Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HOW TO REMOVE TENCENT SOSO SEARCH PROVIDER FROM IE8 AND ADD GOOGLE SEARCH


  • This topic is locked This topic is locked
6 replies to this topic

#1 minakochen926

minakochen926

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 01 February 2012 - 10:13 AM

Hi Experts,

Need help as per above topic

I believe the TENCENT SOSO search provider was downloaded together with the QVOD PLAYER (P2P from China) even I have unchecked it. The TENCENT SOSO search provider was set as default search in my ie8 no matter how many times I tried to remove it

My laptop system information:

OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name ELLE
System Manufacturer Dell Computer Corporation
System Model Inspiron 600m
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 6 GenuineIntel ~1495 Mhz
BIOS Version/Date Dell Computer Corporation A17, 6/29/2005
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale People's Republic of China
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name ELLE\elle kuek
Time Zone Malay Peninsula Standard Time
Total Physical Memory 512.00 MB
Available Physical Memory 179.62 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.22 GB
Page File C:\pagefile.sys



I have tried the following:

I have deleted the folder TENCENT directly from drive C -> PROGRAM AND FILES -> TENCENT

I go to ie8 -> tools -> internet option -> general -> change search default -> setting -> remove, but I when I open a new ie, it is still the default search

then I go to ie8 -> tools -> internet option -> advanced -> reset internet explorer setting -> reset, after reset, I reboot my laptop and open a new ie, the TENCENT SOSO still the default search provider

I have also scanned MBAM & SUPERAntiSpyware FREE EDITION in safe mode and the log files as per following

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.01.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
elle kuek :: ELLE [administrator]

2/1/2012 3:48:20 PM
mbam-log-2012-02-01 (15-48-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 189324
Time elapsed: 40 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

***************************************************************

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/01/2012 at 06:32 PM

Application Version : 5.0.1142

Core Rules Database Version : 8187
Trace Rules Database Version: 5999

Scan type : Complete Scan
Total Scan Time : 00:44:18

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 449
Memory threats detected : 0
Registry items scanned : 24014
Registry threats detected : 0
File items scanned : 24422
File threats detected : 13

Adware.Tracking Cookie
C:\Documents and Settings\elle kuek\Cookies\3ZDFNVUR.txt [ /ad.yieldmanager.com ]

Adware.Qvod
C:\PROGRAM FILES\QVODPLAYER\QVODNET.DLL
C:\PROGRAM FILES\QVODPLAYER\CODECS\QVODPOSTVIDEO.AX
C:\PROGRAM FILES\QVODPLAYER\CODECS\QVODSOURCE.DLL
C:\PROGRAM FILES\QVODPLAYER\NETAGENT.DLL
C:\PROGRAM FILES\QVODPLAYER\QVODDAILY.EXE
C:\PROGRAM FILES\QVODPLAYER\QVODPLAYMEDIA.DLL
C:\PROGRAM FILES\QVODPLAYER\QVODUNINST.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D11F8FDA-C310-47A6-86AF-833F738E324C}\RP440\A0082352.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D11F8FDA-C310-47A6-86AF-833F738E324C}\RP440\A0082353.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D11F8FDA-C310-47A6-86AF-833F738E324C}\RP440\A0082354.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D11F8FDA-C310-47A6-86AF-833F738E324C}\RP440\A0082355.EXE
C:\WINDOWS\Prefetch\QVODDAILY.EXE-29BC7E78.pf


I have quarantined & removed all the infected files that found through SUPERAntiSpyware but when I open a new ie, the TENCENT SOSO still the default search provider. After removed the quarantined files, my QVOD PLAYER was missing. So I reinstalled it.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:21 AM

Posted 01 February 2012 - 12:17 PM

Open IE, go Tools>Internet options>Advanced tab and click "Reset" button.
Restart IE.
Same issue?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 minakochen926

minakochen926
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 05 February 2012 - 07:14 AM

Hi Broni,

I have tried this.... as mentioned in my post... not working at all...
the same search provider appear and I cant add google as search provider

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:21 AM

Posted 05 February 2012 - 11:40 AM

Hello we will need a deeper look to see what files are left.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 minakochen926

minakochen926
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 07 February 2012 - 02:36 AM

Hi BOOPME,

refer below

Edited by minakochen926, 07 February 2012 - 03:06 AM.


#6 minakochen926

minakochen926
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 07 February 2012 - 03:05 AM

Hi BOOPME,

I have done steps 6-9 but there is some problem with step 6 (Disable your CD Emulation Software) and step 7 (Download and Run DDS which will create a log of programs running on your computer)

Start with step 6 to disable CD Emulation:

I have downloaded DeFogger to my desktop, double click to run the application then click the Disable button to disable the CD Emulation drivers. Then it prompts to ask me whether or not to continue, I click on the Yes button to continue. Then I see a Finished! message so I click on the OK button to exit the program. After I click on the OK button, the program did not exit and the DeFogger did not prompt OK button to ask me to reboot the laptop. So I just click on the x button to exit the program. Then, I reboot the laptop

After I reboot, I can see a notepad display on the desktop with the file name: defogger_disable. The following are the sentences display in the notepad after I double click to open it:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:18 on 07/02/2012 (elle kuek)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


Continue with step 7 to run DDS:

I downloaded DDS to my desktop and double click to run the application. A small black DDS window pop out. Then the avast antivirus in my laptop prompt to ask me to run the application in avast sandbox; so I choose to run normal and click on the OK button. The DDS window displays all the sentences as shown in the figure below except the last sentence: We only require it to run just once. Dispose after use

Posted Image

Then the black window start to display # one by one. After few minutes, it becomes ############################### slowly in the black window and my laptop just hang there even the CPU usage is 1%. I waited for an hour but the laptop just hang there. I reboot the laptop and continue with the step 8 and step 9.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:21 AM

Posted 07 February 2012 - 09:57 AM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 5 days and ALL logs are answered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users