PDA

View Full Version : IESEARCH


BigMig
June 13th 04, 11:59 PM
An IESEARCH application has been downloaded (unwanted)
from a web site. Every 5 minutes or so it connects my pc
to the internet. I cannot delete this application
because "it is in use by window". How do I delete this
application

AlmostBob
June 14th 04, 02:12 AM
install either or both of the first two links below, run, update from the in
program link and allow them to remove all the references to this and most
other unwanted garbage on your pc

--
Adaware http://www.lavasoft.de
spybot http://security.kolla.de
AVG free antivirus http://www.grisoft.com
Panda online AntiVirus scan http://www.pandasoftware.com/ActiveScan/
Catalog of removal tools http://www.pandasoftware.com/download/utilities/
Blocking Unwanted Parasites with a Hosts file
http://mvps.org/winhelp2002/hosts.htm
links provided as a courtesy, read all instructions on the pages before use
Grateful thanks to the authors/webmasters

"BigMig" > wrote in message
...
| An IESEARCH application has been downloaded (unwanted)
| from a web site. Every 5 minutes or so it connects my pc
| to the internet. I cannot delete this application
| because "it is in use by window". How do I delete this
| application

Sandi - Microsoft MVP
June 16th 04, 02:19 PM
There are many people who have helped this FAQ improve over time - MVPs and
newsgroup users. I thank all of you who have made the newsgroups,
anti-malware websites and dedicated mailing lists into such a wonderful
resource.

IMPORTANT: Before trying to remove spyware, download a copy of LSPFIX from
the URL below - some malware can kill your internet connection when it is
removed, and this software should get things going for you again:
http://www.cexx.org/lspfix.htm

IMPORTANT: After obtaining the software below, make sure you check for
updates and then run the programmes in safe mode.

You can go to the link below to check your system for parasites (supplied by
Doxdesk.com):
http://inetexplorer.mvps.org/parasite.htm

Malware removal (beginners guide):

First, go to Control Panel, add/remove programs. Check for malware entries
and use the uninstall programs.

Second, get AdAware. [..Warning: AdAware is now version 6.181. All previous
versions are NO LONGER SUPPORTED and will not be updated...]

AdAware is available at www.lavasoft.de. Make sure you check for updates
every time you use it.

To be most effective, you must run AdAware while Windows is in safe mode.

Modern malware uses more than one process, and these processes are
'co-dependent'. In other words, when one processes detects that the other
has been shut down, it automatically restarts its sibling, often using a
different name.

Disable the ability of suspect processes to start automatically by using
MSCONFIG (startup tab) before booting into safe mode. Use the information
at the URL below as a guide:

http://www2.whidbey.com/djdenham/Uncheck.htm

Reboot your computer and hold down the F8 key until the boot menu options
appear. Select 'safe mode'. After you are in safe mode, check to make sure
the suspect processes did not start up. If they did start up, we are going
to have to track down *where* they are coming from before going any further.
An experienced computer technician can use programme such as AutoStart
Viewer for in-depth diagnosis:
http://www.diamondcs.com.au/index.php?page=asviewer

While still in safe mode, and after you have shut down as many malware
processes as possible, start AdAware. AdAware, when run using default
settings, simply does not cope with new 'intelligent' malware. Make sure
'activate in depth scan' is enabled. Select 'use custom scanning options'
and then click on the 'customize' button. Turn on the following scan
options - scan within archives, active processes, registry (including deep
scan), IE favorites and hosts file. You must also turn on the following
option via the 'tweak' button:

Cleaning engine: 'automatically try to unregister objects prior to deletion'

IMPORTANT: Before letting AdAware delete malware, write down on a piece of
paper exactly where the malware is stored. You will need to delete those
directories after AdAware has done its work, but ONLY IF IT IS NOT A
STANDARD WINDOWS DIRECTORY.

After running AdAware, run it again, this time using the option 'select
drives/folders to scan'. Click on 'select'. Scan your entire hard drive.
Also do the following:

Empty your IE cache and your other temporary file folders, eg:
c:\windows\temp (if using Windows 98) or C:\Documents and
Settings\<name>\Local Settings\Temp (the path to your temp folder will
change depending on your name) - sometimes programmes can be hidden in
there - watch out for mysterious *.exe files or *.dll files in those
folders.

