How do I get rid of this pass through crap?

Discussion in 'Spyware' started by Randi, May 15, 2004.

  1. Randi

    Randi Guest

    Hi all,
    When ever I go to my home page, I first am redirected to this passthrough
    crap.
    http://allaboutsearching.com/passthrough/index.html?http://www.msn.com/. I
    have tried adaware and just about everything to get rid of it. Any ideas.

    Thanks,
    Kelsey
     
    Randi, May 15, 2004
    #1
    1. Advertisements

  2. Randi

    Jim Byrd Guest

    Hi Randi - Sounds like this might be a variant of some malware called
    CoolWebSearch (if not, then see AdAware, SpyBot, and HijackThis, below). Do
    the following:

    Download, UPDATE before running, and run:
    http://209.133.47.200/~merijn/files/CWShredder.exe to remove the parasite.
    Be sure to close all instances of IE and OE. You may also get it here if
    that link is blocked: http://www.zerosrealm.com/downloads/CWShredder.zip

    You will need to disable System Restore and then reboot your system
    in order to clear the CWS garbage from the backups. After rebooting, then
    re-enable System Restore.

    The following link gives instructions on how to disable it:
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam&docid=2001012513122239&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=



    Then download and run:
    http://www.kellys-korner-xp.com/regs_edits/iegentabs.reg to restore your
    tabs and remove any restrictions that the parasite has put in place.

    Be sure that you also download and install hotfix Q816093, here:

    http://support.microsoft.com/?kbid=816093

    which blocks the exploit upon which this parasite family depends.

    Now download and run:
    http://www.kellys-korner-xp.com/regs_edits/RestoreSearch2.REG to restore
    your search functions.


    However, this also indicates that you may have acquired some other malware
    along the way. If you go to this page at Jim Eshelman's site, here:
    http://aumha.org/a/noads.htm and wait a little bit (be patient), an analysis
    of a number of possible parasites on your machine will be made to help you
    identify and remove them. NOTE: You will need to disable Ad Blocking in Zone
    Alarm 3.x, if present or any other Ad Blocking software which interferes
    with Java Scripting for this scan to work. You should get a message between
    the two lines of **** giving the results of the scan.

    Get Ad-Aware 6.0, Build 181 or later, here:
    http://www.lavasoftusa.com/support/download/. UPDATE and run this regularly
    to get rid of most "spyware/hijackware" on your machine. If it has to fix
    things, be sure to re-boot and rerun AdAware again and repeat this cycle
    until you get a clean scan. The reason is that it may have to remove
    things which are currently "in use" before it can then clean up others.

    Another excellent program for this purpose is SpyBot Search and Destroy
    available here: http://security.kolla.de/ SpyBot Support Forum here:
    http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
    using both normally. After UPDATING and fixing things with SpyBot S&D, be
    sure to re-boot and rerun SpyBot again and repeat this cycle until you get a
    clean "no red" scan. The reason is that SpyBot sometimes has to remove
    things which are currently "in use" before it can then clean up others.

    Note that sometimes you need to make a judgement call about what these
    programs report as spyware. See here, for example:
    http://www.imilly.com/alexa.htm



    If they don't fix it then start here:

    Download HijackThis, free, here:
    http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
    fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
    You may also get it here if that link is blocked:
    http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

    Unzip it to any convenient folder, start it then press Scan. Click on
    SaveLog when it's finished which will create hijackthis.log. Now click the
    Config button, then Misc Tools and click on Generate StartupList.log which
    will create Startuplist.txt

    Then go to one of the following forums:

    Spyware and Hijackware Removal Support, here:
    http://216.180.233.162/~swicom/forums/

    or Net-Integration here:
    http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?s=d3c2c886d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

    or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

    Sign in, then copy and paste both files into a message asking for
    assistance, Someone will answer with detailed instructions for the removal
    of your parasite(s).




    Once you get this cleaned up, you might want to consider installing the
    SpywareBlaster and SpywareGuard here to help prevent this kind of thing from
    happening in the future:

    http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
    X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
    memory load - but keep it UPDATED) The latest version as of this writing
    will prevent installation or prevent the malware from running if it is
    already installed, and it provides information and fixit-links for a variety
    of parasites.

    http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
    install malware) Keep it UPDATED. Both Very Highly Recommended


    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In
     
    Jim Byrd, May 15, 2004
    #2
    1. Advertisements

  3. Randi

    Tim Weaver Guest

    Bottom of the page:
    http://forums.net-integration.net/index.php?showtopic=13744&hl=look2me
     
    Tim Weaver, May 15, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.