How do I get rid of this?

AdAware picks this up everytime I scan.  Should I be worried?  If so, how
can I block it?

Vendor:Possible Browser Hijack attempt
Category:Data Miner
Object Type:RegData
Size:-
Location:...\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites
"ie.search.msn.com" ()
Last Activity:8-20-2003
Risk LevelLow
Comment:
Description:Possible attempt to control\redirect the browser. This object
referrs to a "blacklisted" site.

TIA
Tom
0
Tom
8/20/2003 8:01:00 PM
grc.privacy 4590 articles. 0 followers. Follow

7 Replies
515 Views

Similar Articles

[PageSpeed] 25

I run this app. after done I know it that was false positive from
SD{{{SMILE}}}
Here we go: http://www.spywareinfo.com/~merijn/cwschronicles.html
Please let us know your result!!! TIA.

--
Regard: Joh@nnes
1216771 Ont.Inc.
"If U know neither the enemy nor yourself,U will succumb in every battle"
0
Johannes
8/20/2003 9:02:00 PM
> Here we go: http://www.spywareinfo.com/~merijn/cwschronicles.html
> Please let us know your result!!! TIA.
Here's the results...

Logfile of HijackThis v1.96.0
Scan saved at 5:17:14 PM, on 8/20/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINNT\system32\dns\bin\named.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\Outpost Firewall\outpost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\CA\eTrust Antivirus\realmon.exe
C:\WINNT\system32\BOClean.exe
C:\DvzMsgr.exe
C:\Program Files\Prox 4.5\Proxomitron.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Documents and Settings\Administrator\Start
Menu\Programs\Startup\ietsr.exe
C:\PROGRA~1\NSClean\BOClean\BOCSEC.EXE
C:\Documents and Settings\Administrator\Desktop\Temp Hold- Desktop\Register
Cleaners\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
file://C:\SEARCH.HTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
file://C:\SEARCH.HTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
file://C:\SEARCH.HTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
file://c:\search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
file://C:\SEARCH.HTM
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
file://C:\SEARCH.HTM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer =
ftp=localhost:8080;http=localhost:8080;https=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\eTrust
Antivirus\realmon.exe -s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BOCleanautostart] BOClean.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\Outpost
Firewall\outpost.exe /waitservice
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: ietsr.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\DvzMsgr.exe
O4 - Global Startup: Prox 4.5.lnk = C:\Program Files\Prox
4.5\Proxomitron.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B470AE45-1F41-4B76-B81C-97E241240FAF}:
NameServer = 127.0.0.1,205.152.144.235,205.152.132.235
O17 -
HKLM\System\CS1\Services\Tcpip\..\{B470AE45-1F41-4B76-B81C-97E241240FAF}:
NameServer = 127.0.0.1,205.152.144.235,205.152.132.235
O17 -
HKLM\System\CS2\Services\Tcpip\..\{B470AE45-1F41-4B76-B81C-97E241240FAF}:
NameServer = 127.0.0.1,205.152.144.235,205.152.132.235
0
Tom
8/20/2003 9:19:00 PM
WoW is that the result after you run: CWShredder.zip from LINK above???
This morning result from my machine:
-0 Registry Values Were Killed
-Hostfile was o.k.
-Bootconf.exe was not present
-Trusted Zone was cleaned
-User Style Sheet was o.k.
-OEMSys pnp.inf was not present
-SVChost32.exe was not present
-Msspi.dll Winsock was not present
This result from CWShredder v.1.08.1

--
Regard: Joh@nnes
1216771 Ont.Inc.
"If U know neither the enemy nor yourself,U will succumb in every battle"
0
Johannes
8/20/2003 9:49:00 PM
I renamed it to ie.search.msn.compote
John

"Tom" <alias@hidden.now> wrote in message news:bi0k38$h29$1@news.grc.com...
> AdAware picks this up everytime I scan.  Should I be worried?  If so, how
> can I block it?
> Location:...\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites
> "ie.search.msn.com" ()
0
John
8/20/2003 10:29:00 PM
"Johannes Niebach" <sniebach@sprint.ca> wrote in message
news:bi0qiv$mqp$1@news.grc.com...
> WoW is that the result after you run: CWShredder.zip from LINK above???
> This morning result from my machine:
> -0 Registry Values Were Killed
> -Hostfile was o.k.
> -Bootconf.exe was not present
> -Trusted Zone was cleaned
> -User Style Sheet was o.k.
> -OEMSys pnp.inf was not present
> -SVChost32.exe was not present
> -Msspi.dll Winsock was not present
> This result from CWShredder v.1.08.1

No... that was the result from Hijack This.
0
Tom
8/20/2003 11:29:00 PM
"Johannes Niebach" wrote
> This morning result from my machine:
> -0 Registry Values Were Killed
> -Hostfile was o.k.
> -Bootconf.exe was not present
> -Trusted Zone was cleaned
> -User Style Sheet was o.k.
> -OEMSys pnp.inf was not present
> -SVChost32.exe was not present
> -Msspi.dll Winsock was not present

I got
- 0 registry values were killed
- Hostsfile was OK
- Bootconf.exe was not present
- Trusted Zone was OK
- User stylesheet was OK
- Oemsyspnp.inf was not present
- Svchost32.exe was not present
- Msspi.dll Winsock hook was not present

the only difference was in my trusted zone having no sites removed or added
0
mgwmp
8/21/2003 5:01:00 PM
Your looks all intact, in my case there was some "dirty_dancing" to be
cleaned<<<GRIN>>>

--
Regard: Joh@nnes
1216771 Ont.Inc.
"If U know neither the enemy nor yourself,U will succumb in every battle"
0
Johannes
8/21/2003 5:09:00 PM
Reply:

Similar Artilces:

Get rid of SM email or I get rid of browser!
I use Windows 7 and am FED UP with SM 2.0's demanding that I use its email client! I want the BROWSER ONLY. I've been using Pegasus Mail as my client since 1994 and wont stop. Yet something wont allow me to make that my default email client in SM, it opens SM's mail client for any email link I click on and wont allow it to be changed. I either get this to stop or I gotta find another browser, this is BULL! -- Jane Galt "There is no difference between communism and socialism, except in the means of achieving the same ultimate end: communism proposes t...

How do I get rid of this mozL10n.get()?
So I have a few strings that contains arguments that also needs to be translated https://github.com/mozilla-b2g/gaia/blob/42e93d96ea245c778885b1889b3da589f5342fb1/apps/keyboard/locales/keyboard.en-US.properties#L77 And at the time of writing the code I ended up using mozL10n.get(). https://github.com/mozilla-b2g/gaia/blob/42e93d96ea245c778885b1889b3da589f5342fb1/apps/keyboard/js/settings/layout_item_view.js#L263-L265 Do we already have support on this? The answer is probably obvious if there is already one. The status itself is one <span> element which I prefer not to break...

How do I get get rid of 2nd login
I work at a company that is on a Novell network. We all run Novell client for Windows V. 4.9(2 I think). What I want to do it to get rid of the second log in screen. There is the original Novell Client login, then it prompts me for my workstation username and password. There are other computers that do not ask for the workstation info, they just create an account based on the novell info. This is good if you want to map another network share in a workgroup or something. Does anybody know how to do this? On another note, this computers are most all shared, so simply clicking t...

Am getting a pop-up that I need help getting rid of
Name: David Heywood Email: dave.heywood_at_heywoodrealty.com Product: Firefox Summary: Am getting a pop-up that I need help getting rid of Comments: A stupid pop window advertising all kinds of junk keeps popping up that has never popped up before. Can you guys help me figure out where it has planted itself so I can get rid of it. The title line in the box says "Aurora - part of the ABI Network" Thanks Dave Heywood dave.heywood@heywoodrealty.com Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3 ...

get rid of that ridiculous getting started bookmark
Name: DOCTOR Product: Firefox Summary: get rid of that ridiculous getting started bookmark Comments: Browser Details: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

POST GET GET GET GET... WTH?
Hi, I'm at a loss to explain this... I have an ASPX page that I can't always navigate to. When I developed the app (it's Starter Kit Portal-based), I did it on my LAN and have had no trouble accessing the page. However, upon deployment, I see the following behavior: 1. POST request goes out looking for MyForm.aspx 2. GET request for MyForm.aspx 3. GET request for MyForm.aspx 4. ... X. GET request Sometimes, the page finally loads. Other times, it just ends up blank. Many times, it doesn't load at ALL the first POST - I just get a "The pa...

Get Rid of the Sneeky McAfee download that gets bundled
Name: Product: Firefox Summary: Get Rid of the Sneeky McAfee download that gets bundled Comments: Get Rid of the Sneeky McAfee download that gets bundled with the Adobe update, you can't see if then you have to go and delete it. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 ( .NET CLR 3.5.30729) From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

Two things,Why do I keep getting emails that I don't want. can't get rid of them? Why can't I get my email when I am out of town? Or can I?
Name: Ed Leech Email: ELCraftatzoominternetdotnet Product: Thunderbird Summary: Two things,Why do I keep getting emails that I don't want. can't get rid of them? Why can't I get my email when I am out of town? Or can I? Comments: I am getting frusted with all the emails coming in that I do not want, I am using the tools to get thme out but they keep coming. They just use different names or whatever. I have been thinking of just switching to something else but my business intrusts know this email and it is tooo confusing to change. Every time I go out of town on bu...

how do i get rid of it
Name: wayne Email: matrixrider39atbellsouthdotnet Product: Firefox Summary: how do i get rid of it Comments: why am i getting this alert warning all over the place onLookupFailed 55 1 Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 ...