Go to IE Tools, Internet Options, Temporary Internet Files {Settings
Button}, View Objects, Downloaded Programme Files. Check for unusual objects
there.

Go to IE Tools, Internet Options, Accessibility. Make sure there is no
style sheet chosen (under User Style Sheet - format documents using my style
sheet). If the option is turned on, turn it OFF.

It is possible to turn off third party extensions (Enable third-party
browser extensions (requires restart) at IE tools, internet options,
advanced) to disable *all* plug-ins but troubleshooting will be difficult
and it is only a BANDAID. Nothing gets fixed. There is software that
depends on 'third party browser extensions" to work, including Acrobat,
Microsoft Money, and many other programmes.

Once your computer is clean, and if it applies to your operating system,
create a new restore point. Your old ones may, of course, be infected with
the malware and therefore cannot be used. Run disk cleanup to remove old
restore points (if you operating system has this option you will find it on
the 'more options' tab of the disk cleanup utility).

If you are still having problems:

You can go to the link below to check your system for parasites and
hopefully identify your problem (supplied by Doxdesk.com):

http://inetexplorer.mvps.org/parasite.htm

Download and run the latest version of "Cool Web Shredder"
http://www.merijn.org/files/CWShredder.exe

The more experienced user can try Spybot. Again, it is a free programme
which can be downloaded from: http://spybot.eon.net.au/. Warning: it is NOT
a good programme for the inexperienced. If you want to use this programme,
please get the advice of those more experienced before 'fixing' anything
that it finds.

Another excellent programme that allows you to examine your system and
*create a results log for experts to examine* is HijackThis, available from:
http://209.133.47.12/~merijn/files/HijackThis.exe (direct download)

MS have released a limited KB article regarding what they call 'deceptive
software'.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;827315

Here is advice specific to:

home page hijackings
http://inetexplorer.mvps.org/answers.htm#home_page

pop-up ads
http://inetexplorer.mvps.org/data/popup.htm

search engine hijackings
http://inetexplorer.mvps.org/answers4.htm#search_engine


--
Hyperlinks are used to ensure advice remains current
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://inetexplorer.mvps.org/



BigMig wrote:
> An IESEARCH application has been downloaded (unwanted)
> from a web site. Every 5 minutes or so it connects my pc
> to the internet. I cannot delete this application
> because "it is in use by window". How do I delete this
> application

