Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

> How to use the self-help guides

This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log

 
Reply to this topicStart new topic
> How to remove the Bulldog-search.com Hijacker, Self-Help Guide
Grinler
post Nov 10 2004, 01:39 PM
Post #1


Bleep Bleep!
******

Group: Admin
Posts: 31,601
Joined: 24-January 04
From: USA
Member No.: 3

This self-help guide will allow you to remove the Bulldog-search.com Hijacker




What this program does:

Hijacks your browser and Internet search to Bulldog-search.com. Downloads other spyware/malware and installs them on your computer.


Tools Needed for this fix:

Related Tutorials:

Symptoms in a HijackThis Log specific to this hijacking:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:://www.buldog-search.com/
O4 - HKCU\..\Run: [Update] C:\WINDOWS\system32\mshtm.exe


Other Symptoms in a HijackThis Log that could be related to this hijacking:

O2 - BHO: (no name) - {3E8B6658-EC3F-2497-DD75-17550D857C45} - C:\WINDOWS\System32\maphfiiw.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [xghohin] C:\WINDOWS\xghohin.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\vmware\LOCALS~1\Temp\djtopr1150.exe"
O4 - HKCU\..\Run: [Heps] C:\Documents and Settings\vmware\Application Data\ttsc.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http:://public.windupdates.com/get_file.php?bt=ie&p=573af8772d479674f757e99c0ae5a12233ff6e8485701e9af477939194d9b37b62b35362ca
e3ad71537888d0c704c9216eb9fca0:5e54bbaefd54752b21d780358bc5840b O16 - DPF: {4CED8A06-396F-764F-4CA5-3EF37DD4B2B7} - http:://69.50.177.100/1/rdgUS1332.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http:://www.mt-download.com/MediaTicketsInstaller.cab

 



Removal Instructions:
  1. Connect to the Internet and stay connected throughout this entire removal process.

  2. Download HijackThis from the above link and extract it to c:\hijackthis.

  3. Print out these instructions.

  4. Reboot your computer into Safe Mode. Instructions can be found at the link below:

    How to boot Windows into Safe Mode

  5. Close Internet Explorer and keep it closed throughout the entire removal process.

  6. Enter the control panel by clicking on the Start menu, then clicking on Run.

  7. Now type control in the Open field and press the OK button.

  8. Double-click on the Add/Remove Programs icon.

  9. Look for and uninstall the following entries if found in the Add/Remove Programs window. Do not reboot if prompted untill all of the below programs are uninstalled.

    Active alert
    ISTsvc
    Internet Optimizer
    Search Extender
    Shopping Wizard
    Sidefind
    Slotchbar
    The Bullseye Network
    Uninstall 180searchassistant
    Webrebates
    Win AdTools

    It may prompt about whether or not you are sure you want to remove this program. Always read it carefully and choose the option that states you want to remove all components of this program.

  10. Navigate to the c:\hijackthis directory and double-click on HijackThis

  11. When the program starts, double-click on the HijackThis icon and then click on the Scan button.

  12. Put a checkmark next to the following entries if they exist:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:://www.buldog-search.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:://www.buldog-search.com/
    O2 - BHO: (no name) - {3E8B6658-EC3F-2497-DD75-17550D857C45} - C:\WINDOWS\System32\maphfiiw.dll
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O4 - HKCU\..\Run: [Update] C:\WINDOWS\system32\mshtm.exe
    O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [xghohin] C:\WINDOWS\xghohin.exe
    O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\vmware\LOCALS~1\Temp\djtopr1150.exe"
    O4 - HKCU\..\Run: [Heps] C:\Documents and Settings\vmware\Application Data\ttsc.exe
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http:://public.windupdates.com/get_file.php?bt=ie&p=573af8772d479674f757e99c0ae5a12233ff6e8485701e9af477939194d9b37b62b35362ca
    e3ad71537888d0c704c9216eb9fca0:5e54bbaefd54752b21d780358bc5840b O16 - DPF: {4CED8A06-396F-764F-4CA5-3EF37DD4B2B7} - http:://69.50.177.100/1/rdgUS1332.exe
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http:://www.mt-download.com/MediaTicketsInstaller.cab
  13. Then click the Fix button
  14. Exit HijackThis.
  15. Reboot your computer
  16. Delete the following directories or files if they exist:

    C:\WINDOWS\system32\mshtm.exe
    C:\Program Files\Windows AdTools\
    C:\Program Files\Web_Rebates\
    c:\temp\salm.exe
    C:\Program Files\BullsEye Network\
    C:\WINDOWS\xghohin.exe
    C:\Program Files\Web_Rebates\
  17. Run two online virus scans:

    http://housecall.antivirus.com/
    http://www.pandasoftware.com/activescan/


Now your computer should no longer be infected with Bulldog-search.com hijacker. It may be possible that you still have some spyware or malware installed on your computer. If you feel this is the case, follow the instructions below to post a HijackThis log and someone will help you to remove the rest.

 

This is a self-help guide. Use at your own risk.



BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.

If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.


--------------------
Lawrence
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Go to the top of the page
 
+Quote Post
« Next Oldest · Spyware and Malware Removal Guides and Reading Room · Next Newest »
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Switch to: Standard · Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 21st November 2009 - 11:23 PM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.