Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    New ErrTraffic service enables ClickFix attacks via fake browser glitches

Featured Deal: This PDF editor alternative is only $40 for a lifetime subscription

Latest Buyer's Guide:     Best VPNs in 2025

Generic User Avatar

How To Remove The Search-paga.com / Xp_system

Started by Grinler , Mar 09 2005 04:05 PM

  • Please log in to reply
No replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Avatar image
  • Admin
  • 45,363 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:USA
  • Local time:02:31 AM

Posted 09 March 2005 - 04:05 PM


How to remove the Search-paga.com / xp_system Adware
What this program does: Delivers popups to your computer and hijacks Internet Explorer to www.search-paga.com.
Tools Needed for this fix: Related Tutorials: Symptoms in a HijackThis Log (Maybe different entries but will contain the same domains and hostnames):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:://www.search-paga.com/10039/
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inetdata\2.00.00.dll
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O16 - DPF: {430BF633-8D63-4891-E908-34D11DB86CE4} - http:://69.50.182.94/1/rdgUS994.exe

Removal Instructions:
  1. Download HijackThis from the above link and extract it to c:\hijackthis.

  2. Print out these instructions.

  3. Close Internet Explorer and keep it closed throughout the entire removal process.

  4. Navigate to the c:\hijackthis directory and double-click on HijackThis

  5. When the program starts, click on the None of the above, just start the program button.

  6. Then click on the Config button, followed by the Misc Tools button, and finally the Open Process Manager button.

  7. When the Process Manager opens up, look for any processes that are located in c:\windows\inetdata or c:\winnt\inetdata. Click once on the process that starts with that path, and press the Kill Process button. If there are more than one process running with that path, then while holding down the control key on your keyboard, click on each of these processes until all the ones that we need to end are all highlighted. Then proceed with clicking on the Kill Process button.

  8. Put a checkmark next to the following entries if they exist:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:://www.search-paga.com/10039/
    F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
    O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inetdata\2.00.00.dll
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
    O16 - DPF: {430BF633-8D63-4891-E908-34D11DB86CE4} - http:://69.50.182.94/1/rdgUS994.exe

  9. Then click the Fix button

  10. Exit HijackThis.

  11. Reboot your computer

  12. Delete the following directories if they exist (substituting c:\windows for yourWindows directory):

    c:\windows\inetdata\services.exe
    c:\windows\inetdata\explorer.exe
    c:\windows\inetdata\winlogon.exe
    c:\windows\inetdata\2.00.00.dll
    c:\windows\inetdata\cron.ini
    c:\windows\inetdata
    c:\windows\\tasks\sa.dat

  13. Reboot your computer

  14. If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore Windows XP System Restore Guide

  15. Follow the steps found in this tutorial:

    Simple and easy ways to keep your computer safe and secure on the Internet
Now your computer should no longer be infected with Search-paga.com Adware. It may be possible that you still have some spyware or malware installed on your computer. If you feel this is the case, follow the instructions below to post a HijackThis log and someone will help you to remove the rest.

This is a self-help guide. Use at your own risk.

BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.

If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.

Lawrence Abrams

Join our Official Discord Chat Server!

Follow us on Twitter!
Follow us on Facebook

BC AdBot (Login to Remove)

 

Back to Spyware and Malware Removal Guides Archive


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Am I infected? What do I do?
  4. Spyware and Malware Removal Guides Archive
  5. Privacy Policy
  6. Rules ·