pjd190
June 22nd 04, 11:08 PM
I have done all that is suggested- run ad aware, hi-jack
this, spybot-- ALL UPDATED- they removed VX2,
Look2me,once. hijack this keeps finding auto.search,
etc. McAfee security center on, also their virus scan-
NONE of these programs finds any other spyware/malware,
except the search engines. Downloaded PestPatrol, which
also found VX2 and removed it. Pop-ups, and IE search
hijackings continued. 302 kb files in WINDOWS/SYSTEM-
cannot remove C*gwiz [* is changeable letter]- says in
use by Windows. Properties- Nic Tech Networks, 5/5/04. On
every restart, another 302 kb file in Windows System, but
I was able to remove those a coouple of times, but then
PC would freeze, had to control-alt-del to restart. Each
restart, Windows is 'reconfiguring your start up files'.
I was able to open the C*gwiz file- once- and it had much
gibberish, but many messages at end- which pop up
frequently, plus the Nic Tech Networks info, along with
VeriSign and Fawlte certificate information [sorry I
didn't copy all this down]. Then- no CD. Tried to check
system resources, and on each tab click, that op[tion
disappeared. Tried to restore registry in DOS- "this
program cannot run in DOS". Now I cannot start my PC in
safe mode, but when desktop appears, cannot use mouse,
and it repeatedly attempts to connect to the internet.
Started PC with a boot disk- tried to copy SYS C files
[command.com. IO.sys, MSDOS.sys] no go- "needed
parameters missing". I am now running a full scandisk
from boot disk.
Tried calling MS virus help line- after receiving sales
pitch to upgrade to XP, was cut off twice.
Presentluy running MS Windows98SE, IE 6.0.28000, 128 bit
security. Current on all updates.
>-----Original Message-----
>There are many people who have helped this FAQ improve
over time - MVPs and
>newsgroup users. I thank all of you who have made the
newsgroups,
>anti-malware websites and dedicated mailing lists into
such a wonderful
>resource.
>
>IMPORTANT: Before trying to remove spyware, download a
copy of LSPFIX from
>the URL below - some malware can kill your internet
connection when it is
>removed, and this software should get things going for
you again:
>http://www.cexx.org/lspfix.htm
>
>IMPORTANT: After obtaining the software below, make sure
you check for
>updates and then run the programmes in safe mode.
>
>You can go to the link below to check your system for
parasites (supplied by
>Doxdesk.com):
>http://inetexplorer.mvps.org/parasite.htm
>
>Malware removal (beginners guide):
>
>First, go to Control Panel, add/remove programs. Check
for malware entries
>and use the uninstall programs.
>
>Second, get AdAware. [..Warning: AdAware is now version
6.181. All previous
>versions are NO LONGER SUPPORTED and will not be
updated...]
>
>AdAware is available at www.lavasoft.de. Make sure you
check for updates
>every time you use it.
>
>To be most effective, you must run AdAware while Windows
is in safe mode.
>
>Modern malware uses more than one process, and these
processes are
>'co-dependent'. In other words, when one processes
detects that the other
>has been shut down, it automatically restarts its
sibling, often using a
>different name.
>
>Disable the ability of suspect processes to start
automatically by using
>MSCONFIG (startup tab) before booting into safe mode.
Use the information
>at the URL below as a guide:
>
>http://www2.whidbey.com/djdenham/Uncheck.htm
>
>Reboot your computer and hold down the F8 key until the
boot menu options
>appear. Select 'safe mode'. After you are in safe
mode, check to make sure
>the suspect processes did not start up. If they did
start up, we are going
>to have to track down *where* they are coming from
before going any further.
>An experienced computer technician can use programme
such as AutoStart
>Viewer for in-depth diagnosis:
>http://www.diamondcs.com.au/index.php?page=asviewer
>
>While still in safe mode, and after you have shut down
as many malware
>processes as possible, start AdAware. AdAware, when run
using default
>settings, simply does not cope with new 'intelligent'
malware. Make sure
>'activate in depth scan' is enabled. Select 'use custom
scanning options'
>and then click on the 'customize' button. Turn on the
following scan
>options - scan within archives, active processes,
registry (including deep
>scan), IE favorites and hosts file. You must also turn
on the following
>option via the 'tweak' button:
>
>Cleaning engine: 'automatically try to unregister
objects prior to deletion'
>
>IMPORTANT: Before letting AdAware delete malware, write
down on a piece of
>paper exactly where the malware is stored. You will
need to delete those
>directories after AdAware has done its work, but ONLY IF
IT IS NOT A
>STANDARD WINDOWS DIRECTORY.
>
>After running AdAware, run it again, this time using the
option 'select
>drives/folders to scan'. Click on 'select'. Scan your
entire hard drive.
>Also do the following:
>
>Empty your IE cache and your other temporary file
folders, eg:
>c:\windows\temp (if using Windows 98) or C:\Documents
and
>Settings\<name>\Local Settings\Temp (the path to your
temp folder will
>change depending on your name) - sometimes programmes
can be hidden in
>there - watch out for mysterious *.exe files or *.dll
files in those
>folders.
>
>Go to IE Tools, Internet Options, Temporary Internet
Files {Settings
>Button}, View Objects, Downloaded Programme Files. Check
for unusual objects
>there.
>
>Go to IE Tools, Internet Options, Accessibility. Make
sure there is no
>style sheet chosen (under User Style Sheet - format
documents using my style
>sheet). If the option is turned on, turn it OFF.
>
>It is possible to turn off third party extensions
(Enable third-party
>browser extensions (requires restart) at IE tools,
internet options,
>advanced) to disable *all* plug-ins but troubleshooting
will be difficult
>and it is only a BANDAID. Nothing gets fixed. There is
software that
>depends on 'third party browser extensions" to work,
including Acrobat,
>Microsoft Money, and many other programmes.
>
>Once your computer is clean, and if it applies to your
operating system,
>create a new restore point. Your old ones may, of
course, be infected with
>the malware and therefore cannot be used. Run disk
cleanup to remove old
>restore points (if you operating system has this option
you will find it on
>the 'more options' tab of the disk cleanup utility).
>
>If you are still having problems:
>
>You can go to the link below to check your system for
parasites and
>hopefully identify your problem (supplied by
Doxdesk.com):
>
>http://inetexplorer.mvps.org/parasite.htm
>
>Download and run the latest version of "Cool Web
Shredder"
>http://www.merijn.org/files/CWShredder.exe
>
>The more experienced user can try Spybot. Again, it is a
free programme
>which can be downloaded from:
http://spybot.eon.net.au/. Warning: it is NOT
>a good programme for the inexperienced. If you want to
use this programme,
>please get the advice of those more experienced
before 'fixing' anything
>that it finds.
>
>Another excellent programme that allows you to examine
your system and
>*create a results log for experts to examine* is
HijackThis, available from:
>http://209.133.47.12/~merijn/files/HijackThis.exe
(direct download)
>
>MS have released a limited KB article regarding what
they call 'deceptive
>software'.
>http://support.microsoft.com/default.aspx?scid=kb;EN-
US;827315
>
>Here is advice specific to:
>
>home page hijackings
>http://inetexplorer.mvps.org/answers.htm#home_page
>
>pop-up ads
>http://inetexplorer.mvps.org/data/popup.htm
>
>search engine hijackings
>http://inetexplorer.mvps.org/answers4.htm#search_engine
>
>
>--
>Hyperlinks are used to ensure advice remains current
>_______________________________________
>Sandi - Microsoft MVP since 1999 (IE/OE)
>http://inetexplorer.mvps.org/
>
>
>
>BigMig wrote:
>> An IESEARCH application has been downloaded (unwanted)
>> from a web site. Every 5 minutes or so it connects my
pc
>> to the internet. I cannot delete this application
>> because "it is in use by window". How do I delete this
>> application
>
>.
>

