ZY Web Search Homepage Hijacker Removal Instructions and Help
Hits:37
 |
What is ZY Web Search?
ZY Web Search is a website search engine with lots of search results for things like debt consolidation, refinancing, casinos, and more related searches generally seen in spam emails. Most searches appear to be affiliate links that make the owner of the site money through clickthroughs. It takes over as your start page and might be a variant of the CoolWebSearch homepage hijacker as well.
How do I Remove ZY Web Search.com?
Follow the steps below to remove the ZY Web Search variant that points your web browser to
http://db105.com:81/cgi-bin/index.cgi?c=0
These steps can also be used to help remove the following homepages as well, although the steps below contain the db105.com example:
ez-finder.com/cgi-bin/index.cgi?c=2
greatsearch.biz
www.searchmeup.cc/o/cgi-bin/index.cgi?c=9
1) Open My Computer and choose Tools, then click on Folder Options, click on the View tab and under Advanced Setting, choose Show Hidden Files and Folders, then click on OK and close My Computer. In Windows XP/2000, you may also want to uncheck the options for "Hide extensions for known file types" and "hide protected operating system files".
2) Reboot in Safe Mode
3) Using HijackThis, remove or fix the following lines. Follow this link for a tutorial on HijackThis
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
** NOTE: The above URL may also show as "searchmeup.cc"
O2 - BHO: BHO - { 06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\SYSTEM\MSPXS32.DLL
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O15 - Trusted Zone: *.db105.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.mt-download.com
** Note: You may want to delete any other trusted zones as well.
4) Delete the infected files.
Click Start, point to Find or Search, and then click Files or Folders.
Make sure that "Look in" is set to (C:\WINDOWS).
In the "Named" or "Search for..." box, type the following filenames, search for and delete them.
explorer32.exe (in the Windows/System folder)
MSPXS32.DLL (in the Windows/System folder)
5) Reset your homepage to whatever you like
* Close all Internet Explorer windows.
* Open Control Panel. Click Start>Settings>Control Panel.
* Double-click the Internet Options icon.
* In the Internet Properties window, click the General tab and enter in the homepage URL you want
* Under the "Temporary Internet Files" section click on Delete Files, then check the box for "delete all offline content" and Click Ok. Once the Temporary Internet Files have been deleted (it may take a few minutes), Click OK and close Internet Options and then close the Control Panel.
6) Reboot your computer and check your homepage
7) Please report back the results to me, if it didnt solve the problem, send me a current hijackthis log so I can examine it and improve these instructions.
ZY Web Search is a website search engine with lots of search results for things like debt consolidation, refinancing, casinos, and more related searches generally seen in spam emails. Most searches appear to be affiliate links that make the owner of the site money through clickthroughs. It takes over as your start page and might be a variant of the CoolWebSearch homepage hijacker as well.
How do I Remove ZY Web Search.com?
Follow the steps below to remove the ZY Web Search variant that points your web browser to
http://db105.com:81/cgi-bin/index.cgi?c=0
These steps can also be used to help remove the following homepages as well, although the steps below contain the db105.com example:
ez-finder.com/cgi-bin/index.cgi?c=2
greatsearch.biz
www.searchmeup.cc/o/cgi-bin/index.cgi?c=9
1) Open My Computer and choose Tools, then click on Folder Options, click on the View tab and under Advanced Setting, choose Show Hidden Files and Folders, then click on OK and close My Computer. In Windows XP/2000, you may also want to uncheck the options for "Hide extensions for known file types" and "hide protected operating system files".
2) Reboot in Safe Mode
3) Using HijackThis, remove or fix the following lines. Follow this link for a tutorial on HijackThis
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
** NOTE: The above URL may also show as "searchmeup.cc"
O2 - BHO: BHO - { 06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\SYSTEM\MSPXS32.DLL
O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe
O15 - Trusted Zone: *.db105.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.mt-download.com
** Note: You may want to delete any other trusted zones as well.
4) Delete the infected files.
Click Start, point to Find or Search, and then click Files or Folders.
Make sure that "Look in" is set to (C:\WINDOWS).
In the "Named" or "Search for..." box, type the following filenames, search for and delete them.
explorer32.exe (in the Windows/System folder)
MSPXS32.DLL (in the Windows/System folder)
5) Reset your homepage to whatever you like
* Close all Internet Explorer windows.
* Open Control Panel. Click Start>Settings>Control Panel.
* Double-click the Internet Options icon.
* In the Internet Properties window, click the General tab and enter in the homepage URL you want
* Under the "Temporary Internet Files" section click on Delete Files, then check the box for "delete all offline content" and Click Ok. Once the Temporary Internet Files have been deleted (it may take a few minutes), Click OK and close Internet Options and then close the Control Panel.
6) Reboot your computer and check your homepage
7) Please report back the results to me, if it didnt solve the problem, send me a current hijackthis log so I can examine it and improve these instructions.
Article Categories
- Windows
- -- Common Technique
- -- Troubleshooting
- -- Vista
- -- Hardware
- -- Registry
- -- Process Library
- -- Others
- Networks
- -- Internet Explorer
- -- Firefox
- -- Others
- Security
- -- Antivirus & AntiSpyware
- -- Spyware
- -- Privacy Protection
- -- Others
- Software
- -- Registry Winner
- -- Software Usage Help
- -- Software Usage Skill
- -- Others
- Cartoon
- -- Donkey Lee
- Others
- -- Adobe Flash Player
New
- How do I get a password reset or reminder sent to my alternate email if I can't login to it?
- Can I recover my MSN Hotmail password rather than reset it?
- Animate Individual Objects
- Graphics-Editing Capabilities
- Making Presentation Files Smaller
- Using Different Backgrounds within one Presentation
- Creating Pages with Slides and Descriptive Text
- Windows cannot open N3 files?
- Windows cannot open N4E files?
- Windows cannot open NA2 files?
- Windows cannot open NAD files?
- Windows cannot open NAIL files?
- Xinput1-3.dll Not Found Error Resolution
- Dxdiagn.dll Not Found Error Resolution
- Msvcr71.dll Not Found Error Resolution
- Binkw32.dll Error Resolution
- D3dx9-31.dll Not Found Error Resolution
- How To Disable a Device in Device Manager in Windows Vista
- How To View a Device's Status in Device Manager in Windows Vista
- Xlive.dll Not Found Error Resolution
Hot
- What is the Registry and How to Fix the Registry Errors?
- Enable Javascript in Internet Explorer
- How to Optimize PC Memory?
- How to Clean Up Your PC Junk?
- How to Optimize Your System?
- How to Optimize PC Service?
- Internet Explorer does not Display Images
- What is BHO and How to Use BHO Manager?
- How to Use Startup Manager?
- How to Reinstall or Repair Internet Explorer in Windows XP?
- How to Shred The Files Which Can Not Be Restored?
- Enable Java in Internet Explorer
- How to Uninstall Internet Explorer 7
- How to Delete Online Evidence Permanently?
- How to Use Uninstall Manager?
- Can not Open Internet Explorer Options
- Auto Backup
- How to Recover Your Internet Explorer?
- Get Your IE Favorites Protected
- Full Backup
Copyright 2007-2017 RegistryWinner.com. All rights reserved.