Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Continuously Reboots (SearchAssist?)


  • Please log in to reply
5 replies to this topic

#1 Vectorbeam

Vectorbeam

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 21 April 2010 - 10:55 AM

I have a couple PCs with Win XP Pro that are infected with something.... I get a DCOM Authority forcing a 60 second reboot the minute you log in, and if I go into safe mode, the reboot doesn't get forced, but I do notice a program called 'SearchAssist' in Add/Remove programs that is the only thing that seems out of place. If you try to uninstall it, it errors out that it can't uninstall it, but asks if you would like to have the entry removed from add/remove programs..

Is there something I can provide to help pinpoint this?
Pete

Edited by Orange Blossom, 21 April 2010 - 06:48 PM.
Move to AII as no logs posted. ~ OB


BC AdBot (Login to Remove)

 


#2 Vectorbeam

Vectorbeam
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 21 April 2010 - 01:10 PM

FYI, it may have nothing to do with SearchAssist..... McAfee is having problem with 5958 causing svchost.exe to get killed off... see their site for the extra.dat update.

#3 Vectorbeam

Vectorbeam
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 21 April 2010 - 03:23 PM

Yes, it's fixed now with 5959... thanks to our friends at Mcafee the svchost.exe is toast and has to be copied back from working windows sp3 machines, after either the extra.dat is updated, or the superdat for 5959 is run. Good luck copying those files with all the services shut down, too!

#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:07:34 PM

Posted 21 April 2010 - 08:17 PM

I suppose you mean the "issue" with svchost.exe is "toast"...not the file itself, as it is a necessary and vital Windows core file. McAfee removing it as a false positive explains pretty well why the reboot loop.

To address your question regarding "SearchAssist"...From your description of events, it sounds like you may have tried while in safe mode to uninstall "SearchAssist". Although there are registry tweaks you can perform that would allow this, normally a user would not have access to the windows installer file in safe mode to either install or uninstall.

This may explain your inability to uninstall in safe mode...on the other hand, it also sounds like the program is already gone. If Windows advised that it appears the program is not installed and asks if you want to remove it from add/remove programs listing then it is quite possible you either already removed it or perhaps some security application you have may have done so.

Quite often, authors of "not so good" software, such as SearchAssist, don't really take the time to write an excellent piece of work. As such, when trying to uninstall these programs one finds remnants left behind. You can verify this by navigating the program files tree.

Click start-->All Programs...do you see it there? If not, scroll up to Accessories-->Windows Explorer. From there, click My Computer-->your local drive where windows resides-->Program Files. When the Program Files folder opens, look down the list of installed programs for a folder with that program name. If it is there, Click on the folder then look to the right pane. Post back to let us know what is inside that folder. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 Vectorbeam

Vectorbeam
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 22 April 2010 - 07:30 AM

Yeah, pretty much once Mcafee touched the svchost the only way to get it back was to restore it from the quarantine (which we don't use) or copy it from a working machine.

SearchAssist wouldn't uninstall in any mode...I still don't know the origins of this app, and don't see any details on who made it, where it was installed, see any shortcuts, etc...

Just interesting it was on both machines...will have to keep an eye out for it...

Pete

#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:07:34 PM

Posted 22 April 2010 - 10:28 AM

There are many varieties of search engine "assistants", most of which are both unwanted and malicious. You can perform a search Here using search terms "SearchAssist" or "Search Assist" and you will find quite a few. Some have removal instructions, some don't. In any case, if you find software installed on your system(s) that you know with certainty you did not install, the chances are pretty good you have downloaded some other malicious program that will bring it's friends along for the ride. We call these malicious programs "trojans".

It would be in your best interest to read through This Forum Sticky Note and do what it says, then post the requested logs in a new thread YOU create, Here.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users