Sandi - Microsoft MVP
July 3rd 04, 08:29 AM
PJD,

Check out the updated advice, and be very careful about *how* you use the
anti-spyware software.

There are many people who have helped this FAQ improve over time - MVPs and
newsgroup users. I thank all of you who have made the newsgroups,
anti-malware websites and dedicated mailing lists into such a wonderful
resource.

Read the advice at my prevention link
(http://inetexplorer.mvps.org/data/prevention.htm) to reduce the chances of
your computer being infected.

IMPORTANT: Before trying to remove spyware, download a copy of LSPFIX from
the URL below - some malware can kill your internet connection when it is
removed, and this software should get things going for you again:
http://www.cexx.org/lspfix.htm

Also get a copy of WINSOCKFIX available at:
http://www.spychecker.com/program/winsockxpfix.html

The software you should download and have ready to use is:

AdAware - www.lavasoft.de [..Warning: AdAware is now version 6.181. All
previous versions are NO LONGER SUPPORTED and will not be updated...]

Spybot Search and Destroy - http://spybot.eon.net.au

HijackThis - http://209.133.47.12/~merijn/files/HijackThis.exe

CWShredder - http://www.merijn.org/files/CWShredder.exe

HackerDefender Disabler - http://www.aumha.org/downloads/unhackdef.zip
Extract the BAT file to your desktop.

IMPORTANT: After obtaining the required software above, make sure you check
for updates and run the programmes in safe mode.

Malware removal (beginner's guide):

Go to Control Panel, Folder Options, View Tab. Turn on the option to show
hidden files. Turn off the option to hide protected system files.
***WARNING!! Files are hidden by Windows for a very good reason. It is not
wise to 'experiment' with these files. Unfortunately, to successfully
remove modern malware we must turn this protection off. There is a risk to
doing this. Please turn the protection back on when you have finished
cleaning your system.***

Run HackerDefener Disabler. A DOS window will flash onto your screen and
then disappear. This is normal.

First, go to Control Panel, add/remove programs. Check for malware entries
and use the uninstall programs, then reboot.

Go to start/run and type MSCONFIG. Go to the startup tab. Disable
everything that you do not recognise as legitimate (do not disable any power
profile options).

Now go to the Services tab. Turn on the option to 'hide all Microsoft
Services'. Disable everything that remains. If you don't have this option,
don't worry about it.

Reboot your computer and hold down the F8 key until the boot menu options
appear. Choose Safe Mode as your startup choice. You will find
information about what safe mode is, and what it does, at this link
[http://inetexplorer.mvps.org/data/safe_mode.htm]

Start CWSHREDDER. Update it, and fix anything it finds. Reboot back into
safe mode.

Start AdAware. Use the 'check for updates now' option. After you have
updated, click 'start'.

Note that when run using default settings, AdAware does not cope with new
'intelligent' malware. Make the following changes to the default settings.

Use the option 'select drives/folders to scan'. Set AdAware to scan your
entire hard drive.

Make sure 'activate in depth scan' is enabled.

Select 'use custom scanning options' and then click on the 'customize'
button. Turn on the following scan options - scan within archives, scan
active processes, scan registry, deep registry scan, scan [my] IE favorites
for banned URLs, and scan [my] hosts file.

Use the 'tweak' button. Turn on the following options:

Cleaning engine: 'automatically try to unregister objects prior to
deletion', 'let windows remove files in use at next reboot', 'delete
quarantined objects after restoring'.

Scanning engine: 'unload recognized processes during scan'.

After you have finished with AdAware run Spybot to pick up any leftovers.
Fix anything marked in red. Again, don't forget to check for updates.

Also do the following:

Empty your IE cache and your other temporary file folders, eg: c:\temp,
c:\windows\temp or C:\Documents and Settings\<name>\Local Settings\Temp (the
path to your temp folder will change depending on your name) - sometimes
programmes can be hidden in there - watch out for mysterious *.exe files or
*.dll files in those folders.

Go to IE Tools, Internet Options, Temporary Internet Files {Settings
Button}, View Objects, Downloaded Program Files. Check for unrecognised
objects there.

Go to IE Tools, Internet Options, Accessibility. Make sure there is no style
sheet chosen (under User Style Sheet - format documents using my style
sheet). If the option is turned on, turn it OFF.

If the problem comes back, start all over again but with the following
changes (this section requires advanced computer skills - inexperienced
users will require assistance, available via the public newsgroups or
various anti-spyware forums, my preferred forum being
http://forum.aumha.org/)

Examine win.ini using MSCONFIG to see what is loading. You may find
something there. Go to MSCONFIG and go to the General tab. Turn off
process win.ini file, load system services and load startup items. Restart
Windows and run AdAware etc once more.

Use services.msc to see what is running. Some malware is now registering
itself as a Service. The problem is working out what is legitimate and what
is not.

Once a service or services has been identified as malware, use services.msc
to set the malware service(s) to 'disabled'. Reboot into safe mode. Delete
the relevant malware key in the right hand pane at
HKLM\System\CurrentControlSet\Services.

I strongly recommend that unless you have strong experience working in this
area that until such time as I am able to track down a comprehensive list of
legitimate services (or put one together myself), that you post details of
the services revealed by services.msc to a microsoft.public newsgroup for
professional guidance. If you turn off the wrong service you could cause
serious problems, and at the very worst, leave the computer unbootable.

An experienced computer technician can use programme such as AutoStart
Viewer for in-depth diagnosis:
http://www.diamondcs.com.au/index.php?page=asviewer

I prefer Process Viewer for Windows:
http://www.teamcti.com/pview/

Another excellent programme is 'Silent Runners':
http://www.aaronoff.com/silent_runners/

Another excellent programme for the experienced user is APM (Advanced
Process Manipulation), available at:
http://www.diamondcs.com.au/index.php?page=apm

Once the computer is clean, and if it applies to the operating system,
create a new restore point. The old ones may, of course, be infected with
the malware and therefore cannot be used. Run disk cleanup to remove old
restore points (if your operating system has this option you will find it on
the 'more options' tab of the disk cleanup utility. If the option to remove
old restore points is not available, stop and restart the restore service
which will flush out old restore points and prevent accidental reloading of
malware.

