Can't get rid of Shopnav and 2020Search.....Please Help!!!!!

OK, this is what I recommend; you can try this or wait to see if someone else has an easier plan for you to follow.

1) Turn On the XP Firewall,

2) Verify All Windows Updates Are Current

3) Disable System Restore. Note: You will lose all your previous restore points.

4) Configure Explorer to Search Hidden Files and Folders

5) Download, to a folder of its own on your C drive, CoolWebShredder. The version should show as 1.59.0 or later. Just download it, don't run it yet. To create a folder on your hard drive, right-click "My Computer", Select "Open", then find, select and open the folder for your C: drive, and from the toolbar in that folder, Select "File", then select "New", then click "Folder". When "New Folder" appears, give it a name you will recognize.

6) Into yet another folder on your C drive, download AdAware Basic. Before opening and installing AdAware, see: How to update AdAware and AdAware Full Scan Instructions.. Open, install, update, and configure AdAware, but don't run it yet.

7) If your version of Spybot IS NOT Version 1.3, uninstall your older version using Add/Install Programs and delete the old Spybot folder from your C:\ Programs file, then create one more folder, and download into it Spybot S&D Version 1.3.

If you haven't done so before, READ THE FAQ. When you have read the FAQ, install the Version 1.3 if necessary, then UPDATE IT. There may or may not be any updates available, but always check for them before running the program.

8) Disconnect from the internet. DO NOT RECONNECT TO THE INTERNET UNTILL ALL THE FOLLOWING HAVE BEEN DONE.

9) Navigate to C:\WINDOWS\system32\drivers\etc, and rename any file there which is named simply "HOST", "HOSTS", "host", or "hosts", with no prefix, suffix, or other characters, by appending the suffix ".old" to it. When done, exit back to your desktop.

10) Click Start > Control Panel > Add/Remove Programs, and if found there, uninstall anything named or closely resembling "ShopNav" and/or "2020Search". There may or may not be uninstall entries for them, but check, and if possible, uninstall them.

11) Move HijackThis to a folder of its own on your C drive. Drag HiJackThis into that folder. Close any open browsers, other windows or folders, and exit all running apps, then launch and run HJT, and have it fix:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} - C:\PROGRA~1\Srng\SNHelper.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [vhagnjlm] C:\WINDOWS\System32\zgzsupv.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe

When done, close HJT and reboot.

12) Click Start > Run (the Run dialog box will pop up). Type, or copy and paste, the following text (Note: If you type the text rather than copy-and-pasting it, be certain type it exactly as shown and that you include the spaces and the quotes; notice there is a space both immediately before and immediately following "/u"):

regsvr32 /u "C:\Program Files\Srng\SearchHook.dll"

then click OK. After a few moments (it might take several seconds), you should see one of the following messages:

"Load Library Failed, <filename>.dll was not registered"

"Load Library Succeeded"

Either way, click OK.

Repeat the procedure "Start > Run" twice more, substituting the following commands in turn,

Regsvr32 /u "C:\Program Files\Srng\IEHelper.dll"

Regsvr32 /u "C:\Program Files\Srng\SNHelper.dll"

13) When finished, again click Start > Run. Type into the dialog box, without the quotes, "regedit", Then click OK. The Registry Editor will open. Note: Before doing anything in Registry, it is strongly recommended to Perform a Registry Backup

DO NOT guess at this; Delete ONLY the EXACT Keys shown below, if they are present. If they are not there, DON'T DO ANYTHING to The Registry

Now, navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run In the right pane, delete the value: srng, if it exists.

Next, navigate to HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ and, if found, delete:

HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser \ {4E1075F4-EEC4-4A86-ADD7-CD5F52858C31}, if it exists.

Note: If you have more than one user configured, you likely will have to redo this step for each user

Now navigate to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar \ {4E1075F4-EEC4-4a86-ADD7-CD5F52858C31}, and delete it if it exists.

Finally, navigate to HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {4E1075F4-EEC4-4a86-ADD7-CD5F52858C31}, and delete it if it exists.

Exit from the Registry Editor back to your Desktop.

14) Now individually search for and delete, if found (some, all, or any of them may or may not be there ... but look for them to be sure), any files or folders named Shopnav, 2020search, Snrg, vhagnjlm, zgzsupv, and/or wdskctl, then empty your recycle bin. When done, reboot.


15) Though not connected to the internet, open a browser window. Disregard any "Cannot Display Page" message, and select "Work Off Line" if the connection dialog box pops up. From your browser's tool bar, select Tools > Internet Options and, on the General Tab, delete all cookies and files, including all offline content, close the browser, then empty your Recycle Bin.

16) Reboot into Safe Mode

17) Find, open and run CWShredder, selecting "Fix". When it has completed, empty your Recycle Bin again. Reboot back into safemode.

18) While in Safe Mode, launch Spybot, then select "Immunize", and then select "Install" in the panel beneath, titled "Permanently Running bad download blocker for Internet Explorer. Do not check any of the boxes in the lower panel (Recommended miscellaneous protection") at this time. Select "Search for problems", and, when the process has completed, let it fix everything it has found. It may ask you if it can run again at next boot to finish repairing problems; if it does, allow it do so, reboot, again into safemode, and let it run and fix whatever it finds. When it has completed, one way or the other, run it one more time and allow it to fix whatever if anything it finds.

19) When done, reboot again into Safe Mode, launch AdAware, and let it fix what ever, if anything, it finds. Should it ask permission to run at next boot, grant it and reboot into Safe Mode once again. In any event, run it one more time in Safe Mode. When done, empty your recycle bin. While still in Safe Mode, this would be a good time to defragment your machine, but that's up to you. I recommend strongly you do so.

20) Now reboot normally, and with no other browsers or apps open, run HJT again, and save the log, naming it something like "1st Log". Reconnect to the internet and surf for a while, noting what happens. Whether or not you still have problems, after a while, run HiJack this one more time, and save the log as something like "2cnd Log". Finally, please return to this thread, and post the two logs here, clearly labled as to which is which.

Can't get rid of Shopnav and 2020Search.......Please Help!!!
Thank you for the reply. I will wait a little while to see if anyone has an easier solution. If not I will give this a try. I'll let you know how it works out.

Thank you,
Mary

Even i'm confused, will post back sensible GMT

Why fix:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 ????????????????????????

There's no place like home.

In fact, what is all that copy/paste stuff all about? Can you explain it step by step please? Or even one step and i'll gladly step aside...



Why????

Why????

I don't know where where you're plagiarising from but it can be confusing and dangerous.


makinmecrazy. I'm on GMT, so i'll reply later on........

Well, Nirvana, since you ask, a screwed up Hosts file can make things pretty difficult. Removing it from the equation frequently simplifies things. When Spybot is installed and further configured, it will be set to creat its own HOSTS file. ... no harm done, some good possible.

The regsvr32 and regedit steps stop ShopNav and permit the removal of the .dlls and the registry keys.

Generally, where I get that sort of notion from is via infecting one of my own machines with the subject hijacker, then noting the changes the yuckware made, if you're curious. I suppose you could say I'm plagiarizing my own registry and file-tracking software.

No need for you to step aside ... go ahead and list out your recommendation. This isn't a contest.

timberlandko, I bow down in apology. My only excuse is my inebriation! Peace!

:cool: