TechSpot

Begin2Search disabling my internet explorer

By FLORIDA
May 23, 2006
Topic Status:
Not open for further replies.
  1. Hi Guys.

    Facts:

    1) When I double click on IE v6 I get a "Cannot find Server" and at the bottom of the page DNS Error. Called ISP who said there's not problem at their end and that the link to the internet was coming through.

    2) SPYCatcher alerted me to a Begin2Search virus on my system. This is what it stated in full:

    stopped spyware "begin to search" from running 11:11:43pm


    In the next box it states

    MORE INFORMATION

    File: C:\WINDOWS\SYSTEM32\wshtcpip.dll
    Application: Begin2Search
    Cateogory: Internet Explorer spyware


    3) In spycatcher I actioned to remove the virus which it stated it did; However, upon re-accessing IE I still got the "cannot find server" and DNS error issue.

    4) I ran SPYBOT and deleted all the virus or malcious linked messages including one that said something about IE override - whose full message I do not have.

    Anyways, I've got a HIJACK log of what it found - see below - can someone please have a look and possibly give me some instructions as what I should do to kill this nusiance:
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/...gen/default.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/...gen/default.htm

    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)

    O4 - Global Startup: Digital Line Detect.lnk = ?

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.

    The wshtcpip.dll is normally a Windows file(see below), this is probably a false positive with Spycatcher.

    File Name: wshtcpip.dll
    File Size: 19968 bytes (19 KB)
    Extended file information:
    File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Company Name: Microsoft Corporation
    File Description Windows Sockets Helper DLL
    Product Name Microsoft® Windows® Operating System
    OS info NT-Win32
    File Type DLL
    File SubType N/A


    Regards Howard :wave: :wave:
  3. FLORIDA

    FLORIDA Newcomer, in training Topic Starter

    Much appreciated Howard for the prompt reply. I'll let you know how I got on tomorrow, as I am at work at the moment.

    Many Thanks.
  4. FLORIDA

    FLORIDA Newcomer, in training Topic Starter

    Sorry about this Howard, but one last question.

    After HiJack has fixed the files ticked, do I then not delete those files ?
  5. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    In this particular case. NO.

    Regards Howard :)
  6. FLORIDA

    FLORIDA Newcomer, in training Topic Starter

    Thanks Matey.
  7. FLORIDA

    FLORIDA Newcomer, in training Topic Starter

    Howard, you ain't going to believe what happened. Oh, I am home now 23:08 pm in London - 23rd May.

    1) I carried out your instructions - nothing happened; Still could not access internet explorer. Same old cannot find server..etc...etc.

    2) I opened Spycatcher, and still saw the "Begin2Search" file with Remove next to it. And then I'm thinking '..this Anti-virus software states its removed, but for some reason I'm still getting the problem.......................................... SOLUTION = UNINSTALL SPYCATCHER.

    Der der !!!! The virus has gone. Windows has automatically lifted the firewalls again and I am now accessing your web page through my new internet access, MOZILLA FIREFOX.

    And the beauty about Firefox is that I can maintain the speed at which I can access various websites whilst having Spycatcher on in the background - before, IEv6 was a hard slog moving in and out of different websites with spycatcher on, and even when I shut it down !! Crazy I tell yerr!!

    I am so greatful for your help, but you might want to test out what I said about spycatcher i.e, once it has captured the virus, change action from 'ask' to 'remove' then uninstall SPYCATCHER to completely remove the virus. You can always download spycatcher again.

    Have a nice day ......
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Thanks very much for your feedback, it`s most useful.

    Spycatcher obviously has some problems and needs to be uninstalled as you said.

    Regards Howard :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.