I have this entry: O4 – HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
It makes rundll32.exe “look and run” this dll at windows startup. This my web search bar was malicious and so I deleted it. Then I came into hijackthis to complete the removal and it won’t remove. It also gives me a weird error message on start up that won’t go away. How do I remove this?!
This problem is pretty simple and can be fixed with a couple tools and built in features of Windows. HijackThis cannot completely remove it on its own as the infection has some files stored in a folder on your computer that keep it coming back. Try the proposed fix below and you should be free of the error message and infection soon!
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present): MyWebSearch, MyWebSA or MyWebs*
Next,
Please set your system to show all files; please see here if you’re unsure how to do this.
Please delete these folders (if present) using Windows Explorer:
C:\PROGRA~1\MYWEBS~1\
You can reopen HijackThis and remove the O4 – HKLM\..\Run: [MY WEB SEARCH BAR] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S key and then run a program like CCleaner.
I recommend after you do this, do a scan with Malwarebytes’ Anti-Malware .
- Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected. <– very important
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. (You may need this for a later post on the forums!)
Reboot and you should be free of this infection and should not see any error message at startup!
Support Forums
Loading ...Recent Forum Posts
- Infection Removal - USB drivers - XP SP upd... posted 19 minutes ago, with 24 replies.
- Outlook Cache Mode posted 38 minutes ago, with 6 replies.
- Want to delete? posted 45 minutes ago, with 1 replies.
- outdated posted 1 minute ago, with 2 replies.
- Packet loss (No help from other such topics... posted 21 minutes ago, with 5 replies.
- http://error404.index.com or http://error40... posted 32 minutes ago, with 7 replies.
- Forum Homepage posted 52 minutes ago, with 26 replies.
Recent Comments
- Caerlleon: This is definately something I'm going
- j.a.hill: cannot import dvd
- little miss rockstar: I just found this blog, I
- jonesey: Thanks......that little bugger drove me nuts.
- jdmw: How do I retrieve files from
- nclavendersky: Had the very same problem, after
- Fred: Thanks, it worked! I had already
- taylor: Oh man this is exactly what
- Sandy: Hi.....thanks so much for the help.
- RandomUser: I happen to have a very
Recent Popularity
- How to Remove Security Tool
- How to Transfer Files to a Windows 7 Computer
- End of the MacBook Experience: Final Thoughts
- How to Remove AntiVirus System Pro
- How to Use the Windows 7 Upgrade Advisor
- How to use a USB Key as a Laptop Alarm
- The Hidden Costs When Buying a New TV
- Weekly Thoughts: Wow, Text Much? Surprising SMS Facts.
- Windows 7 Launch: Why is Windows 7 so Great?
- How to Setup an Email Account on a Blackberry
One Response
Redshifter
August 3rd, 2009 at 3:59 pm
1For Mac users, its a bit easier. I have put the solution in this blog entry:
http://redshifter.blogspot.com/2009/08/mywebsearch-hijacked-firefox-on-mac.html
Hope Mac users can benefit from this.
RSS feed for comments on this post
Leave a reply