MS have released a limited KB article regarding what they call 'deceptive
software'.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;827315

Here is advice specific to:

home page hijackings
http://inetexplorer.mvps.org/answers.htm#home_page

pop-up ads
http://inetexplorer.mvps.org/data/popup.htm

search engine hijackings
http://inetexplorer.mvps.org/answers4.htm#search_engine


--
Hyperlinks are used to ensure advice remains current
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://inetexplorer.mvps.org/




pjd190 wrote:
> I have done all that is suggested- run ad aware, hi-jack
> this, spybot-- ALL UPDATED- they removed VX2,
> Look2me,once. hijack this keeps finding auto.search,
> etc. McAfee security center on, also their virus scan-
> NONE of these programs finds any other spyware/malware,
> except the search engines. Downloaded PestPatrol, which
> also found VX2 and removed it. Pop-ups, and IE search
> hijackings continued. 302 kb files in WINDOWS/SYSTEM-
> cannot remove C*gwiz [* is changeable letter]- says in
> use by Windows. Properties- Nic Tech Networks, 5/5/04. On
> every restart, another 302 kb file in Windows System, but
> I was able to remove those a coouple of times, but then
> PC would freeze, had to control-alt-del to restart. Each
> restart, Windows is 'reconfiguring your start up files'.
> I was able to open the C*gwiz file- once- and it had much
> gibberish, but many messages at end- which pop up
> frequently, plus the Nic Tech Networks info, along with
> VeriSign and Fawlte certificate information [sorry I
> didn't copy all this down]. Then- no CD. Tried to check
> system resources, and on each tab click, that op[tion
> disappeared. Tried to restore registry in DOS- "this
> program cannot run in DOS". Now I cannot start my PC in
> safe mode, but when desktop appears, cannot use mouse,
> and it repeatedly attempts to connect to the internet.
> Started PC with a boot disk- tried to copy SYS C files
> [command.com. IO.sys, MSDOS.sys] no go- "needed
> parameters missing". I am now running a full scandisk
> from boot disk.
> Tried calling MS virus help line- after receiving sales
> pitch to upgrade to XP, was cut off twice.
> Presentluy running MS Windows98SE, IE 6.0.28000, 128 bit
> security. Current on all updates.
>> -----Original Message-----
>> There are many people who have helped this FAQ improve over time -
>> MVPs and newsgroup users. I thank all of you who have made the
>> newsgroups, anti-malware websites and dedicated mailing lists into
>> such a wonderful resource.
>>
>> IMPORTANT: Before trying to remove spyware, download a copy of
>> LSPFIX from the URL below - some malware can kill your internet
>> connection when it is removed, and this software should get things
>> going for you again: http://www.cexx.org/lspfix.htm
>>
>> IMPORTANT: After obtaining the software below, make sure you check
>> for updates and then run the programmes in safe mode.
>>
>> You can go to the link below to check your system for parasites
>> (supplied by Doxdesk.com):
>> http://inetexplorer.mvps.org/parasite.htm
>>
>> Malware removal (beginners guide):
>>
>> First, go to Control Panel, add/remove programs. Check for malware
>> entries and use the uninstall programs.
>>
>> Second, get AdAware. [..Warning: AdAware is now version 6.181. All
>> previous versions are NO LONGER SUPPORTED and will not be updated...]
>>
>> AdAware is available at www.lavasoft.de. Make sure you check for
>> updates every time you use it.
>>
>> To be most effective, you must run AdAware while Windows is in safe
>> mode.
>>
>> Modern malware uses more than one process, and these processes are
>> 'co-dependent'. In other words, when one processes detects that the
>> other has been shut down, it automatically restarts its sibling,
>> often using a different name.
>>
>> Disable the ability of suspect processes to start automatically by
>> using MSCONFIG (startup tab) before booting into safe mode. Use the
>> information at the URL below as a guide:
>>
>> http://www2.whidbey.com/djdenham/Uncheck.htm
>>
>> Reboot your computer and hold down the F8 key until the boot menu
>> options appear. Select 'safe mode'. After you are in safe mode,
>> check to make sure the suspect processes did not start up. If they
>> did start up, we are going to have to track down *where* they are
>> coming from before going any further. An experienced computer
>> technician can use programme such as AutoStart Viewer for in-depth