How to get rid of
Name: Gary Schaefer Email: garylschathotmaildotcom Product: Thunderbird Summary: How to get rid of Comments: I started using Thunderbird as a mail client, but I switched to a different ISP server. I now use MSN Live. Every time I try to use a URL web mail address, I get Thunderbird as a mail server. I do not want this because I cannot send out any email. After I try to send the email, I get a message that it failed. I wish to get rid of this so when I try to use a URL web site mail it will go directly to MSN live mail. Thank you. Browser Details: Mozilla/5.0 (Windows; U; W...

How do I get rid of it?
Name: jodi freeman Email: prettysnowflakes_at_sbcglobal.net Product: Firefox Summary: How do I get rid of it? Comments: Since the new start up page says Firefox and Google, instead of Mozilla, I can't get to my email. I can't find the answer on this web site, so can you help me, please and thank you. jodi freeman Browser Details: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; yie6; .NET CLR 1.1.4322) ...

How do I get rid of it?
Could someone please explain how to remove the ebay plugin? ...

How do I get rid of...
Ok, before I can even think of moving from Mozilla to SeaMonkey I need to know how to get rid of the red text at the bottom that is taking up a lot of the screen. Here is a pic so you can see what I am talking about. [URL=http://img45.imageshack.us/my.php?image=sp32200602121004054ht.jpg][IMG]http://img45.imageshack.us/img45/8500/sp32200602121004054ht.th.jpg[/IMG][/URL] Thanks in advance for any help given. On this day, 2/12/2006 8:13 AM, the esteemed Gloamgeist gave forth this bit of wisdom: > Ok, before I can even think of moving from Mozilla to SeaMonkey I need >...

How do I get rid of?
Too often my FF 4.0 will pop up with "Firefox prevented this page from automatically redirecting ..." How do I get rid of that pesky feature? Thanks, Don On 11-11-16 3:55 PM, Don Nickell wrote: > Too often my FF 4.0 will pop up with "Firefox prevented this page from > automatically redirecting ..." > > How do I get rid of that pesky feature? Tools-->Options-->Advanced-->General. Uncheck "Warn me when websites try to redirect or reload the page" -- Chris Ilias <http://ilias.ca> Mailing list/Newsgroup moderator C...

Web resources about - How do I get rid of this? - grc.privacy

The Daily Agenda for Christmas Day
TODAY’S AGENDA is brought to you by: From Club Scene , December 1983, page 56. All of us at BTB wish you a wonderful and happy Christmas. ...

CHRISTMASCAzT 27: The world’s first Christmas hymn
In gratitude to my donors and benefactors, during Advent posted 5 minute daily podcasts to help you prepare for the Feast of the Nativity of ...

Quentin Tarantino & Paul Thomas Anderson On Glory Of 70MM, Favorite Movies & The Race To Save Film
EXCLUSIVE: As kind of a dream Christmas gift for film nerds everywhere (and especially me in that regard) I got to sit down with directors Quentin ...

Gov. Brown Pardons Robert Downey Jr. For Drug Conviction
CBS Local Gov. Brown Pardons Robert Downey Jr. For Drug Conviction CBS Local SACRAMENTO, Calif. (AP) – The governor of California pardoned ...

Severe storms, tornadoes target South, Midwest
USA TODAY Severe storms, tornadoes target South, Midwest USA TODAY A ferocious storm system slammed parts of the South and Midwest on Wednesday, ...

Fox Panelists: If Trump Goes After Bill Clinton to Attack Hillary, It Will Backfire
For days now, Donald Trump has been hinting attacks on Hillary Clinton over her husband’s past, but two of the panelists on Fox’s Special Report ...

Gas Tanker Fire Kills 100+ in Nigeria
The Nation Newspaper Gas Tanker Fire Kills 100+ in Nigeria Daily Beast More than 100 people were killed after a gas tanker sparked a fire ...

Lunch Lady Unleashes Fire Vocals During Cafeteria Karaoke
A cafeteria worker in Pennsylvania surprised a room full of normally unimpressed teens this week with her stirring rendition of “Have Yourself ...

Spain: King Felipe decries Paris attacks in Christmas speech
MADRID (AP) — Spain's King Felipe VI, in his annual Christmas Eve speech, has decried the Paris attacks that killed 130 people and left hundreds ...

‘He’s Number One in the Polls!’: CNN’s Cuomo Defends Trump Coverage to a Combative Sanders
During an interview on CNN this morning, Bernie Sanders complained about how much free airtime the media devotes to Donald Trump , while Chris ...

Resources last updated: 12/25/2015 8:48:19 AM