Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Powered by Ask


  • Please log in to reply
9 replies to this topic

#1 foghlaim

foghlaim

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 31 December 2008 - 02:10 AM

Has anyone been afflicted by this pesky IE7 search engine hijack?
It doesn't seem to be malicious, but who knows - it arrived by devious means! :thumbsup: Would appreciate some help or from anyone who has figured out how to remove it yet, beyond the normal settings and configuration checks. Ask returns as default on reboot.

I am using Vista OS.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:16 AM

Posted 31 December 2008 - 09:31 PM

Hello,

I'm shifting this to the Am I Infected forum because you haven't posted any logs.

Did you install any software shortly before you began experiencing these issues? If so, what were they? It's possible that something like the Ask toolbar was installed along with one of those programs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:16 AM

Posted 31 December 2008 - 10:21 PM

http://www.benedelman.org/spyware/ask-toolbars/

Ask has a long shady history

Toolbars are really getting to be a PITA

http://www.bleepingcomputer.com/forums/ind...t&p=1069319

Let's see if MBAM finds anything fishy
Chewy

No. Try not. Do... or do not. There is no try.

#4 foghlaim

foghlaim
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 01 January 2009 - 12:01 AM

Orange Blossom, thanks. Yep, I think that it originated with either Webshots upgrade or Smart Draw softwares.

DaChew, I have run MBAM - zero infections detected here. Norton 360 deep system scan detected nothing also. Hmmm

HJT log, incomplete at that, removed so discussion can continue in this forum. ~ OB

Edited by Orange Blossom, 01 January 2009 - 03:09 PM.


#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:16 AM

Posted 01 January 2009 - 12:33 AM

Google says uninstall webshots
Chewy

No. Try not. Do... or do not. There is no try.

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:16 AM

Posted 01 January 2009 - 03:47 PM

An example is shown below

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DVD Flick\dvdflick.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DVD Flick\bin\ffmpeg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


the running processes or top half of a HJT log or under misc tools section, startup list might have given us more clues

Since MBAM and Norton's both couldn't find malware
Chewy

No. Try not. Do... or do not. There is no try.

#7 foghlaim

foghlaim
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 05 January 2009 - 12:00 AM

Thanks. Didn't see anything strange, ...

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\FaxTalk Communicator\FTCtrl32.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:16 AM

Posted 05 January 2009 - 08:14 PM

In order to get rid of Askbar in your case, I think your best bet is to uninstall webshots.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 foghlaim

foghlaim
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 07 January 2009 - 12:50 AM

I have disabled the webshots program on startup and the Ask search hijack seems to have been eliminated also.

Thanks for you interest and help!

#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:16 AM

Posted 07 January 2009 - 01:15 AM

Google says uninstall webshots


google is our friend, I would look for a replacement for webshots
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users