Some computer help, please

Monk · December 3, 2004, 3:39am

Something (called DRSN–which hijacks your internet search preferences)was screwing with me, and I got rid of it with hijackthis, but now my search window on the left of my screen comes up “Action Canceled” and cannot be "Customize"d. I assume there is a registry entry that needs to get restored. Can anyone give me some assistance?

JohnA · December 3, 2004, 3:45am

RU running Internet Explorer? If so, try mozilla. www.mozilla.org - most of this hijack stuff is not written for mozilla.

As far as fixing this problem, you may want to try some different anti-spyware software. I use a cocktail of spybot seek and destroy and AdAware.

Good luck,

JA

davet · December 3, 2004, 3:55am

Hi Monk,

Here are the cleanup instructions if you are using Hijack This!

With all browser windows closed, check, and have Hijack This fix the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O4 - HKLM..\Run: C:\WINDOWS\System32\qnewfrkg.exe

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.2...current/kdx.cab

Reboot, find and delete C:\WINDOWS\System32\qnewfrkg.exe (from http://www.wilderssecurity.com/archive/index.php/t-41608.html)

Monk · December 3, 2004, 4:11am

Guys–I already deleted all that stuff, but now I get no search capability when I hit the “Search” button in IE. I must need to restore a registry key, but I don’t know which one, or what it should say

BenDavis · December 3, 2004, 8:09am

Monk, it might be time to buy a mac.

AHub · December 3, 2004, 8:15am

You have a high-speed connection, right? then it’s easy. just download the latest version of IE.

it should overwrite the settings, and you should be back in business.

either that, or just use google for all your search needs.

Monk · December 3, 2004, 12:43pm

then it’s easy. just download the latest version of IE.

it should overwrite the settings, and you should be back in business.
I’ll try that and let you know. Thanks.

mdtrihard · December 3, 2004, 12:49pm

I’m no techie, but what I do is go to programs, accessories, system tools, system restore and restore computer to a previous date.

Robert · December 3, 2004, 1:00pm

Monk:

Go to www.anandtech.com. Then to forums, then to Software near the bottom. Inside the Software forum near the top is a thread by one of the top tech guys about spam. Follow his instructions, including getting SpyBot and the free version of Zone Alarm. Make certain you have all the patches for IE as well. It is loaded with holes.

Anandtech is one of the best technical sites on the internet. If you have a computer problem, the chances are very good someone in the forums will have an answer.

System Restore usually will not work with these IE vulnerabilities, by the way.

These guys who do this to our computers belong in jail, IMHO.

-Robert, who is chess9 on Anandtech.

Shad · December 3, 2004, 2:35pm

Monk, you probably have a .reg file that is being called every time you are starting up. Depending on your OS try one of these

NT search on google and download StartupCPL

9X/Me click start → run type ‘msconfig’ click on the tab that says startup look for any file that ends in .reg

2000/XP Right click ‘My Computer’ then left click ‘Manage’ a management window will open expand ‘System Information’ and ‘Software Environment’ then click on ‘Startup Programs’ this is just a list of the programs that run. If you have a .reg file in there do a normal file search enabling hidden files and delete that sucker.

I second the opinion of downloading Spybot, it works well and has an immunize feature.

tri-espana · December 3, 2004, 2:56pm

On windows Win 2k, XP - click ‘Start’ - You must be logged on as an administrator!
Click ‘run’ and you will get a windows prompt saying ‘open’ type ‘regedit’.
Open the ‘HKEY_LOCAL_MACHINE’ then select ‘Software’ and then select ‘Microsoft’.
Select ‘Internet Explorer’ and the ‘Search’.

You should have two registry keys

CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

These are the defaults.

Other option on Win 2K or XP:

Open ‘Control Panel’ and then ‘Add or Remove programs’ then select ‘Windows Components’. Uncheck IE and then proceed. Restart your pc and then redo the above but ‘check’ the IE selector and proceed.

kindsteve · December 3, 2004, 3:36pm

My 2 cents:

Go to the location http://www.google.com/options/defaults.html Look down to IE select wheather u want Google or Microsoft Default. It will update your registry to either.

Then go to the following location in the registry
and add a new string value with the name {CFBFAE00-17A6-11D0-99CB-00C04FD64497} including the blocks {} and leave the value empty/blank…

kindsteve · December 3, 2004, 3:48pm

If the above doesn’t do the trick,

In , in addition to adding {CFBFAE00-17A6-11D0-99CB-00C04FD64497},
manually remove other entries. they look like {alphabets and numbers}_ followed by an underscore.

JohnA · December 3, 2004, 4:02pm

LMAO at all you Windows/IE people.

F*cking clownshoes.

Monk, I hope you get this fixed, but I swear to God, if this thread gets to 50 posts on how to fix your screwed up IE/Windows setup, I am going to personally come to your house and smash your POS computer with a sledgehammer! Then work my way arond the world, bringing the sledgehammer smackdown to the computer of anyone who THINKS ITS NORMAL AND ACCEPTABLE TO F WITH THE GODDAMN REGISTRY JUST TO REMOVE SOME SOFTWARE THAT EXPLOITS HUGE HOLES IN YOUR COMPUTER OPERATING SYSTEM! ARE YOU PEOPLE INSANE!!! AAARRRRRGGGGGHHHHH!!!

Whew, I feel a bit better… Now MONK, just get a mac, then you can browse all the porn sites you want to without some search engine taking over your computer!

amnesiac · December 3, 2004, 4:22pm

Monk, please just do what you know is right and ditch your PC for a crispy clean beautiful new Mac. If that’s not an option, please, please, please just STOP USING INTERNET EXPLORER!

Follow the advice of a previous poster and get Mozilla Firefox for free.

Monk · December 4, 2004, 2:53am

Thanks to everyone for their ideas. I got is straightened out. I would like to have five minutes alone in a room with the M_F’s who do this stuff to our machines.

Monk · December 5, 2004, 11:00pm

Mike–Its not necessarily all that hard. There is downloadable stuff that basically does it for you. And striaghtening out the Registry and is a little dicey, but not bad. And fixing the Start-up is easy.

What is happening to YOU?