Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still having problems with mywebsearch


  • Please log in to reply
9 replies to this topic

#1 pepperanneblue

pepperanneblue

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 27 December 2008 - 12:02 AM

Hello! I am new to your site and I have really no clue when it comes to how to fix my computer! I had some random pop ups that were inappropriate for children to see as soon as the computer was started three days ago. I ran a scan with Super anti-spyware and sure enough 114 items were detected. I then followed instructions to remove all items and reboot. After that happened, the same thing happened, pop up ad. I re-ran superanti-spyware and sure enough the same 114 items came up detected. At that point I ran Web root spysweeper and the only thing it detected was virtumonde. I googled help with removing virtumonde. Your website came up so I followed instructions on using Malwarebytes' Anti-malware. I ran that, several things were detected, they removed all but 4 items (they were all mywebsite). It asked to reboot to remove the final items. When it came back on, no pop ups were seen! I did disk cleanup and then started Malwarebytes' anti-spyware again and the same four items were there. I went back to the same site that also suggested Vundo fix. Nothing was detected. I ran an other Super Anti-spyware and this time 14 items came up, removed some but upon rebooting the same 14 items are still there.( All have adware.mywebsearch at the beginning of the descriptions.) I still don't know how to get rid of what is left. Can you help?!

Adware.MyWebSearch HKEY_CLASSES_ROOT\CLSID\{00a6faf6-0...
Adware.MyWebSearch HKEY_CLASSES_ROOT\CLSID\{07b18ea9-...
Adware.MyWebSearch HKEY_CLASSES_ROOT\CLSID\{07b18ea1-...
Adware.MyWebSearch HKEY_CLASSES_ROOT\CLSID\{00a6faf1-0...

On Super Anti-Spyware

14 Items
Adware.MyWebSearch
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Inprocserver32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#Threading Model
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#Threading Model

1 Item Adware.Tracking Cookie
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad.exent[1].txt

Edited by pepperanneblue, 27 December 2008 - 01:27 AM.


BC AdBot (Login to Remove)

 


#2 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 27 December 2008 - 01:02 AM

What I am going to suggest is that you run MalwareBytes AntiMalware in safe mode.
First, Restart your computer. Then, when the machine first starts again -- tap the F8 key repeatedly until you are presented with a Windows XP(or different OS) Advanced Options menu. After that, select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode.

When you log on to safe mode, preferably with an Administrator account, you can begin working a good solution. Launch the program MalwareBytes.
Click the radio "Perform Full Scan" which The full scan will analyze all hard drives specified by the user. This is the most thorough scan avaliable by MalwareBytes' Anti-Malware. When the scan finishes, make sure the log file gets saved to the desktop. Also be sure to check mark all items and remove them. Lastly, restart your computer.

#3 pepperanneblue

pepperanneblue
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 27 December 2008 - 02:38 AM

I did try but all was still there (I re -edited after your reply but then I did what you suggested!) All the listed Adware items from above are still there!

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,605 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:40 PM

Posted 27 December 2008 - 08:28 AM

MyWebSearch and MyWay are Internet Explorer toolbars often bundled with "free software" offered by third party software vendors. You can read more about it here. MyWebSearch and MyWay were pre-installed on new Dell computers starting in November 2004. Read The Pharmer In The Dell and The Dell and My Way Saga.

Dell had a link to "What is the Dell MyWay Home Page?" but it is now redirected to The "Dell My Way" Home Page. Dell now uses the "Dell Search Assistant" where they address many of the same concerns previously addressed in the redirected link.

Some anti-virus and anti-malware programs detect the toolbar as a malware threat (not-a-virus:AdTool.Win32.MyWebSearch.bc) while others (Spybot, MBAM, Ad-ware...) may remove related files. Although these types of scanning tools detect most of the related files/registry entries, remnants may still be found from time to time during subsequent scans. If that's all you are dealing with, then I wouldn't be too concerned.

If you are using a Dell Computer, please see Dell's "My Way Search Assistant removal instructions" or try using MS-MVP Kelly Theriot's MyWaySearchAssistant removal instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 pepperanneblue

pepperanneblue
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 28 December 2008 - 12:42 PM

Thank you for your help. The my web search is off now. I have discovered Trojans, so I will research that and get back with an update.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,605 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:40 PM

Posted 28 December 2008 - 03:53 PM

What program is alerting you to Trojans?
Did it provide a specific file name associated with this malware threat(s) and if so, where is it located (full file path) at on your system?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 pepperanneblue

pepperanneblue
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 28 December 2008 - 08:06 PM

Avg Anti-virus program, at this time still running scan and says I have 97000 and counting gives file name
starts with C:\Users\Owner\Searched a lot of things children shouldn't see... Trojan horse Downloader.Generic_c.AGS

I am really sorry, is this what you mean? I reallly don't know anything about computers!

Thank you for all your quick replies!

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,605 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:40 PM

Posted 29 December 2008 - 04:21 AM

Did AVG create a log file that you can post?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 pepperanneblue

pepperanneblue
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 03 January 2009 - 02:29 PM

we've wiped everything out and started over. thank you for your help. now I have another question: what, in plain english, is a clsid? is it something I should allow or not allow?

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,605 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:40 PM

Posted 03 January 2009 - 05:39 PM

What is a CLSID?

A Class ID (CLSID) is a 128 bit (large) number that represents a unique id for a software application or application component. Typically they are displayed like this "{AE7AB96B-FF5E-4dce-801E-14DF2C4CD681}"...CLSIDs are used by Windows to identify software components without having to know their "name". They can also be used by software applications to identify a computer, file or other item.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users