Thebestse.com spyware/browser hijack :: Removal instructions

Yer weccum, Jace. Now that you've got your 'puter back, why not stick around and enjoy yourself on our forums? You never know what you'll find around here; there's no other site on the web quite like it.

Oh, and just plain "timber" will do fine. I ain't real big on ceremony ... 'less there's money involved. Or maybe good whisky.

0 Replies

thank you!
I just wanted to say thanks for everyone's info. I got back from vacation and my boyfriend managed to acquire the stupid 'thebestse' crap. I took all of the advice for the other posters and managed to (hopefully) fix the problem. A friend of mine just spent $50 at Best Buy to fix the same problem on her computer - so, once again, thanks!

0 Replies

Thank you for taking the time to post such helpful advice.

It's very much appreciated!

-- e-logic

0 Replies

Hey everrybody

I'm infected with this !@# virus to, but when I run HijackThis I can't find:
04-HKLM\...\Run:[system32.dll] c:\windows\system\systeminit.exe
04-Global Startup sytem32.exe
04-Global Startup sytem32exe.pf
There's is nothing that starts with 01-Host:69.93.33.155
And I can't find sytem32.exe,sytem32exe.pf or systeminit.exe
The only thing I can find (both in c:\windows en c Smile

is sstyle.css

Help?

0 Replies

thedevineass wrote:

Hey everrybody

I'm infected with this !@# virus to, but when I run HijackThis I can't find:
04-HKLM\...\Run:[system32.dll] c:\windows\system\systeminit.exe
04-Global Startup sytem32.exe
04-Global Startup sytem32exe.pf
There's is nothing that starts with 01-Host:69.93.33.155
And I can't find sytem32.exe,sytem32exe.pf or systeminit.exe
The only thing I can find (both in c:\windows en c is sstyle.css

Help?

This was the same for me - I only had the sstyle.css, and none of the others.

However, if you look through the HijackThis log you should see an entry with an *.exe file named "system32dll.exe" or something similar.

You'll need to remove this file or the hijack will keep coming back.

I'm not a computer expert though, so please check with someone who knows 100% before deleting things with "dll" in the name 'cos if you get it wrong you'll be in trouble!

If you want to mail me your hijackThis log I can see which files I recognise from when I cleaned my machine - [email protected]

0 Replies

thedevineass, one of the more troublesome aspects of yuckware is that it morphs itself to make detection and removal more difficult. Tags, filenames, and other markers can and will change depending on the variant of the parasite (there are literally hundreds) and the software configuration of the infested machine. While the overall "Cure" proceedure remains consistent, the individual specific repairs frequently are different for each individual.

Get, install, then run CWShredder, then get, install, update, properly configure, and run both AdAware and SpyBot S&D, as detailed in This Thread and This Thread. As mentioned there, when you have done what is recommended, start a new topic, posting the entire log generated by HiJackThis following your having taken the recommended actions.

0 Replies

is this another version of this hijacker?
I was just wondering whether this scanthenet.com is another version of this hijacker. I have been trying to remove this from my computer for about a week now, without succes.

Thanks ahead.

0 Replies

It certainly is, TX_Eagle. Follow the steps outlined above to rid yourself of it.

0 Replies

thanks
Thank you very much, this fixed my problem.

0 Replies

Glad it worked, and thanks much for the feedback; that's very helpful. Now, be careful out there.

0 Replies

I don`t recommend (Ad-Aware) Ad-aware will install some others spywares silently. So change it to Spysweeper.

0 Replies

Exploitx wrote:

Ad-aware will install some others spywares silently.

This is simply not true. Ad-Aware simply has elements that some other scanners flag incorrectly.

If anything avoid the no-name and unknown brands like the one you recommended.

0 Replies

bro, don`t want to make a discussion about this section, and unknown brand Spysweeper?

Craven de Kere you can know very well some subjects but some other people knows more subjects than you Wink

(no offense because i admire your knowledge).

Anyways every decides
(sorry for my english)

0 Replies

Exploitx, its not just Craven who holds an opinion contrary to yours. I gotta wonder just what it is you know that the pros in the field don't; to my mind, the available evidence fails to support your assertion.

http://www.pcmag.com/images/pcm_header.gif

, in last April's Review of Spyware Removal Products, had this to say about SpySweeper:

PC Magazine wrote:

A recent entrant in the spyware removal field, Webroot Software's SpySweeper doesn't claim to do anything especially revolutionary, but it does claim to do everything we were looking for. It let us down, detecting only 7 out of 20 pieces of spyware and clashing with Norton AntiVirus.

