Malware and Virus RemovalProblems removing malware/viruses? Get help from our Malware removal experts.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
spyware loading in advanced search page of google web page
Every time I load Googles "advanced search" page the phrase "www
isabella image411 com" automatically loads in the "exact phrase"
field of the page.
I remove it, but it continually returns every time I load the Google
advanced search page.
I sent a message to Google Help, and I was told that it was probably
spyware and the suggestion was to use ad-aware, cw shredder, etc. I
already use Ad Aware, did down load CW Shredder and ran it.
Neither ad-aware or cwshredder removed this spyware.
Computer is DEll Inspiron 8200, XP Home SP2, IE 6
Are there any suggestions.
Thanks for your help.
Didn't find the information you thought to find? Check out these Similar Threads
Download HijackThis to a folder of it's own - unzip and run. After the scan, click the save scan button, the saved scan will be in the same folder - then copy & paste it into your next post.
Logfile of HijackThis v1.98.2
Scan saved at 5:58:29 PM, on 9/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Judy - that looks sorta like it was run from safe mode. Not enough stuff running.
What version of Ad-aware and what date on the ref file?
Also I suggest you get Spybot v1.3 (scan/removal app similar to Ad-aware but with some additional features and works well with Ad-aware) and Spywareblaster (passive - just update and tell it to immunize). Quicklinks in my signature has sites to download each of them.
Try turning off PurgeIE for right now and with the computer running in normal mode, surf to the site that is giving you problems, close all open windows, run HJT again, and post a new log.
When you suggest I go to the site that is giving me trouble, then close all windows, do you mean leave the troubled window site open? ie: IE6. Do you want me to leave that open?
I did close all the windows before, and was not running PurgeIE. The short cut is on my desk top. Should I remove it from the process list in the task manager? CPU usage is 00.
Ad-aware SE Plus build 1.05. What do you mean by ref file? Last scan was 9/26.
I have used SpyBot in the past, and some of the "fixes" did damage to my csystem. ( Did see others say the same thing)
I will get Spywareblaster.
Thanks and I appreciate your answers to the questions above.
Judy--I am no expert, but I think you can safely remove
O16 DPF 94B82441-A413-4E43-8422-D49930E69764
Reboot and then see if things are fixed.
Newt--I agree, one very lean HiJackThis (not AdAware) scan, but it has everything you need.
Judy - my bad. I should have explained several of my comments before you had to ask. Just got in a hurry.
You had way fewer running processes than we normally see. Nothing wrong with that and it should give you a system that runs well but once in a while we see a HJT scan run from safe mode so lots of the things that need to be removed don't show since they don't start in that mode. Just checking.
The suggestion for shutting off PurgeIE for the moment was just in case it was being too efficient and blocking some things in the background that needed removing.
With programs like Ad-aware you have two version items that are important. The main application version (and yours is the latest) and the list of critters it looks for (from the ref file it is using). If you check for updates, it will find a newer one if it exists and you can update. The version you have will be listed like the top line in the first picture here.
I have occasionally heard from others on the forum that Spybot broke something - not recently though. Haven't seen it on any of my PCs but I may not be running whatever program(s) it is breaking. I like the extra protection well enough that if it did happen to break something, I'd figure out a way to exclude that particular program so I could continue to run Spybot.
Judy - run a scan with hijackthis. When it finishes you will have a window listing all the items it found. Place a check mark in the block to the left of the one Lonny indicated then click the button to 'fix checked'. The entry will be cleanly removed from your registry.
This sounds like it is in Auto Complete, have you tried clearing that out? Internet Options, click on the Content tab, click on AutoComplete button, then click on the Clear Forms button.
Mark may have the answer there, but should the problem persist, I wonder if it started after installing and/or using Purge IE?? Did you by chance clear the index.dat files with it? Thinking that one or more may have been mishandled/corrupted by the program and if using the Emergency function for deleting "Corrupted Cache" might solve the problem. Another option here would be to download and install RegSeeker, open and click the histories button, then check for IE URLs and IE history cache cookies. If deleting what is found there doesn't help, use the find in registry function to search for the URL.
I did clear out autocomplete, and also removed the "advanced" link from my link folder.
I had previously un-installed the Google tool bar, but now did install again to see if it will work OK. Now testing this to see if using the google home page and tool bar to be sure this problem does not appear again.
Noahdfear, I do use all the features of PurgeIE including the the emergency function for deleting corrupted cache. I don't remember when the spyware started in relation to using PurgeIE. PurgeIE is an excellent program.
Also, a question for you. What does RegSeeker do that Registry First Aid does not do that is published by this Windows BBS Rose Software ??
