1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't get rid of a pesky little piece of malware!!!

Discussion in 'BlackHat Lounge' started by dotcomdesigns, Jan 30, 2012.

  1. dotcomdesigns

    dotcomdesigns Power Member

    Joined:
    May 16, 2009
    Messages:
    673
    Likes Received:
    646
    Location:
    UK
    I've managed to pick up a piece of malware from somewhere. It's called startsear.ch

    It hijacks your browser, redirects to it's search page and pops up whenever you click in a search box on any website. I even get it here when I try to search. I don't think the threat is much unless you actually use it to search, which I don't.

    But I'd like to get rid of it. Anyone had it and removed it successfully? I've been trying all weekend! Here's a list I've tried to get rid of and all have not been able to find it:

    Malwarebytes - ran a deep scan that took 6 hours to complete
    Avast - doesn't find it
    S & D - never found it, found plenty of other crap though!
    Advanced system care - can't find it
    unhackme + regrun - this seems to be quite advanced but still doesn't find it
    I tried another and that didn't work, can't remember what it was now.

    I have Comodo Firewall and Avast but they let it through somehow. I've just read somewhere that you should open up regedit and do a find and replace. I've done this and found three files in the registry with startsear.ch in the name.

    HKEY_CURRENT_USER/software/AVAST Software/WRC/RatingStorage/startsear.ch

    Should I delete? I hate going in the registry :(
     
  2. proimage

    proimage Registered Member

    Joined:
    Aug 5, 2011
    Messages:
    62
    Likes Received:
    9
    Occupation:
    web developer
    Location:
    Atlanta
    Home Page:
  3. dotcomdesigns

    dotcomdesigns Power Member

    Joined:
    May 16, 2009
    Messages:
    673
    Likes Received:
    646
    Location:
    UK
    Thanks, but neither of those options worked :(
     
  4. dotcomdesigns

    dotcomdesigns Power Member

    Joined:
    May 16, 2009
    Messages:
    673
    Likes Received:
    646
    Location:
    UK
    BTW it comes with the vshare plugin I installed to watch soccer streams
     
  5. WizGizmo

    WizGizmo Super Moderator Staff Member Premium Member

    Joined:
    Mar 28, 2008
    Messages:
    3,835
    Likes Received:
    55,440
    Try the fully functional 30-day trial of Hitman Pro.

    It often finds Viruses, Trojans & Malware that other scanners miss.

    Good luck! :)

    "Wiz"
     
    • Thanks Thanks x 1
  6. justalady

    justalady Newbie

    Joined:
    Nov 30, 2010
    Messages:
    34
    Likes Received:
    12
    Try HitmanPro 3. They have a free trial. I had something similar and HitmanPro worked like a charm after doing everything there is to do.
     
  7. Crewchief007

    Crewchief007 Power Member

    Joined:
    May 27, 2009
    Messages:
    731
    Likes Received:
    525
    Gender:
    Male
    Occupation:
    Internet Marketer
    Location:
    Online
    These tech support dudes are awaiting to help you. Go to Tech Support

    Let the pros handle it and enjoy your day!!!
     
  8. ff1227

    ff1227 Junior Member

    Joined:
    Jan 31, 2011
    Messages:
    151
    Likes Received:
    82
    It's not "malware", it's just the shadiness of the people who make the vshare plugin. Uninstall vshare first and then change the default search engine back to Google or whatever you want.

    Code:
    http://www.searchenginejournal.com/change-your-default-search-engine-in-firefox-google-chrome-ie/24378/
    I had this piece of junk too before and couldn't figure it out until I realized it was vshare related.
     
  9. jdog37

    jdog37 Power Member

    Joined:
    Apr 3, 2009
    Messages:
    510
    Likes Received:
    569
    Occupation:
    unemployed electrician
    Location:
    virginia
    I'm not a computer whiz but did you try starting up in "safe" mode and run your scans? Did you start up in "safe" mode and try to do a system restore?

    I dont know what a vshare plugin is but I do know that revo uninstaller is good at deep cleaning any unwanted downloads out of your system (registry and all). It's free at cnet.
     
  10. dotcomdesigns

    dotcomdesigns Power Member

    Joined:
    May 16, 2009
    Messages:
    673
    Likes Received:
    646
    Location:
    UK
    I think I got rid of it. I just uninstalled the vshare plugin and that seems to have worked, although a lot of people have written that it didn't work for them. Thanks for all the help guys n gals!
     
  11. angelas111

    angelas111 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 4, 2009
    Messages:
    1,569
    Likes Received:
    1,016
    Location:
    ohio
    <offtopic> dotcomdesigns your avatar freaks me out...lol</offtopic>
     
  12. dmmer122

    dmmer122 Registered Member

    Joined:
    Apr 27, 2010
    Messages:
    60
    Likes Received:
    17
    Try hijackthis and look through the log for it.

    hxxp://free.antivirus.com/hijackthis/
     
  13. shubhamm

    shubhamm Junior Member

    Joined:
    Jan 25, 2010
    Messages:
    107
    Likes Received:
    25
    Occupation:
    Developer
    Location:
    BHW
    Did you tried to Remove the Reg Entry of this for From Startup .. ??