I did everything you both suggested, with no new results.
When I go to a page that does not exist, i see it trying to go to the correct microsoft search page for a second or two, then it says it’s going to about:blank, and then the linklist page pops up again.
I found hosts and lmhosts.sam in the system32/drivers/etc folder, both had no entries in them. (I did find a hosts.bak that had some entries to various malicious hosts but i’m sure this was created by one of the programs i’ve been using to clear this stuff up).
Is there any other way that a browser can be tricked into redirecting somewhere else? Because as far as I can tell it’s not a problem of not knowing what search page to use, it just the real search page is somehow resolving to linklist.
Thanks for all your help so far, i’ve gotten rid of a good deal of stuff and this is not the end of the world, but if i’m having the problem i’m sure many others are as well!
ps: Cwshredder just brought out a new version, maybe this will work ?
but afaik, they are still working on the linklist.cc problem themselves, so don’t lose hope
I’ve had problems with linklist.cc continually grabbing my home page, no matter how often I set it where I want.
Now, the sob has glommed on to my email reply, with the whole search page sort of attached to the message. What a pain. Using a brand new xp, will try the msconfig.
hi, i need helpwith my computer…i just recently got rid of the linklist.cc thing that changes your homepage…now when i try to access altavista.com, it redirects me to this thing called BEST WEB SEARCH. what can i do to get rid of this? i downloaded spybot s&d and it stopped it from redirecting me on msn and google but now altavista is screwed up. anythingwill help…Thanks
Is your Spybot/Adawrare up to date? Create a Hijackthis log and see if there is something displayed starting with “O1”, if so fix it, if not, please post your log to the forum.
my spybot should be up to date, i just downloaded it yesterday. how do i create a Hijackthis log? sorry i dont really know a whole lot about computers.
i fixed the ones you have listed here but it still doesnt let me get onto altavista, what can i do? i dont know why there is a TEMP-folder in the autostart…what should i do about that?
sorry, it did fix everything. i just had to clear my history and all for it to take effect. Thanks a lot for the help…i really appreciate it! What can i do about the Temp-folder thats in my autostart? Thanks again.
Here is another log file…
i already delete the DLL and change all rer key, but this shit still there…
Logfile of HijackThis v1.97.7
Scan saved at 22:12:56, on 07/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Haha… i got rid of this fucking problem.
I had both linklist.cc and searchx.cc
What to do?
download this HijackThis: http://tomcoyote.com/hjt/
Run the exe file
Click the “Scan” button
Now you’ll see a list of items that are infected
Go through the whole list and delete each file in the specified location (Info on selected item)
When you delete all those items it will be removed.
I’m having a similar problem as the above… I had everything cleaned but this has just started and I can’t get the registry keys to stay deleted, as soon as i open the browser they appear again and there is a search page even though it says about:blank in the address.
Logfile of HijackThis v1.97.7
Scan saved at 1:18:47 PM, on 4/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Gunnerpunk, I’ve been researching this for the past couple of days, and have been unable to remove it from my machine! The newest (I think built yesterday) version of CWShredder can identify and remove this, but it seems to somehow still re-install itself on reboot. CWShredder classifies this as CWS.SearchX – the search page that comes up is SearchX, right?
That “kemffdf.dll” stuff in your HJT log is the problem, and the filename for the dll is randomly generated every time the thing re-installs itself.
I found a fix for this. In the System 32 folder (or just run a search), there is a Sys.reg file that contains urls like http://%73%6C%74%73%79%79%2E%74%2E%72%61%63%6B%2E%63%63/%68%70%2E%70%68%70. Delete this and uncheck the regedit -s sys.reg in MSCONFIG. This gets rid of the unwanted bug.
From windows, click Start, then Run and type msconfig. When msconfig opens, click the Startup Tab and look for any program that is set to run at startup that may be unknoown and causing this problem.
Having identified it untick the box to the left of the suspect program (if there is more than one don’t go mad only do one at a time), run cwshredder again and reboot.