Begin2Search disabling my internet explorer

[FLORIDA]

Hi Guys.

Facts:

1) When I double click on IE v6 I get a "Cannot find Server" and at the bottom of the page DNS Error. Called ISP who said there's not problem at their end and that the link to the internet was coming through.

2) SPYCatcher alerted me to a Begin2Search virus on my system. This is what it stated in full:

stopped spyware "begin to search" from running 11:11:43pm


In the next box it states

MORE INFORMATION

File: C:\WINDOWS\SYSTEM32\wshtcpip.dll
Application: Begin2Search
Cateogory: Internet Explorer spyware

3) In spycatcher I actioned to remove the virus which it stated it did; However, upon re-accessing IE I still got the "cannot find server" and DNS error issue.

4) I ran SPYBOT and deleted all the virus or malcious linked messages including one that said something about IE override - whose full message I do not have.

Anyways, I've got a HIJACK log of what it found - see below - can someone please have a look and possibly give me some instructions as what I should do to kill this nusiance:

 

[howard_hopkinso]

Hello and welcome to Techspot.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/...gen/default.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/...gen/default.htm

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)

O4 - Global Startup: Digital Line Detect.lnk = ?

Click on the fix checked button.

Close HJT.

Reboot into normal mode and turn system restore back on.

The wshtcpip.dll is normally a Windows file(see below), this is probably a false positive with Spycatcher.

File Name: wshtcpip.dll
File Size: 19968 bytes (19 KB)
Extended file information:
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company Name: Microsoft Corporation
File Description Windows Sockets Helper DLL
Product Name Microsoft® Windows® Operating System
OS info NT-Win32
File Type DLL
File SubType N/A


Regards Howard :wave: :wave:

 

[FLORIDA]

Much appreciated Howard for the prompt reply. I'll let you know how I got on tomorrow, as I am at work at the moment.

Many Thanks.

 

[FLORIDA]

Sorry about this Howard, but one last question.

After HiJack has fixed the files ticked, do I then not delete those files ?

 

[howard_hopkinso]

Sorry about this Howard, but one last question.

After HiJack has fixed the files ticked, do I then not delete those files ?

In this particular case. NO.

Regards Howard

 

[FLORIDA]

Thanks Matey.

 

[FLORIDA]

Howard, you ain't going to believe what happened. Oh, I am home now 23:08 pm in London - 23rd May.

1) I carried out your instructions - nothing happened; Still could not access internet explorer. Same old cannot find server..etc...etc.

2) I opened Spycatcher, and still saw the "Begin2Search" file with Remove next to it. And then I'm thinking '..this Anti-virus software states its removed, but for some reason I'm still getting the problem.......................................... SOLUTION = UNINSTALL SPYCATCHER.

Der der !!!! The virus has gone. Windows has automatically lifted the firewalls again and I am now accessing your web page through my new internet access, MOZILLA FIREFOX.

And the beauty about Firefox is that I can maintain the speed at which I can access various websites whilst having Spycatcher on in the background - before, IEv6 was a hard slog moving in and out of different websites with spycatcher on, and even when I shut it down !! Crazy I tell yerr!!

I am so greatful for your help, but you might want to test out what I said about spycatcher i.e, once it has captured the virus, change action from 'ask' to 'remove' then uninstall SPYCATCHER to completely remove the virus. You can always download spycatcher again.

Have a nice day ......

 

[howard_hopkinso]

Thanks very much for your feedback, it`s most useful.

Spycatcher obviously has some problems and needs to be uninstalled as you said.

Regards Howard