Search Problem

TheMSsForum.com: The Microsoft Software Forum

I had deleted them several times in adware and they keep
returning. one is HKEY_current_user the other is
HKEY_local_machine
Top

RE: Search Problem by stevedod

stevedod
Wed Aug 04 12:12:34 CDT 2004

What is the spyware program saying? HKLM and HKCU are valid reg hives and
cannt be deleted. If it is located in another location, then what is adware
stating the issue is? I am just wondering what the spyware application is
reporting.

Thanks!

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
--------------------
>Content-Class: urn:content-classes:message
>From: "Crazy" <anonymous@discussions.microsoft.com>
>Sender: "Crazy" <anonymous@discussions.microsoft.com>
>Subject: Search Problem
>Date: Wed, 4 Aug 2004 04:34:18 -0700
>Lines: 3
>Message-ID: <c21401c47a16$fa7223f0$a501280a@phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Thread-Index: AcR6FvpyrPeroCYARTOUUIFvRoTXMQ==
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Newsgroups: microsoft.public.security
>NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: cpmsftngxa10.phx.gbl microsoft.public.security:60334
>X-Tomcat-NG: microsoft.public.security
>
>I had deleted them several times in adware and they keep
>returning. one is HKEY_current_user the other is
>HKEY_local_machine
>

Top

RE: Search Problem by Crazy

Crazy
Wed Aug 04 15:09:56 CDT 2004

I am using Ad-aware Personal Build 6.181. The two items
come up as follows:

1 -- Possible browser hijack attempt
Type: Data
Data: "http://www.websearch.com/ie.aspx?tb_id=50038
Rootkey: HKEY_CURRENT_USER
Object: Software\Microsoft\Internet Explorer\Main
Value: Search Bar
Data: "http://www.websearch.com/ie.aspx?tb_id=50038

2 -- Possible browser hijack attempt
Type: Data
Data: "http://www.websearch.com/ie.aspx?tb_id=50038
Rootkey: HKEY_LOCAL_MACHINE
Object: Software\Microsoft\Internet Explorer\Main
Value: Search Assistant
Data: "http://www.websearch.com/ie.aspx?tb_id=50038

Thanks in advance for any help.

Crazy


>-----Original Message-----
>What is the spyware program saying? HKLM and HKCU are
valid reg hives and
>cannt be deleted. If it is located in another location,
then what is adware
>stating the issue is? I am just wondering what the
spyware application is
>reporting.
>
>Thanks!
>
>Steve Dodson [MSFT]
>MCSE, CISSP
>PSS Security
>
>--
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>Use of included script samples are subject to the terms
specified at
>http://www.microsoft.com/info/cpyright.htm
>
>Note: For the benefit of the community-at-large, all
responses to this
>message are best directed to the newsgroup/thread from
which they
>originated.
>--------------------
>>Content-Class: urn:content-classes:message
>>From: "Crazy" <anonymous@discussions.microsoft.com>
>>Sender: "Crazy" <anonymous@discussions.microsoft.com>
>>Subject: Search Problem
>>Date: Wed, 4 Aug 2004 04:34:18 -0700
>>Lines: 3
>>Message-ID: <c21401c47a16$fa7223f0$a501280a@phx.gbl>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="iso-8859-1"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>Thread-Index: AcR6FvpyrPeroCYARTOUUIFvRoTXMQ==
>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>Newsgroups: microsoft.public.security
>>NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
>>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!
TK2MSFTNGXA03.phx.gbl
>>Xref: cpmsftngxa10.phx.gbl
microsoft.public.security:60334
>>X-Tomcat-NG: microsoft.public.security
>>
>>I had deleted them several times in adware and they
keep
>>returning. one is HKEY_current_user the other is
>>HKEY_local_machine
>>
>
>.
>
Top

Re: Search Problem by Tom

Tom
Thu Aug 05 08:11:18 CDT 2004

http://www.securemost.com/articles/trou_3_remove_websearch_toolbar.htm

Tom
"Crazy" <anonymous@discussions.microsoft.com> wrote in message
news:008a01c47a5f$03426060$a301280a@phx.gbl...
| I am using Ad-aware Personal Build 6.181. The two items
| come up as follows:
|
| 1 -- Possible browser hijack attempt
| Type: Data
| Data: "http://www.websearch.com/ie.aspx?tb_id=50038
| Rootkey: HKEY_CURRENT_USER
| Object: Software\Microsoft\Internet Explorer\Main
| Value: Search Bar
| Data: "http://www.websearch.com/ie.aspx?tb_id=50038
|
| 2 -- Possible browser hijack attempt
| Type: Data
| Data: "http://www.websearch.com/ie.aspx?tb_id=50038
| Rootkey: HKEY_LOCAL_MACHINE
| Object: Software\Microsoft\Internet Explorer\Main
| Value: Search Assistant
| Data: "http://www.websearch.com/ie.aspx?tb_id=50038
|
| Thanks in advance for any help.
|
| Crazy
|
|
| >-----Original Message-----
| >What is the spyware program saying? HKLM and HKCU are
| valid reg hives and
| >cannt be deleted. If it is located in another location,
| then what is adware
| >stating the issue is? I am just wondering what the
| spyware application is
| >reporting.
| >
| >Thanks!
| >
| >Steve Dodson [MSFT]
| >MCSE, CISSP
| >PSS Security
| >
| >--
| >
| >This posting is provided "AS IS" with no warranties, and
| confers no rights.
| >Use of included script samples are subject to the terms
| specified at
| >http://www.microsoft.com/info/cpyright.htm
| >
| >Note: For the benefit of the community-at-large, all
| responses to this
| >message are best directed to the newsgroup/thread from
| which they
| >originated.
| >--------------------
| >>Content-Class: urn:content-classes:message
| >>From: "Crazy" <anonymous@discussions.microsoft.com>
| >>Sender: "Crazy" <anonymous@discussions.microsoft.com>
| >>Subject: Search Problem
| >>Date: Wed, 4 Aug 2004 04:34:18 -0700
| >>Lines: 3
| >>Message-ID: <c21401c47a16$fa7223f0$a501280a@phx.gbl>
| >>MIME-Version: 1.0
| >>Content-Type: text/plain;
| >> charset="iso-8859-1"
| >>Content-Transfer-Encoding: 7bit
| >>X-Newsreader: Microsoft CDO for Windows 2000
| >>Thread-Index: AcR6FvpyrPeroCYARTOUUIFvRoTXMQ==
| >>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| >>Newsgroups: microsoft.public.security
| >>NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
| >>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!
| TK2MSFTNGXA03.phx.gbl
| >>Xref: cpmsftngxa10.phx.gbl
| microsoft.public.security:60334
| >>X-Tomcat-NG: microsoft.public.security
| >>
| >>I had deleted them several times in adware and they
| keep
| >>returning. one is HKEY_current_user the other is
| >>HKEY_local_machine
| >>
| >
| >.
| >


Top