nightowl
04-21-2005, 03:43 PM
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094055
Using Hijack This In Safe Mode Remove these entries if present,
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azesearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.50.166.11 www.google.com
O1 - Hosts: 69.50.166.11 google.com
O1 - Hosts: 69.50.166.11 www.google.co.uk
O1 - Hosts: 69.50.166.11 google.co.uk
O1 - Hosts: 69.50.166.11 www.google.ca
O1 - Hosts: 69.50.166.11 google.ca
O1 - Hosts: 69.50.166.11 www.google.es
O1 - Hosts: 69.50.166.11 google.es
O1 - Hosts: 69.50.166.11 www.google.de
O1 - Hosts: 69.50.166.11 google.de
O1 - Hosts: 69.50.166.11 www.google.fr
O1 - Hosts: 69.50.166.11 google.fr
O1 - Hosts: 69.50.166.11 www.google.com.au
O1 - Hosts: 69.50.166.11 google.com.au
O1 - Hosts: 69.50.166.14 www.yahoo.com
O1 - Hosts: 69.50.166.14 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 69.50.166.12 www.msn.com
O1 - Hosts: 69.50.166.12 msn.com
O1 - Hosts: 69.50.166.12 search.msn.com
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.12 go.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O1 - Hosts: 69.50.166.13 cracks.am
O1 - Hosts: 69.50.166.13 www.cracks.am
All 01s must be deleted even if they are different than the ones above
O2 - BHO: AddressBar Class - {1474CE44-8057-4AE3-8F3E-ED37C7C63D8A} - C:\WINDOWS\SYSTEM32\IASAD.DLL
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\SYSTEM\AZESEARCH2.OCX
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\system32\azesearch3.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasadm.dll
O3 - Toolbar: AZE Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -
C:\WINDOWS\SYSTEM\AZESEARCH2.OCX
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch3.ocx
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://www.azebar.com/install/azesearch.cab
Good Luck.........Jim
PREVENTION
Add all the CLSID Numbers above to your Custom Blocking on SpywareBlaster
http://www.javacoolsoftware.com/spywareblaster.html
To find Custom Blocking click the Tools Tab. Make sure the CLSID numbers are in between the parenthesis!
This is The Last Post in this thread. If you wish to post a log. Please start a new thread and post your log in the Log Section, thanks. Here is the link.
http://forums.designtechnica.com/forumdisplay.php?f=127
Also If you have any useful suggestions on this topic send a Private Message to nightowl or ECA and we can reopen the thread for you
Using Hijack This In Safe Mode Remove these entries if present,
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azesearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.50.166.11 www.google.com
O1 - Hosts: 69.50.166.11 google.com
O1 - Hosts: 69.50.166.11 www.google.co.uk
O1 - Hosts: 69.50.166.11 google.co.uk
O1 - Hosts: 69.50.166.11 www.google.ca
O1 - Hosts: 69.50.166.11 google.ca
O1 - Hosts: 69.50.166.11 www.google.es
O1 - Hosts: 69.50.166.11 google.es
O1 - Hosts: 69.50.166.11 www.google.de
O1 - Hosts: 69.50.166.11 google.de
O1 - Hosts: 69.50.166.11 www.google.fr
O1 - Hosts: 69.50.166.11 google.fr
O1 - Hosts: 69.50.166.11 www.google.com.au
O1 - Hosts: 69.50.166.11 google.com.au
O1 - Hosts: 69.50.166.14 www.yahoo.com
O1 - Hosts: 69.50.166.14 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 69.50.166.12 www.msn.com
O1 - Hosts: 69.50.166.12 msn.com
O1 - Hosts: 69.50.166.12 search.msn.com
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.12 go.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O1 - Hosts: 69.50.166.13 cracks.am
O1 - Hosts: 69.50.166.13 www.cracks.am
All 01s must be deleted even if they are different than the ones above
O2 - BHO: AddressBar Class - {1474CE44-8057-4AE3-8F3E-ED37C7C63D8A} - C:\WINDOWS\SYSTEM32\IASAD.DLL
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\SYSTEM\AZESEARCH2.OCX
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\system32\azesearch3.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasadm.dll
O3 - Toolbar: AZE Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -
C:\WINDOWS\SYSTEM\AZESEARCH2.OCX
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch3.ocx
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://www.azebar.com/install/azesearch.cab
Good Luck.........Jim
PREVENTION
Add all the CLSID Numbers above to your Custom Blocking on SpywareBlaster
http://www.javacoolsoftware.com/spywareblaster.html
To find Custom Blocking click the Tools Tab. Make sure the CLSID numbers are in between the parenthesis!
This is The Last Post in this thread. If you wish to post a log. Please start a new thread and post your log in the Log Section, thanks. Here is the link.
http://forums.designtechnica.com/forumdisplay.php?f=127
Also If you have any useful suggestions on this topic send a Private Message to nightowl or ECA and we can reopen the thread for you