How To Remove The Search-paga.com / Xp

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Spyware and Malware Removal Guides and Reading Room

How to use the self-help guides

This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log

How To Remove The Search-paga.com / Xp_system, Self-Help Guide

Options

Grinler View Member Profile	Mar 9 2005, 04:05 PM Post #1
Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3	How to remove the Search-paga.com / xp_system Adware What this program does: Delivers popups to your computer and hijacks Internet Explorer to www.search-paga.com. Tools Needed for this fix: HijackThis Related Tutorials: How to use HijackThis to remove Browser Hijackers & Spyware Symptoms in a HijackThis Log (Maybe different entries but will contain the same domains and hostnames): R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:://www.search-paga.com/10039/ F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inetdata\2.00.00.dll O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe O16 - DPF: {430BF633-8D63-4891-E908-34D11DB86CE4} - http:://69.50.182.94/1/rdgUS994.exe Removal Instructions: Download HijackThis from the above link and extract it to c:\hijackthis. Print out these instructions. Close Internet Explorer and keep it closed throughout the entire removal process. Navigate to the c:\hijackthis directory and double-click on HijackThis When the program starts, click on the None of the above, just start the program button. Then click on the Config button, followed by the Misc Tools button, and finally the Open Process Manager button. When the Process Manager opens up, look for any processes that are located in c:\windows\inetdata or c:\winnt\inetdata. Click once on the process that starts with that path, and press the Kill Process button. If there are more than one process running with that path, then while holding down the control key on your keyboard, click on each of these processes until all the ones that we need to end are all highlighted. Then proceed with clicking on the Kill Process button. Put a checkmark next to the following entries if they exist: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:://www.search-paga.com/10039/ F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inetdata\2.00.00.dll O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe O16 - DPF: {430BF633-8D63-4891-E908-34D11DB86CE4} - http:://69.50.182.94/1/rdgUS994.exe Then click the Fix button Exit HijackThis. Reboot your computer Delete the following directories if they exist (substituting c:\windows for yourWindows directory): c:\windows\inetdata\services.exe c:\windows\inetdata\explorer.exe c:\windows\inetdata\winlogon.exe c:\windows\inetdata\2.00.00.dll c:\windows\inetdata\cron.ini c:\windows\inetdata c:\windows\\tasks\sa.dat Reboot your computer If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore Windows XP System Restore Guide Follow the steps found in this tutorial: Simple and easy ways to keep your computer safe and secure on the Internet Now your computer should no longer be infected with Search-paga.com Adware. It may be possible that you still have some spyware or malware installed on your computer. If you feel this is the case, follow the instructions below to post a HijackThis log and someone will help you to remove the rest. This is a self-help guide. Use at your own risk. BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum. If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you. -------------------- Lawrence

« Next Oldest · Spyware and Malware Removal Guides and Reading Room · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th January 2009 - 06:30 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides