PDA

View Full Version : Help with annoying page



Mr Wetzyl
14-04-2010, 08:02 PM
Hi there this page seems to pop up sometimes when I click on certain links.
It is like google homepage. Its called gsearch.
Pic here: http://www.imagef1.net.nz/files/gsearch.png
How do I remove it from ever loading again? The site is http://www.searchregard.com/
TIA

nofam
14-04-2010, 08:17 PM
Post a Hijackthis log here for us to have a look at.

bevy121
14-04-2010, 11:30 PM
download and try these - mbam will probably get it first, but run sas just to make sure :)



http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
http://www.superantispyware.com/ - SuperAntispyware

dont know if it's "legit" or not, but it looks strange...

====================




The site is using the nginx web server. The programming language used on the site is PHP. The site was launched on Tuesday, March 9, 2010. The server is located on the AS NETDIRECT Frankfurt, DE network. Searchregard.com is using Google Analytics for statistics.

Launch (first date w/ traffic): 2010-03-09 (Tuesday)

Domains using the same Analytics account as searchregard.com

* Traffic rank 133003. searchregard.com
* Traffic rank 134963. searchregard.net
* Traffic rank 139212. mainwebsearch.com
* Traffic rank 139322. websearchadvice.com
* Traffic rank 157227. smartwebsearch.net
* Traffic rank 266027. slysearch.net
* Traffic rank 451514. savetubevideo.com
* Traffic rank 474204. google-feed.net
* Traffic rank 512537. veerboo.com
* Traffic rank 756735. googlebreak.com
* Traffic rank 937175. skywebsearch.com

Domains hosted on the same IP-address as searchregard.com (188.72.202.152)

* Traffic rank 58192. softwarecash.net
* Traffic rank 133003. searchregard.com
* Traffic rank 134963. searchregard.net
* Traffic rank 139212. mainwebsearch.com
* Traffic rank 139322. websearchadvice.com
* Traffic rank 157227. smartwebsearch.net
* Traffic rank 194194. syncdirectory.com
* Traffic rank 451514. savetubevideo.com
* Traffic rank 512537. veerboo.com
* Traffic rank 926439. bluraydvddecrypter.com

bevy121
14-04-2010, 11:56 PM
yep, they are all browser hijackers - here's info on google-feed.net that has been around a little longer than the few weeks that a lot of those others have - thats why there's not much info on searchregard and others yet

http://scanforfree.com/76/google-feed-net-removal.html


Registrant:
Berman, Artem
Geroev Stalingrada 19B/21
null
Kyiv, NA 04210
UA

Domain Name: GOOGLE-FEED.NET

Administrative Contact, Technical Contact:
Berman, Artem
Geroev Stalingrada 19B/21
null
Kyiv, NA 04210
UA
3804148717 fax: null

Record expires on 10-Sep-2010.
Record created on 10-Sep-2009.

Domain servers in listed order:

NS31.WORLDNIC.COM 205.178.190.16
NS32.WORLDNIC.COM 206.188.198.16


* "Berman, Artem" owns about 29 other domains View these domains >
* is a contact on the whois record of 45 domains
* 1 registrar has maintained records for this domain since 2009-09-10
* This domain has changed name servers 1 time over 1 year.
* Hosted on 5 IP addresses over 1 years.
* View 62 ownership records archived since 2009-09-11 .
* Wiki article on Google-feed.net
* 20 other web sites are hosted on this server.

2010antispyware.com 2010-01-15 AntiSpyware 2010. Downloa... Whois
antitoolbar.com 2010-01-14 Anti toolbar. Remove tool... Whois
dailymotion-downloader.co... 2009-12-28 403 Forbidden Whois
downloadbreak.com 2009-12-28 Break Downloader - Downlo... Whois
downloadmetacafe.com 2010-01-06 403 Forbidden Whois
freevideodownloader.net 2009-12-28 403 Forbidden Whois
freeyoutubevideodownloade... 2009-12-28 Free Youtube Video Downlo... Whois
google-feed.net 2010-04-14 Custom search Whois
gooogler.net 2010-01-21 403 Forbidden Whois
okitalkie.com 2010-01-12 Video - Video-title Whois
porn-downloader.com 2010-01-06 403 Forbidden Whois
pornhubdownloader.com 2010-01-06 403 Forbidden Whois
redtube-downloader.net 2010-01-06 403 Forbidden Whois
skywebsearch.com 2010-03-03 Custom search Whois
xhamsterdownloader.com 2010-01-07 403 Forbidden Whois
xnxxdownloader.com 2010-01-07 403 Forbidden Whois
youporndownloader.com 2010-01-07 403 Forbidden Whois

Mr Wetzyl
15-04-2010, 07:31 PM
Thanx for the info bevy. I am doing afull scan now using malwarebytes

Speedy Gonzales
15-04-2010, 08:12 PM
Post a HJT log as well