijackThis you can selectively remove unwanted settings and files from your computer.
 
G

genozide

New Member
15 Mar 2012
492
0
0
I'm sure it find them. Was just trying to ask if hijackthis prog itself is nowadays capable of actually removing the crap?
Just that detail.
 

Users who are viewing this thread