>> diagnosis: http://www.diamondcs.com.au/index.php?page=asviewer
>>
>> While still in safe mode, and after you have shut down as many
>> malware processes as possible, start AdAware. AdAware, when run
>> using default settings, simply does not cope with new 'intelligent'
>> malware. Make sure 'activate in depth scan' is enabled. Select
>> 'use custom scanning options' and then click on the 'customize'
>> button. Turn on the following scan options - scan within archives,
>> active processes, registry (including deep scan), IE favorites and
>> hosts file. You must also turn on the following option via the
>> 'tweak' button:
>>
>> Cleaning engine: 'automatically try to unregister objects prior to
>> deletion'
>>
>> IMPORTANT: Before letting AdAware delete malware, write down on a
>> piece of paper exactly where the malware is stored. You will need
>> to delete those directories after AdAware has done its work, but
>> ONLY IF IT IS NOT A STANDARD WINDOWS DIRECTORY.
>>
>> After running AdAware, run it again, this time using the option
>> 'select drives/folders to scan'. Click on 'select'. Scan your
>> entire hard drive. Also do the following:
>>
>> Empty your IE cache and your other temporary file folders, eg:
>> c:\windows\temp (if using Windows 98) or C:\Documents and
>> Settings\<name>\Local Settings\Temp (the path to your temp folder
>> will change depending on your name) - sometimes programmes can be
>> hidden in there - watch out for mysterious *.exe files or *.dll
>> files in those folders.
>>
>> Go to IE Tools, Internet Options, Temporary Internet Files {Settings
>> Button}, View Objects, Downloaded Programme Files. Check for unusual
>> objects there.
>>
>> Go to IE Tools, Internet Options, Accessibility. Make sure there is
>> no style sheet chosen (under User Style Sheet - format documents
>> using my style sheet). If the option is turned on, turn it OFF.
>>
>> It is possible to turn off third party extensions (Enable third-party
>> browser extensions (requires restart) at IE tools, internet options,
>> advanced) to disable *all* plug-ins but troubleshooting will be
>> difficult and it is only a BANDAID. Nothing gets fixed. There is
>> software that depends on 'third party browser extensions" to work,
>> including Acrobat, Microsoft Money, and many other programmes.
>>
>> Once your computer is clean, and if it applies to your operating
>> system, create a new restore point. Your old ones may, of course,
>> be infected with the malware and therefore cannot be used. Run disk
>> cleanup to remove old restore points (if you operating system has
>> this option you will find it on the 'more options' tab of the disk
>> cleanup utility).
>>
>> If you are still having problems:
>>
>> You can go to the link below to check your system for parasites and
>> hopefully identify your problem (supplied by Doxdesk.com):
>>
>> http://inetexplorer.mvps.org/parasite.htm
>>
>> Download and run the latest version of "Cool Web Shredder"
>> http://www.merijn.org/files/CWShredder.exe
>>
>> The more experienced user can try Spybot. Again, it is a free
>> programme which can be downloaded from:
> http://spybot.eon.net.au/. Warning: it is NOT
>> a good programme for the inexperienced. If you want to use this
>> programme, please get the advice of those more experienced
> before 'fixing' anything
>> that it finds.
>>
>> Another excellent programme that allows you to examine your system
>> and *create a results log for experts to examine* is HijackThis,
>> available from: http://209.133.47.12/~merijn/files/HijackThis.exe
>> (direct download)
>>
>> MS have released a limited KB article regarding what they call
>> 'deceptive software'.
>> http://support.microsoft.com/default.aspx?scid=kb;EN- US;827315
>>
>> Here is advice specific to:
>>
>> home page hijackings
>> http://inetexplorer.mvps.org/answers.htm#home_page
>>
>> pop-up ads
>> http://inetexplorer.mvps.org/data/popup.htm
>>
>> search engine hijackings
>> http://inetexplorer.mvps.org/answers4.htm#search_engine
>>
>>
>> --
>> Hyperlinks are used to ensure advice remains current
>> _______________________________________
>> Sandi - Microsoft MVP since 1999 (IE/OE)
>> http://inetexplorer.mvps.org/
>>
>>
>>
>> BigMig wrote:
>>> An IESEARCH application has been downloaded (unwanted)
>>> from a web site. Every 5 minutes or so it connects my pc
>>> to the internet. I cannot delete this application
>>> because "it is in use by window". How do I delete this
>>> application
>>
>> .