We were glad to see a warning from SpySweeper that removing BrilliantDigital would cause Kazaa to fail. SpyBot issued a general warning that such things could happen, but only SpySweeper was so specific.

Troublingly, SpySweeper missed some well-known spyware applications, including Aureate/Radiate, eZula, and Web3000. Despite Webroot's claim to remove key loggers and Trojan horses, the product didn't remove NetObserve, WinWhatWhere, or NetBus.

As with BPS Spyware/Adware Remover and PestPatrol, Norton AntiVirus 2003 failed spectacularly following the spyware removal process, and on one of our test configurations the system became so unstable that it was unusable. Webroot confirmed the problem but couldn't explain it.

Of the nine products reviewed, SpySweeper placed dead last. SpyBot
S&D and AdAware, both free, were in the top spots, and scored even higher in User Opinion than in Editor Rating. Having tested SpySweeper myself, on several different machines, I found it essentially incompetent, and noted a number of compatibility/stability problems across an assortment of security software and operating systems. I think its junk. None the internet security and privacy forums, nor any of the similarly-themed Usenet news groups with which I am familiar support any different conclusion.

Perhaps the whole bunch of us, and our methods, might benefit from your insight and technical expertise. Could you share your credentials, and show us our errors? We're always willing to learn.

0 Replies

Re: Thebestse.com spyware/browser hijack :: Removal instruct

AlvinC wrote:

Wish I found your forum sooner because it took me a while to stumble through on my own the few steps you listed in getting rid of the that hijacker. Didn't find bestse.com but rather "www.motor-search.info" In addition, I found it inserted the hijacker in mplayer2.exe but the SFP log reported the invalid version was detected, put the bogus mplayer2.exe in Windows\System\sfp\archive, and restored the legitimate mplayer2.exe.

It also added a few links to IE Favorites - Viagara, sex, etc.

Although the Windows Media Player icon was still on desktop, the wmplayer.exe was gone - I'm guessing that's a tie-in to the bogus mplayer2.exe. However I just reran the Media Player setup and everything was fine.

I moved "systeminit.exe", the bogus "mplayer2.exe" and "sstyle.css" to another folder.

Ok I've had similar issues with this same thing except it was specifically for www.thebestse.com stuff (hence my adding it to the thread).

the current spybot and ad-aware programs deleted all the registry stuff and external files but i still had 4 undetected files that were infected (all with idenitcal file sizes):

wmplayer.exe - d:/Program Files/Windows Media Player/
wmplayer.exe - c:/Program Files/Windows Media Player/
sysdll32.exe - d:/ (can't remember the directory, probably the windows system directory)
mplayer2.exe - c:/Program Files/Windows Media Player/
(i run win2000 off my d:\ but have win 98 on my c:\ as a backup)

For some reason it never infected my d:\ 's mplayer2.exe

Anyways i did basically the same thing as Alvin.
Deleted the 4 files and then just ran the windows media setup to restore the original wmplayer.exe file for my d:\ .

0 Replies

hi i have this problem, the auto search msn page that usually comes up when you type a url in wrong has been hijacked by this site

http://s1di.d8t.biz/index.php?aid=20038

ive tried lots to get rid of it but it wont go away

0 Replies

Start a new thread and post a hijackthis log.

0 Replies

Hosts Hijack Removal
If all fail find system.exe in:
C/windows

Reboot to safe mod
delete system.exe
delete host in windows or system32 folder inside drivers folder inside etc folder
reboot / al is gone now
Very Happy

0 Replies

Just a personal opinion here, but my personal observation would be that the immediate above suggestion, from ThePasoMan, apart from being wholly ineffectual as a means of addressing yuckware, is in general very, very bad advice. Feel free to make your own decisions, though, and to accept the consequences thereof.

0 Replies

windows explorer and browser gets closed
hello,

When i was chatting an url came into my message automatically, unintentionally i clicked that url. Later when i restarted my machine i could not see the Task manager (shows as disabled) and any windows (windows explorer, browser ) gets closed immediately when open.

When i tried to install some antivirus softwares, could not do so as the windows are get closed.

Please post a solution,

thanks

Nagarajan

0 Replies

Thebestse.com spyware/browser hijack :: Removal instructions

Related Topics

Quick Links

My Account

able2know